jodystevens wrote:Hahaha, I guess it gave me away...
Uploader is PHP so yes you can check the first/last bytes to verify file type or using MIME types(mime_content_type). Both of these can be faked but it is much harder than changing an extension name. getimagesize() would also be an option and probably the safest because it will return all image details in an array including the real extension(regardless of what someone changed it to).
My wife still catches me doing that.
And thanks for the PHP info. I keep meaning to look into PHP.
I'm having problems uploading some files. Heartbeats have been wasted. It appears, that any file with a name that includes a "p" in the node before the dot is rejected.
I dont know what language the file name validation is written in but surely what you need to do is;
1. Count the number of dots and if 0 or > 1 then reject with an appropriate error msg.
2. Then unstring the file name delimited by "." (dot) into field_1,field_2.
3. Validate field_1 for the the appropriate characters and if in error reject with an appropriate error msg.
4. Validate field_2 for the the appropriate characters and if in error reject with an appropriate error msg.
