|
Posted by Rik on 10/10/91 11:45
Kerry wrote:
> Hi,
>
> I use the simple PHP script below with an html file for my visitors to
> upload files.
>
> I'd like to make it more secure by either allowing or denying certain
> files. I've tried adding more code but I can't get anything to work.
>
> I'm not an expert, but know it's probably only a couple of simple
> lines of code that will do the trick.
>
> TIA to anyone that can offer a solution.
Note: extensions/header/content-types can be faked, but still worth checking
most of the time.
As far as is can see you're uploading images. A pretty reliable method te
check if a file is an image is using getimagesize() on the file, and
checking the values. Offcourse that's not the purpose of the function, but
does the trick, and as a bonus filters out broken/partial images most of the
time.
Grtz,
--
Rik Wasmus
[Back to original message]
|