At 1:55 PM +1100 12/17/08, Tim Starling wrote:
There are some file types, such as .png and .wav, where that approach is
not at all secure. The file command will tell you that the file is
image/png, but IE 6 will detect it as text/html and run scripts in it.
Oh, I see the problem (I think).
I was thinking it was a server-side problem -- IOW, how do you stop
someone from uploading a clever script that the server will somehow
run.
But instead, this is how to stop someone from uploading a script that
will become evil when someone else views it using IE. Is that it?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
