Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in Help, Suggestions, Bug Reports. |
User | Post |
mvent2 Posts: 50/76 |
It all depends what kind of header is sent to the client. For example, you can make a PHP script but if you put:
header("Content-type: image/png"); The browser will read it as if it was a .png file. In non-PHP files, I have no idea what determines the MIME type of a file. It isn't the extension, I don't think. |
Xkeeper Posts: 1210/5653 |
Originally posted by GavinWouldn't MIME types still be different even if you changed the file extension? |
Gavin Posts: 110/181 |
Originally posted by Xkeeper MIME types can be spoofed, but it requires someone to actually know what they are doing versus just changing a file extension, which even people at this board might be capable of doing. |
Xkeeper Posts: 1179/5653 |
Also: I think I've said I wasn't done with attachments several times already. |
Xkeeper Posts: 1178/5653 |
Gavin: Yes, however, MIME types can also be spoofed.
I base it on the fact extensions are usually what the server reads (i.e., it won't parse a txt just because it has <?php in it)... |
HyperHacker Posts: 982/5072 |
Speaking of files, you can't attatch one when creating a thread. Nor can you edit them when editing a post.
Test [edit] Either that file I just uploaded is really popular, or the counter's wrong. It apparently got 18 hits in the time between me uploading it (and viewing it once to test) and editing my post. [edit 2] Hah, I think I know what's up with the download counter. I noticed Winamp's been flickering back and forth between "[Connecting] http://board.acmlm.org/download.php?id=47" and "Connection error" for some time now. Whoops. |
Gavin Posts: 109/181 |
I noticed the new board logo with some of the code you're using to get file extensions:
I was curious what exactly the file extension is used for, and if it is for checking file type? Might be, might not be. And I'm not sure how relevant it is for this case, but if you are using it for file type restrictions I just thought I would recommend that in the future, the current method is kind of a no-no. You're going to want to use MIME magic, because checking for file type by extension is easily spoofed. Specifically, mime_content_type();. This prevents simple file name change subversion. |