Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Ashley Sheridan
On Sun, 2010-08-15 at 11:51 +0200, Sebastian wrote: > OK THX to everyone. I will check the images with imagick and let the > pdfs in adobes responsibility. One worry less. Also, if you're really worried, try suggesting people use an alternative pdf reader. There are quite a few to choose from, t

Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Sebastian
OK THX to everyone. I will check the images with imagick and let the pdfs in adobes responsibility. One worry less. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Ashley Sheridan
On Sun, 2010-08-15 at 08:43 +0200, Peter Lind wrote: > On 15 August 2010 06:14, Paul M Foster wrote: > > On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: > > > >> Hi, > >> > >> before I allow to upload images I read them and check for several html > >> tags. If they exist I don't

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Peter Lind
On 15 August 2010 06:14, Paul M Foster wrote: > On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: > >> Hi, >> >> before I allow to upload images I read them and check for several html >> tags. If they exist I don't allow the upload. Is their any need to check >> pdf files, too? At t

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Paul M Foster
On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: > Hi, > > before I allow to upload images I read them and check for several html > tags. If they exist I don't allow the upload. Is their any need to check > pdf files, too? At the time I'm doing this, but the result is that many >

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Peter Lind
I'm guessing you may have been referring to something like: http://kestas.kuliukas.com/JavaScriptImage/ - this actually does seem to be a valid threat to IE6 and would go undetected by the measures proposed. Checking an image for

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Sebastian
Peter Lind wrote: > On 14 August 2010 22:36, Sebastian Ewert wrote: >> Hi, >> >> before I allow to upload images I read them and check for several html >> tags. If they exist I don't allow the upload. Is their any need to check >> pdf files, too? At the time I'm doing this, but the result is that

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Peter Lind
On 14 August 2010 22:36, Sebastian Ewert wrote: > Hi, > > before I allow to upload images I read them and check for several html > tags. If they exist I don't allow the upload. Is their any need to check > pdf files, too? At the time I'm doing this, but the result is that many > files are denied b