Opened 18 years ago
Closed 17 years ago
#80 closed Task (fixed)
The PHP implementation must conform to our standards
| Reported by: | Frederico Caldeira Knabben | Owned by: | Wiktor Walc |
|---|---|---|---|
| Priority: | Normal | Milestone: | FCKeditor 2.5 Beta |
| Component: | Server : PHP | Version: | |
| Keywords: | Cc: |
Description
Check that the PHP integration is ok with our standards, as defined at Server Side Integration Status.
Change History (5)
comment:1 Changed 18 years ago by
| Owner: | Frederico Caldeira Knabben deleted |
|---|
comment:2 Changed 18 years ago by
comment:3 Changed 17 years ago by
| Owner: | set to Wiktor Walc |
|---|---|
| Status: | new → assigned |
comment:4 Changed 17 years ago by
It's almost perfect solution, but unfortunately we should also take care about situation, where perfectly valid image file still contain HTML code inside.
It is described here:
http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
and some comments can be found here:
http://sla.ckers.org/forum/read.php?13,7019
I checked few open source projects to see how they handle image uploads and it seems that Mediawiki has very good solution for it. I borrowed their code and adjusted it for FCKeditor. Let me know guys what you think of it.
[684] (BTW. I'll adjust it to CodingStyle rules, sorry for that)
comment:5 Changed 17 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
The following is a proposal from Nicolas Grekas to check if an image file is really an image: