• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
File Uploader Image Security

#1
Hi all,


Does the file uploader class perform all the necessary security checks to verify that a file is an image such as checking the actual first 20 or so bytes of the file, etc? 


Note: I already know about changing the file name, adding htaccess to the upload folder to prevent php scripts from running, etc.  This is about verifying the actual image itself as being an image.

Thanks,

Alan
Reply

#2
Check out the documentation: https://www.codeigniter.com/user_guide/l...ght=upload
Reply

#3
(03-20-2018, 06:50 AM)AlanDev Wrote: ... adding htaccess to the upload folder to prevent php scripts from running ...

I've not seen this one. What does that look like?

If you browse the code in the upload library, I think you'll find it handles even more than you thought it would.
Reply

#4
https://github.com/bcit-ci/CodeIgniter/b...d.php#L806
Reply

#5
(03-20-2018, 05:58 PM)ivantcholakov Wrote: https://github.com/bcit-ci/CodeIgniter/b...d.php#L806

Should've pointed to this instead:

https://github.com/bcit-ci/CodeIgniter/b....php#L1206
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.