[eluser]dimethroxy[/eluser]
A common fix to make flash upload work using CI upload class is to modify the mimes type for images in the config files and adding 'application/octet-stream', like so:
Code:
'jpeg' => array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpg' => array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpe' => array('image/jpeg', 'image/pjpeg', 'application/octet-stream')
This actually fix the problem with flash uploaded files being rejected. But this change open a huge security risk:
It allow .php files to be uploaded
Anyone else noticed this?
