FrontEnd file Upload - FreeForm how secure
Development and Programming
I create a FreeForm form on the front end and permit a file to be uploaded through it. This file follows the rules as set in my file upload preferences settings… so yes i can control the file type to images or all types. control the file size, the location, etc.
However, what other security is in place for these files? are certain file types crossed off the list for example, are the file extensions checked against the MIME types, if so are double extensions checked .jpg.php or .php.jpg, etc…
in the case of MIME types, where are these defined as i have a funny MS Word with DOC and DOCx will cause problems, etc! When upgrading will i have to redefine this or are these settings outside the upgrade files? etc?
lots of questions!!! and rambling!!! sorry, just want to be happy the file upload is safe as logically it can be. Thanks,
[Mod Edit: Moved to the Modules forum]
i understand why you moved this… because it relates to freeform…
but the question is about how secure the upload is as free form uses EE to handle the file???