There was a recent Flash vulnerability found that allows for the potential of malicious attacks when someone uploads a flash file or a file embedded with flash (for example, a gif overloaded).
According to the article, even a simple image can be hijacked.
In php, the typical ways of checking a file type are by extension, and by mime-type.
Using the simple example of an image, how would php properly vet a file (as is recommended in the article). Mime types can be spoofed, as can extension, and if the file is piggy-backed, what is the workaround?
You’d need to validate the whole data into the file, for the case of the image: meaning you need to open the image, see if is a valid type, recognize all chunks of data corresponding to file type, and remove the rest if any.
One option would be using
GDto re-save your image, or trial and error removing bytes at the end of file and see if the image is still valid (again, usingGD). Of course, you’d may try to validate those files that you think are suspicious, like if you detect the SWF header (or all, if you feel like going paranoic).