Page 2 of 2 First 12
  • Jump to page:
    #16
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by Jacques1
    Sorry, but I'd like to keep a little bit of privacy, so I won't post anything related to my name.

    Good point Jacques1;

    Would you please explain why some members say that while some members share profile, resume and even discuss their publications etc.

    Ps you have uploaded pictures of your face, not much for privacy

    Comments on this post

    • paulh1983 agrees : lol how naive
  2. #17
  3. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,947
    Rep Power
    4033
    Originally Posted by English Breakfast Tea
    Would you please explain why some members say that while some members share profile, resume and even discuss their publications etc.
    Because some members want their privacy and others want attention and/or job opportunities. Everyone has their own goals/motives regarding their posts on the forums.

    Ps you have uploaded pictures of your face, not much for privacy
    That is not his face.
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  4. #18
  5. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Great
  6. #19
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by English Breakfast Tea
    1 - Would this be a good idea to validate and make sure that uploaded file is an image:

    PHP Code:
    if(getimagesize($_FILES['file']['tmp_name']))
        {
            echo 
    "Image";
        } 
    2 - Do I have to check an element of the array (width for example)?

    3 - Do I have to wait for file to be uploaded to the server then check the uploaded file and not on "temp"?

    Thanks
    maybe is your pictures form is incorrect,or your computer met some trouble at that time.
  8. #20
  9. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Originally Posted by Jacques1
    What we do is make sure that the image actually gets treated as an image and not code. The most foolproof and secure way of doing this is the one I described above.
    Or just make sure Apache is configured correctly. If you can't trust your webserver configuration then you're in a bad spot no matter what you do in PHP. Not to mention the same file that would tell Apache to execute the .jpg extension as PHP is the same file that would tell Apache to execute .php as PHP. If that file is compromised then your webserver could well be showing your PHP code to the world as plain text.

    Another reason to think in this direction is that if you ever want to improve performance of your site by offloading static images to a CDN, it'll be a lot easier to change your image paths than it will be to remove a custom delivery middleware.
    Last edited by dmittner; September 23rd, 2013 at 12:40 PM.
    LinkedIn: Dave Mittner
  10. #21
  11. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    4
    Rep Power
    0
    Example #1 is_uploaded_file() example
    [code]
    <?php

    if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
    echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
    echo "Displaying contents\n";
    readfile($_FILES['userfile']['tmp_name']);
    } else {
    echo "Possible file upload attack: ";
    echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";
    }

    ?>
  12. #22
  13. Web Developer/Musician
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2004
    Location
    Tennessee Mountains
    Posts
    2,408
    Rep Power
    1031
    Originally Posted by English Breakfast Tea
    Does everyone (Requnix, Kicken, Dan, E-oreo, Northie, Jesus,...) really do all that (or something like that) when making an image upload?
    I do, but as has been already mentioned the file extension is the crucial part. So long as the only thing loading the file once it is on your server is software you control, if the file is treated as an image by everything that touches that file no code within it will be executed. It is only when you allow outside access to that file that it may get loaded as something other than an image. It's also not a good idea to do uploads on a site which is on shared hosting because then you have to worry about people with other sites on the same machine accessing your files.
  14. #23
  15. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    Originally Posted by English Breakfast Tea
    Does everyone (Requnix, Kicken, Dan, E-oreo, Northie, Jesus,...) really do all that (or something like that) when making an image upload?
    Yes

    Not only does it go some way to prevent the security concerns, it also allows full user privilege/permission access as the php script which collects the content of the file from its (non-web-accessible) location on the server and serves it over http has access to the session and any current user it may find in there

    In fact, for one of my larger apps the non-web-accessible location is actually on a completely separate private server cluster with no external IP address
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo