hashName() is safe; under the hood, it actually uses guessExtension() (which is an alias of extension()).
https://github.com/laravel/framework/blob/10.x/src/Illuminate/Http/FileHelpers.php#L42
I read about File Upload Vulnerability in this article https://securinglaravel.com/p/laravel-security-file-upload-vulnerability
here it is said to reduce the vulnerability by using the following line of code:
$request->photo->extension();
then I tried to look into laravel documentation and I found the following code:
$request->photo->hashName()
that code already generates a random name and includes the extension of the uploaded file, is this code safe to use or better to use something like this?
$filename = Hash::make($request->photo).'.'.$request->photo->extension();
Please or to participate in this conversation.