Does an "allowed" check check file ext as well as Mime type

See all posts Reply

Does an "allowed" check check file ext as well as Mime type new!
by Dave, 14 years, 6 months ago
Hi, I just downloaded the class.

I was just wondering if, when you set the "allowed" array, not only will the class check to make sure the MIME type of the submitted file matches one of those mime types... but does it also do any checks to make sure that the file extension of the file is actually a file extension that "goes with" that same MIME type?

From what I've read, for security reasons, one should do both: Check the MIME type, but then check to make sure that the extension on the file actually matches the MIME type.

??

Thanks!

-= Dave =-Reply
Re: Does an "allowed" check check file ext as well as Mime type new!
by colin, 14 years, 5 months ago
allowed only checks on the MIME type. The extension can easily be spoofed.Reply