Opened 11 years ago

Closed 10 years ago

#80 closed Task (fixed)

The PHP implementation must conform to our standards

Reported by: Frederico Caldeira Knabben Owned by: Wiktor Walc
Priority: Normal Milestone: FCKeditor 2.5 Beta
Component: Server : PHP Version:
Keywords: Cc:

Description

Check that the PHP integration is ok with our standards, as defined at Server Side Integration Status.

Change History (5)

comment:1 Changed 10 years ago by Frederico Caldeira Knabben

Owner: Frederico Caldeira Knabben deleted

comment:2 Changed 10 years ago by Frederico Caldeira Knabben

The following is a proposal from Nicolas Grekas to check if an image file is really an image:

if ( false === @getimagesize( $oFile['tmp_name'] ) )
	SendResults( '202' ) ;

comment:3 Changed 10 years ago by Wiktor Walc

Owner: set to Wiktor Walc
Status: newassigned

comment:4 Changed 10 years ago by Wiktor Walc

It's almost perfect solution, but unfortunately we should also take care about situation, where perfectly valid image file still contain HTML code inside.

It is described here: http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting

and some comments can be found here:

http://sla.ckers.org/forum/read.php?13,7019

I checked few open source projects to see how they handle image uploads and it seems that Mediawiki has very good solution for it. I borrowed their code and adjusted it for FCKeditor. Let me know guys what you think of it.

[684] (BTW. I'll adjust it to CodingStyle rules, sorry for that)

comment:5 Changed 10 years ago by Wiktor Walc

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy