Fix suggestions with security implications.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@194019 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Stefan Esser 2005-08-19 21:59:37 +00:00
parent e1784a40f0
commit 73f260bb15

View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.85 $ -->
<!-- $Revision: 1.86 $ -->
<chapter id="features.file-upload">
<title>Handling file uploads</title>
@ -111,7 +111,9 @@
<para>
The mime type of the file, if the browser provided this
information. An example would be
<literal>"image/gif"</literal>.
<literal>"image/gif"</literal>. This mime type is however
not checked on the PHP side and therefore don't take its value
for granted.
</para>
</listitem>
</varlistentry>
@ -196,7 +198,10 @@ print "</pre>";
to throw away any files that are either too small or too big. You
could use the
<varname>$_FILES['userfile']['type']</varname> variable
to throw away any files that didn't match a certain type criteria.
to throw away any files that didn't match a certain type criteria, but
use this only as first of a series of checks, because this value
is completely under the control of the client and not checked on the PHP
side.
As of PHP 4.2.0, you could use <varname>$_FILES['userfile']['error']</varname>
and plan your logic according to the <link
linkend="features.file-upload.errors">error codes</link>.