Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Nik Cubrilovic (niknik.com.au)
Date: Wed Mar 06 2002 - 12:36:04 CST
One thing that I have noticed with uploading files in PHP is the ability
to embed scripts and have them execute on IE regardless of the
In this case I want to enable site visitors to upload PDF documents for
other visitors to view.
The upload script has a number of simple checks for the uploaded document
(file name, check to see if the file extension ends with .PDF etc.) but it
seems that when uploading a file such as the following
and setting the following headers in a PHP script to display it back (the
PDF is stored in a database BLOB).
it is a corrupt PDF document, but for some reason IE still executes the
Is this a hole in IE that developers should be taking into consideration?
tested on IE 6.0.2600 (with HF's).