I'm building a site (in CakePHP) which allows vistors to comment on posts and also upload an image (jpg, png, gif) along with their comment.
I want to keep the threshold as low as possible, so in order to comment visitors have to fill out a Captcha instead of registering.
Right after uploading I resample the image ( imagecopyresampled() ) and discard the original. This in order to filter malicious content.
My question regarding the image uploading:
What risks didn't I cover yet? / Did I cover the potential risks sufficiently?
+ other thoughts on this topic?
kind regards! Bart
I would suggest filtering file size and type. Honestly I stay away from user uploads as much as possible myself, they tend to cause trouble no-one expects...
So I agree with J V, the real problems are less of a technical nature.