You are not logged in. Please login or register.
PunBB Forums → Posts by sync
Pages 1
Thanks for the replys again. I'll roll mainly with images, so i think i'll compare the filenames (with NULLs stripped off) extension to array containing valid extensions.
I noticed from php.net that $_FILES[name]['type'] is information that web browser sends, so i think i shouldn't rely on that. But when handling images i maybe check the image type with getimagesize(), and if it doesn't return the file as an image, i'll reject the file. Does that make any sense to you guys?
Thanks for the great answers.
Does it mean that if i let users upload something to the server and let them give the path name where their file goes, that i have to always check possible NULL byte from the given path name?
How about the filenames, if i let users upload for example images, do i need to check for the image names if they contains NULL byte?
PS. I'm using php to handle the fileuploads.
Regards
Hey,
I have a question about this "NULL byte" thing, what it is actually? It somehow allows sql injection?
Does it affect other programming languages than php as well?
Laters
Pages 1
PunBB Forums → Posts by sync
Powered by PunBB, supported by Informer Technologies, Inc.