The user does not even need to use a browser to upload to your server, they could use curl or write a script in order to upload files. Checking the file type by extension may not suffice then, so be sure to check the content for type signatures (e.g. using the file utility on most unix systems or a library).
👩🏽💻Frontend dev 📚 Lifelong learning & deep work enthusiast 🎙️ Podcast & Newsletter "Pod Pretekstem" ✒️ Blog wakeupandcode.pl 🦸♀️ Founder of "Programuj, dziewczyno!" community
The user does not even need to use a browser to upload to your server, they could use curl or write a script in order to upload files. Checking the file type by extension may not suffice then, so be sure to check the content for type signatures (e.g. using the file utility on most unix systems or a library).
yes, this will be covered as well :)
I think using a Nonce would also help in this scenario