Thomas Weidner has posted about a method he's come up with to help protect you and your site when uploading files through the Zend_File_Transfer component from the Zend Framework.

The new Zend_File_Transfer component is growing day for day. As incredible new feature this component allows to use file validators. These are necessary to increase security and allow to define rules for file uploads (and also downloads in future).

He illustrates with a simple Zend_File_Transfer object that uses an addValidators call to limit the size of the upload to 50 KB. Other validation rules include count (the number of files to expect), extension, filessize and imagesize. Using these he makes a "more secure" upload object setting the size to 205KB, to expect five files that are all under 1MB and are of the types gif/jpg/png.