Rory Browne wrote:
http://uk.php.net/manual/en/function.mime-content-type.php
Is this to protect against somebody trying to pass an mp3 off as a PDF, or
to stop people mistakenly uploading PDF's. If it's the latter, then mime
functions are probably okay. If the former, then you may want something a
little more through.
snip
(or other versions - perhaps just verify the first 4 chars.
You can do this with a simple
snip
This is very simple.
And very insecure. All it takes is a cat and echo to disguise a file as a
PDF, and a quick 'dd skip' to Undisguise it.
Absolutely! Incredibly insecure! :)
But again as you stated yourself, if it's just to help users rather than
preventing unotherised content, then either way would work most of the
time. It would be fairly trivial to write a valid PDF that was actually
an MP3 encoded specially, a few pages or so of base64 would do!!
Col.
Col.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
