php - How can I check uploaded files extension? -
how can check uploaded files extension in next code(i wrote file type checking)? want prevent uploading image files wrong extension, *.jpg.exe.
my code:
<?php class uploader { private $filename; private $filedata; private $destination; public function __construct($key){ $this->filename = $_files[$key]['name']; $this->filedata = $_files[$key]['tmp_name']; } public function savein($folder){ $this->destination = $folder; } public function save(){ $folderwriteable = is_writable($this->destination); if($folderwriteable && (exif_imagetype($this->filedata) == imagetype_jpeg)){ $name = "$this->destination/$this->filename"; $success = move_uploaded_file($this->filedata, $name); } else { trigger_error("cannot write $this->destination"); $success = false; } homecoming $success; } }
if run on server(s) linux check file content type command file returns real mime type of file. can sure content (in cases).
that programm uses magic bytes. orginal thought check first view bytes , check if file contains known pattern, e.g. "mz" windows executables or "‰png" png files. file programm more things basic set of first view bytes.
depending on comments, concerned wrong, e.g. double file extensions. don't think , rename file, in best case random name. helpful if worry counts file numbers see unpublished images.
php forms security file-upload web
No comments:
Post a Comment