I mean, if you already specified it as a PNG image with header(), how do you execute Javascript/malicious code, as the browser will render it as a PNG?
Malicious code can still be embedded in images. The vulnerabilities ISTR are in Windows image handling libraries. I assume they've been fixed now though because it was some time ago. But that doesn't mean to say more won't be found.
-- Richard Heyes +----------------------------------------+ | Access SSH with a Windows mapped drive | | http://www.phpguru.org/sftpdrive | +----------------------------------------+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
