Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in Help, Suggestions, Bug Reports. |
Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - upload file extensions.. | New poll | | |
Add to favorites | Next newer thread | Next older thread |
User | Post | ||
Gavin Cheep-cheep Vandalism is not tolerated Since: 11-17-05 From: IL, USA Last post: 6503 days Last view: 6446 days |
| ||
I noticed the new board logo with some of the code you're using to get file extensions:
I was curious what exactly the file extension is used for, and if it is for checking file type? Might be, might not be. And I'm not sure how relevant it is for this case, but if you are using it for file type restrictions I just thought I would recommend that in the future, the current method is kind of a no-no. You're going to want to use MIME magic, because checking for file type by extension is easily spoofed. Specifically, mime_content_type();. This prevents simple file name change subversion. |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6427 days Last view: 6427 days |
| ||
Speaking of files, you can't attatch one when creating a thread. Nor can you edit them when editing a post.
Test [edit] Either that file I just uploaded is really popular, or the counter's wrong. It apparently got 18 hits in the time between me uploading it (and viewing it once to test) and editing my post. [edit 2] Hah, I think I know what's up with the download counter. I noticed Winamp's been flickering back and forth between "[Connecting] http://board.acmlm.org/download.php?id=47" and "Connection error" for some time now. Whoops. (edited by Hyper LOL on 02-03-06 02:25 PM) (edited by Hyper LOL on 02-03-06 02:27 PM) (edited by Hyper LOL on 02-03-06 04:17 PM) |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6426 days Last view: 6426 days |
| ||
Gavin: Yes, however, MIME types can also be spoofed.
I base it on the fact extensions are usually what the server reads (i.e., it won't parse a txt just because it has <?php in it)... (edited by Xkeeper on 02-03-06 05:46 PM) |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6426 days Last view: 6426 days |
| ||
Also: I think I've said I wasn't done with attachments several times already. | |||
Gavin Cheep-cheep Vandalism is not tolerated Since: 11-17-05 From: IL, USA Last post: 6503 days Last view: 6446 days |
| ||
Originally posted by Xkeeper MIME types can be spoofed, but it requires someone to actually know what they are doing versus just changing a file extension, which even people at this board might be capable of doing. |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6426 days Last view: 6426 days |
| ||
Originally posted by GavinWouldn't MIME types still be different even if you changed the file extension? |
|||
mvent2 Paragoomba Since: 11-17-05 From: Brizzy, Australia Last post: 6747 days Last view: 6747 days |
| ||
It all depends what kind of header is sent to the client. For example, you can make a PHP script but if you put:
header("Content-type: image/png"); The browser will read it as if it was a .png file. In non-PHP files, I have no idea what determines the MIME type of a file. It isn't the extension, I don't think. (edited by mvent2 on 02-04-06 05:57 PM) |
Add to favorites | Next newer thread | Next older thread |
Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - upload file extensions.. | | |