"IceWind" wrote:I was trying to follow the code used to upload the files but it's not easy to get at first try.
Cand someone give me a tip on where can i find the part where it uploads the file? I was planning to ad a mim-type check there and only let pass image types.
It's now 100% secure but it's a start...
Thanks.
the problem with this is that most php files are uploaded as gif images then changed to php.
You can put this in your htaccess files in
album_mod/upload/
pafiledb/uploads/
pafiledb/images/screenshots/
# no reasion any code should be able to run in this folder!AddHandler cgi-script .php .js .pl .py .jsp .asp .htm .shtml .sh .cgiOptions -ExecCGI
this wont stop users from uploading gifs and changing them to php, but it will make the file not executable.