Gossamer Forum
Home : Products : Gossamer Links : Discussions :

file upload & security

Quote Reply
file upload & security
I have a few questions:

I like to know something about security of a file upload in LinksSQL

I want to give registered users the abbility to upload a picture for each link.
I know this is possible but I have a few questions about the security of it.

1. How can I set the upload to handle only .gif .jpg .png files?

2. how can I set the upload to check after extension also the file headers!
(example: a PHP script with .jpg extension will not be uploaded).


Cheers,

Eric Holborn
Quote Reply
Re: [ericho] file upload & security In reply to
You need to use a Form Regex in your links image column, something like this:
^(?:|.*\.(?i:jpg|gif))$

Someone else may be able to validate the above is correct and you can also do a search on Regex which may help further.

Regards

minesite