|
|
Posted by Jack Jackson on 10/20/53 11:19
John Nichel wrote:
> Jack Jackson wrote:
> <snip>
>
>> Also, it seems that directories must be blown wide open (777) to allow
>> the script to copy the file over from /tmp. My ISP won't allow
>> directories to be set to 777 under public_html/ -- but we need to
>> access the files via web browser which is the whole point.
>
>
> It shouldn't have to be this way. The webserver should be configured to
> run as your virtual user, or belong to a group which has write
> permission to that directory, or.....I'm getting a bit off track with
> that. This is something you'll have to take up with your ISP.
Will do.
>
>> So my questions:
>> 1. How do you validate Word and Excel files before upload?
>
>
> Before? JavaScript...if JavaScript can even do it (I haven't touched
> the stuff in ages). After upload, you can check the mime type, but
> that's not foolproof.
>
Okay, sorry I miswrote: after upload to the temp directory, BEFORE using
move_uploaded_file(). Checking the mime type is the problem - if I can't
trust the browsers am I really reliant on the file extension? Can't I
peek in some manner into it as we do with getimagesize()?
Navigation:
[Reply to this message]
|