| This is not a big deal if you use some validation on images (in PHP at | least). | | Try the function getImageSize(); it will return an array containing the | size of the image, as well as the format. If the file specified is not a | GIF, JPEG, PNG, or SWF, getImageSize() returns null. Except in the case of bulletin boards, the images are located on remote servers. getImageSize (although it supports HTTP addresses in PHP4.05) would have to work from a fully downloaded copy of the image. This means that if a user posted an image, the server would have to download it entirely, check for its validity, and THEN proceed with inserting it into the database. This isn't a solution for us in vBulletin, as it could mean that a server's bandwidth charges are sent sky high, not only because it has to transfer every 80KB screenshot thats posted, but because some kiddie who decided it'd be funny to link to an 800MB image. -- WhiteCrown Networks - Web Application Security www.whitecrown.net - servicesat_private ______________________________ / Chris Lambert - cjlambertat_private |-> ICQ #: 16435685 - AIM: ClipperChris `-> Cell: (401) 743-2786 - http://sms.clambert.org/
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 11:47:02 PDT