class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
I have released a test version 0.26RC1, which should work with Flash uploaders. It is inspired by Roderick's code.
You can get it here. Would you be kind enough to test it?
However, I think it creates a security hole as it makes the class to rely on the file extension when the MIME type is application/octet-stream, thus enabling an attacker to upload a malicious file with an image extension.
I will do some further checking, and may do some more groundwork to allow Flash, open_basedir and MIME type detection play well together, while making sure it is all secured.Reply
You can get it here. Would you be kind enough to test it?
However, I think it creates a security hole as it makes the class to rely on the file extension when the MIME type is application/octet-stream, thus enabling an attacker to upload a malicious file with an image extension.
I will do some further checking, and may do some more groundwork to allow Flash, open_basedir and MIME type detection play well together, while making sure it is all secured.
Tested the new 0.26RC1 version, and flashupload works OK :)
Keep up the great work