Well, the upload page wouldn't complain, just the image wouldn't
display. I don't think MIME types are embedded in the file as well as
being stated in the file extension. When the image is loaded, it would
be treated as an image, so harmful code couldn't really be executed.
However, I've heard that through a combination of .htaccess to php-ify
.gif/.jpg/.whatever you can send the batch file mime type while hiding
in a .gif and have the user run it as a batch file, which can be
malicious, but that doesn't happen for ordinary image uploads on WP.
On 9/3/06, Gregory Maxwell <gmaxwell(a)gmail.com> wrote:
On 9/3/06, MacGyverMagic/Mgm
<macgyvermagic(a)gmail.com> wrote:
The external links are a good point, but they say
our images are infected
with viruses and trojans. I don't think that's possible as any program
altered to have an image extension would be rejecte by the upload page,
right?
If you upload an image with file magic that doesn't match its
extension you get an ominous warning on the image page that the
content might be infectious. ... this is likely what they are talking
about.
And yes, its possible that a user could manage to execute such a file
if it were actually harmful.
_______________________________________________
WikiEN-l mailing list
WikiEN-l(a)Wikipedia.org
To unsubscribe from this mailing list, visit:
http://mail.wikipedia.org/mailman/listinfo/wikien-l