Richard Lynch wrote:
On Mon, May 15, 2006 1:58 am, Jason Wong wrote:
2) the uploaded file is a "script" (perl/php/python/etc)
In the case of (2), if the script relies on its shebang line to
execute
Not necessarily -- What if I upload an "image" file named
"badscript.php" and then I surf to it, after it's in your /images
directory?
Couldn't you just use the apache directory option to make sure that php
can't be executed from the /images directory... wonder if that is possible.
Cheers
Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
