Ticket #668 (closed Feature Request: fixed)

Opened 5 months ago

Last modified 4 months ago

Image upload security helper

Reported by: neovive Owned by: Shadowhand
Priority: major Milestone: 2.2
Component: Helpers Version: SVN HEAD
Keywords: image upload security Cc:

Description

Include a new helper method (e.g. valid::image(array $params), security::clean_image(), etc.) to validate content-types and to ensure no additional php or other content is embedded into a user-uploaded image. As per image upload security information outlined in the following paper:

http://www.scanit.be/uploads/php-file-upload.pdf [361KB PDF]

Change History

Changed 5 months ago by Shadowhand

  • owner changed from - No owner - to Shadowhand
  • status changed from new to assigned

Changed 4 months ago by Shadowhand

  • status changed from assigned to closed
  • resolution set to fixed

This is already available as upload::type and upload::size. More advanced helpers will need to be custom, unless you want to submit feature requests with patches.

Note: See TracTickets for help on using tickets.