For an image file (JPEG) that has been uploaded to the server via a PHP script (to a directory such as http://www.somedomain.com/images, is it a good idea to allow the client to get the image’s direct address (such as http://www.somedomain.com/images/someimage.jpg and paste it into a WYWSIWYG text editor (such as TinyMCE)?
I am wondering if there is a preferable method where the direct address is encrypted?
Please, if I should just link directly to the image, just say so.
Thanks!
Note: I have modified this question from my original. Please see revisions if you are curious, but I think I was asking the question incorrectly. My apologies to the people who already answered.
As long as you check correctly WHAT is being uploaded, it shouldn’t be a problem. So please at least use
getimagesizeor a similar function to make sure it’s an image that’s being uploaded, AND make sure the extension on the file is correct so that it will never be run through the PHP interpreter – to prevent someone from uploading an image with a PHP script attached.BTW Here’s a nice whitepaper on uploads and security : http://www.scanit.be/uploads/php-file-upload.pdf