[nycphp-talk] limit file types on image uploads?
Analysis & Solutions
danielc at analysisandsolutions.com
Thu Jul 17 01:28:05 EDT 2003
Hi Folks:
On Wed, Jul 16, 2003 at 07:11:46PM -0400, Keith Richardson wrote:
> $fileparts = explode(".",$filename);
> $extention = $fileparts[sizeof($fileparts)-1];
This process is completely insecure. I can put up anything as long as I
give it an acceptable extension.
As mentioned by others earlier, use getimagesize(). Here's some code from
a project of mine:
if ( !$Info = getimagesize($_FILES['Photo']['tmp_name']) ) {
$Prob[] = 'File isn\'t an image';
}
if ($Info[2] != 2) {
$Prob[] = 'Image is not in JPEG format';
}
DON'T use this, becasuse submissions from AOL users choke due to their
browser not sending a proper mime type, if one at all:
if ($_FILES['Photo']['type'] != 'image/jpeg') {
$Prob[] = 'File is not in JPEG format';
}
--Dan
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list