|
|
Posted by iktorn on 06/11/07 09:02
Schraalhans Keukenmeester napisał(a):
> At Mon, 11 Jun 2007 05:02:40 +0000, Bob let h(is|er) monkeys type:
>
>> Hello everyone !!!
>> I have a very neat script to download files to the server, the problem is
>> that it uploads all kind of files, txt, exe, zip,
>> you name it. I have been trying to add some code but still can't get it to
>> work. What I would like the script to do is only to allow the jpg, jpeg,
>> bmp, gif files to be downloaded. Can anyone can give me a hand?
>
> You'll have to test for extension first, and then assert what's sent
> actually is what it claims to be. A safe way would be to apply the
> appropriate imagecreatefrom(jpg|gif|bmp|png) etc functions provided by the
> gd library.
Much better way imho is to use getimagesize
(http://pl2.php.net/manual/en/function.getimagesize.php)
to check if its a valid image file.
Additionally you can check extension of uploaded file.
--
Wiktor Walc
http://phpfreelancer.net
Navigation:
[Reply to this message]
|