mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
Fix suggestions with security implications.
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@194019 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
parent
e1784a40f0
commit
73f260bb15
1 changed files with 8 additions and 3 deletions
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!-- $Revision: 1.85 $ -->
|
||||
<!-- $Revision: 1.86 $ -->
|
||||
<chapter id="features.file-upload">
|
||||
<title>Handling file uploads</title>
|
||||
|
||||
|
@ -111,7 +111,9 @@
|
|||
<para>
|
||||
The mime type of the file, if the browser provided this
|
||||
information. An example would be
|
||||
<literal>"image/gif"</literal>.
|
||||
<literal>"image/gif"</literal>. This mime type is however
|
||||
not checked on the PHP side and therefore don't take its value
|
||||
for granted.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -196,7 +198,10 @@ print "</pre>";
|
|||
to throw away any files that are either too small or too big. You
|
||||
could use the
|
||||
<varname>$_FILES['userfile']['type']</varname> variable
|
||||
to throw away any files that didn't match a certain type criteria.
|
||||
to throw away any files that didn't match a certain type criteria, but
|
||||
use this only as first of a series of checks, because this value
|
||||
is completely under the control of the client and not checked on the PHP
|
||||
side.
|
||||
As of PHP 4.2.0, you could use <varname>$_FILES['userfile']['error']</varname>
|
||||
and plan your logic according to the <link
|
||||
linkend="features.file-upload.errors">error codes</link>.
|
||||
|
|
Loading…
Reference in a new issue