Brigo
Reputation: 1112
pathinfo() safety: is it possible to fake the extension?
I currently get the extension of the files are uploaded by the admins using pathinfo($FILE["name"], PATHINFO_EXTENSION), validating them if they match with a specific list.
Today I was wondering:
- is there any way to fake the exstension, giving the opportunity to a spiteful person to upload a script or whatever instead of, for example, a .jpg file?
- If so, how you could I prevent that or how could I strengthen my script to make it more difficult?
Upvotes: 1
Views: 480
Answers (0)
Related Questions
- PHP Does fileinfo function look inside file or just checks the extension of file
- Failing to get file extension when using pathinfo()
- Is php fileinfo sufficient to prevent upload of malicious files?
- Safe file extensions while uploading them to server
- Safe File Extensions
- best secured way to guess file extension
- How to get extensions for files with data in paths?
- How to check for the correct file extension in PHP?
- PHP Including a file based on pathinfo - security concern?
- php file extensions: security issue?