Timeline for Secure/Bulletproof Image Upload Using PHP
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 9, 2021 at 16:26 | history | edited | Sᴀᴍ Onᴇᴌᴀ♦ | CC BY-SA 4.0 |
added 304 characters in body
|
| Mar 9, 2021 at 9:24 | history | edited | Sᴀᴍ Onᴇᴌᴀ♦ | CC BY-SA 4.0 |
deleted 96 characters in body
|
| Mar 9, 2021 at 9:00 | comment | added | Your Common Sense | the mime type checking literally "scans the first couple of bytes", so it's already done. From the security standpoint, we don't care whether uploaded file is an image or not. We only care whether a file can be executed as a PHP script. | |
| Mar 9, 2021 at 8:52 | history | edited | Sᴀᴍ Onᴇᴌᴀ♦ | CC BY-SA 4.0 |
added 317 characters in body
|
| Mar 9, 2021 at 8:20 | comment | added | Your Common Sense | It is not a mime-type checking that makes this code secure, but the mime-type based renaming. the checking is not enough, as a php file can simply bypass the checking. but renaming a .php file to .jpg will make it at least directly harmless. | |
| Mar 9, 2021 at 7:30 | history | edited | Sᴀᴍ Onᴇᴌᴀ♦ | CC BY-SA 4.0 |
added 345 characters in body
|
| Mar 9, 2021 at 7:13 | history | answered | Sᴀᴍ Onᴇᴌᴀ♦ | CC BY-SA 4.0 |