Is php fileinfo sufficient to prevent upload of malicious files?
Posted
by Scarface
on Stack Overflow
See other posts from Stack Overflow
or by Scarface
Published on 2010-04-01T15:25:43Z
Indexed on
2010/04/01
15:33 UTC
Read the original article
Hit count: 287
Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.
© Stack Overflow or respective owner