Well, the upload page wouldn't complain, just the image wouldn't display. I don't think MIME types are embedded in the file as well as being stated in the file extension. When the image is loaded, it would be treated as an image, so harmful code couldn't really be executed. However, I've heard that through a combination of .htaccess to php-ify .gif/.jpg/.whatever you can send the batch file mime type while hiding in a .gif and have the user run it as a batch file, which can be malicious, but that doesn't happen for ordinary image uploads on WP.
On 9/3/06, Gregory Maxwell gmaxwell@gmail.com wrote:
On 9/3/06, MacGyverMagic/Mgm macgyvermagic@gmail.com wrote:
The external links are a good point, but they say our images are infected with viruses and trojans. I don't think that's possible as any program altered to have an image extension would be rejecte by the upload page, right?
If you upload an image with file magic that doesn't match its extension you get an ominous warning on the image page that the content might be infectious. ... this is likely what they are talking about.
And yes, its possible that a user could manage to execute such a file if it were actually harmful. _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l