1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Uploading Images via The Comments section WP.

Discussion in 'Blogging' started by James2, Jul 2, 2017.

  1. James2

    James2 Supreme Member

    Joined:
    Jun 3, 2011
    Messages:
    1,215
    Likes Received:
    1,036
    Location:
    London, England
    I think I know the answer, but I just want to double check with you guys.

    If I allow people to upload images to the comments section of my website, am Leaving it wide open for an attack?

    Cheers,

    James :)
     
  2. headspace

    headspace Newbie

    Joined:
    Jun 20, 2017
    Messages:
    44
    Likes Received:
    5
    Gender:
    Male
    Home Page:
    Im not going to say yes. But i hate the way wp comments are so i use disqus plugin. Honestly most of my users use that app i dunno why but im also starting to see it implemented around other blogs.
     
    • Thanks Thanks x 1
  3. James2

    James2 Supreme Member

    Joined:
    Jun 3, 2011
    Messages:
    1,215
    Likes Received:
    1,036
    Location:
    London, England
    Thanks headspace. I'll check it out.
     
  4. ThomasPr

    ThomasPr BANNED BANNED

    Joined:
    Jun 30, 2017
    Messages:
    26
    Likes Received:
    6
    Gender:
    Male
    Not necessarily an attack, but your hdd space on your server or hosting account will surely suffer if you enable that feature :)
     
    • Thanks Thanks x 1
  5. vilto

    vilto Jr. VIP Jr. VIP

    Joined:
    Dec 4, 2016
    Messages:
    230
    Likes Received:
    39
    Gender:
    Male
    Hope you have a strong hosting plan.
     
    • Thanks Thanks x 1
  6. James2

    James2 Supreme Member

    Joined:
    Jun 3, 2011
    Messages:
    1,215
    Likes Received:
    1,036
    Location:
    London, England
    Allowing users to upload images revoked lol. I'll let Discus's servers hold it for me. Cheers headspace.
     
  7. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,478
    Likes Received:
    3,108
    Gender:
    Male
    Yes and No. If you validate the upload properly, and have a hosting plan that isn't vulnerable you will be safe. When I say validate, I mean client side validation plus server side extension validation plus byte validation ( read a few byte and decide if a real image). Also disable server side script execution in the folder where you upload images. For bullet-proof security, use php to convert the file to image ( imagecreatefrompng etc) as you do not want to trust user input. In-fact, I would look for other ways of storing the image ( like as blob in db, or don't save the image inside your http docs.. etc ) too if I was too paranoid.
     
    • Thanks Thanks x 1