Hi guys,
One quick question about file uploads and security.
I’m running MacOSX Server.
From what I understand, the file is first sent to the tmp folder, you then need to move the file to another folder with move_uploaded_file() in order for it to actually be stored on the server.
If move_uploaded_file() isn’t executed the file is erased.
My program handles CSV files only. I don’t plan to store the file on my server. I just want to open it and store it’s contentas on a database.
I’ll be doing file type and size validations. From what I understand, tmp folders don’t have execution privileges, so I’m assuming I don’t need to chmod the uploaded file.
My question is, is there anything else I should validate to prevent a potential virus threat with the scenario I just described?
Thanks