Posted by Tom Rogers on 11/09/76 11:19

Hi,

Friday, June 24, 2005, 12:42:33 AM, you wrote:
JJ> Hi,
JJ> I checked at
JJ> http://www.php.net/manual/en/features.file-upload.php and
JJ> all the user notes, and also the PEAR solution for uploading files and I
JJ> still have a couple of questions.

JJ> I need to create a form to allow users to upload (and later to delete)
JJ> MS word, excel and jpg files. Through your help I was able to validate
JJ> image files using getimagesize() and have made a nice script to upload
JJ> and rename images.

JJ> I cannot see a way to validate or examine Word or Excel files for
JJ> validity (and assume that older word files would validate differently
JJ> from newer ones).

JJ> The PEAR http upload script mentioned twice in the user notes at that
JJ> manual page does not *seem* to validate other than denying certain
JJ> extensions like php, php3, etc. I could be wrong of course.

JJ> Also, it seems that directories must be blown wide open (777) to allow
JJ> the script to copy the file over from /tmp. My ISP won't allow
JJ> directories to be set to 777 under public_html/ -- but we need to access
JJ> the files via web browser which is the whole point.


JJ> So my questions:
JJ> 1. How do you validate Word and Excel files before upload?

JJ> 2. How can I make a passthrough from a file above public_html to one
JJ> below it so that people can surf in with a browser and download files
JJ> which have been uploaded by the script?

JJ> Thanks in advance,
JJ> JJ

The first 8 bytes of an ole2 file (exel and word are ole2 files I
think) should have the following hex sequence:

"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1"

So do an fopen and read in the first 8 bytes and compare it to that
string should give some indication.

--
regards,
Tom

[Back to original message]