Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one - with a .php extension. I could upload it to your server and have it served from there - not much use to me because it would fail to update.
The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.
Read his post here: PHP security exploit with GIF images
I’ve been using a crossword helper for a while, usually when helping my Mother with questions about French Presidents and button collections and Google fails to give me a sensible answer.
The tool I use is at http://casr.adelaide.edu.au/craig/wow.html
They have a little teaser on the page saying What is docapy? (more…)
