PHP Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsProgramming LanguagesPHP Development

Closed Thread
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old October 10th, 1999, 03:57 PM
jay-biz
Guest
Dev Shed Newbie (0 - 499 posts)
 
Posts: n/a  
Time spent in forums:
Reputation Power:
Hi!

I have two questions. First, how can I control what files a user uploads? I can, of course, check the extensions but they can't always be trusted. Can I check the mime-types somehow?

Second, is there a way I can set the "available formats" in the file upload dialog box?

Regards,



------------------
.jonas

Reply With Quote
  #2  
Old November 10th, 2011, 11:16 PM
Wizard111 Wizard111 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Nov 2011
Posts: 1 Wizard111 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 34 m 5 sec
Reputation Power: 0
first question: here is some basic code that checks if the file uploaded is a jpeg, should be easy enough to follow.

Code:
<form enctype='multipart/form-data' action="#" method="post">
    <input type="file" name="uploaded" />
    <input type="submit" name="upload" value="Upload" />
</form> 
<?php 
    if ($_FILES['uploaded']['type'] == 'image/jpeg') {
        exit('Allowed'); 
    } else { 
        exit('Denied!'); 
    } 
?>

as for the second one you could just create an array of file types supported and use it for checking the uploaded file, and to create a "supported file types" list on the form, I hope that helped, if you have any other questions feel free to ask.

Reply With Quote
  #3  
Old November 11th, 2011, 08:31 AM
ManiacDan's Avatar
ManiacDan ManiacDan is offline
Likely to be eaten by a grue.
Dev Shed God 10th Plane (9500 - 9999 posts)
 
Join Date: Oct 2006
Location: Pennsylvania, USA
Posts: 9,811 ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)  Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 2 Months 3 Weeks 18 h 20 m 12 sec
Reputation Power: 6112
Welcome to the forums Wizard.

You have revived a thread that is so old the forum software is malfunctioning trying to display the OP's information. The Matrix came out AFTER this question was asked. I think he found the answer.

Please limit your activity to the first page of the forum listings to avoid something like this.

Thread Closed.

-Dan
__________________
HEY! YOU! Read the New User Guide and Forum Rules

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

Reply With Quote
  #4  
Old November 11th, 2011, 11:31 AM
requinix's Avatar
requinix requinix is offline
Still alive
Click here for more information.
 
Join Date: Mar 2007
Location: Washington, USA
Posts: 12,711 requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)requinix User rank is General 120th Grade (Above 100000 Reputation Level)  Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1Folding Points: 417516 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 5 Months 1 Week 4 Days 6 h 48 m 5 sec
Reputation Power: 8969
Send a message via AIM to requinix Send a message via MSN to requinix Send a message via Yahoo to requinix Send a message via Google Talk to requinix
Since the damage has been done I'm going to answer this anyways. Naturally these answers are appropriate for stuff happening THIS DECADE, so don't go back in time and use my advice. Besides, if you could go back in time, why the hell would you be spending your time dealing with HTML forms? Go win the damn lottery.


1. You can't control what files the user sends to your server. You can control which files you actually accept and store for later (which should be obvious because it's your own code that's doing the accepting and storing).

2. Extensions can be changed easily, but most web servers will serve files according to extension - or at least use the extension to resolve ambiguities. If you want .jpg files and someone uploads a PHP script renamed to .jpg then worst case it'll just be treated as a (corrupt) image. Best case is the script contains actual JPEG data and you'll see that.
However the reverse would be harmful: since JPEG images can contain arbitrary comments, if an image was renamed as .php then it could execute harmful code.

3. The MIME type, as contained within $_FILES, is provided by the browser. Not by PHP. That means it is insecure and cannot be trusted. If you want the type (which is a good idea for handling generic file uploads) then determine it yourself.

4. The <input type=file> element does support a set of allowed MIME types for uploading, but (a) it's not implemented on, like, any browser, and (b) you couldn't trust it to restrict files.

Last edited by requinix : November 11th, 2011 at 11:34 AM.

Reply With Quote
Closed Thread

Viewing: Dev Shed ForumsProgramming LanguagesPHP Development > File upload handling (file types etc.)

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap