Comments on: PHP Upload Security & The 1×1 jpeg Hack

By: Makavillian

Makavillian — Tue, 22 Feb 2011 19:14:37 +0000

Great post, I wasn’t aware of this either.

By: paul

paul — Thu, 06 Jan 2011 18:04:19 +0000

Never even gave that a thought…naively thought mime types could be relied on….now changing my image upload class. There must be a hell of a lot of unsecured upload scripts out there!

By: Nikos

Nikos — Sun, 12 Dec 2010 09:02:37 +0000

This handles nicely that php code will not be executed. how about xss?

By: Phillip Harrington

Phillip Harrington — Sat, 16 May 2009 01:42:59 +0000

I actually considered doing this – renaming, reprocessing the image and appending a new extension. I was not, however, aware of this attack – or of the fix. Thanks for this article! Keep it up! I’m enjoying very much the security and optimization focus of your first few entries. And as promised, I’m subscribing!