Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am making a PHP image uploader using the Zend Framework which will upload images to a public directory for people to be able to freely access.
I have so far implemented these measures for security:
– File size validation
– Extension validation
– MimeType validation
– Upon successful validation file is renamed with a image extension in a public folder, i.e. /images/uploads/…
Is this enough security? Can’t run it through some antivirus script can you (is this required)?
The file extension and the mime type can be easily faked. Use
getimagesize()to see if it really is an image.