Brian, Possibly so, but I have a small number of authenticated users who are unlikely to do anything malicious.
Cheers George > -----Original Message----- > From: Brian McGarvie [mailto:[EMAIL PROTECTED]] > Sent: 26 November 2002 4:34 pm > To: [EMAIL PROTECTED] > Subject: Re: [PHP-WIN] Re: File Upload - extension filtering > > > using the mime-type is safer ;) > > "George Pitcher" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Brian, > > > > Thanks. However, I have just solved it by using stristr() instead. > > > > Works a treat. > > > > George > > > > > -----Original Message----- > > > From: Brian McGarvie [mailto:[EMAIL PROTECTED]] > > > Sent: 26 November 2002 4:26 pm > > > To: [EMAIL PROTECTED] > > > Subject: [PHP-WIN] Re: File Upload - extension filtering > > > > > > > > > use 'image/tiff' instead... > > > > > > "George Pitcher" <[EMAIL PROTECTED]> wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi all, > > > > > > > > I have file upload working on my NT/Lasso/PHP site and want to > restrict > > > the > > > > type of file being uploaded to either PDF, TIF or ZIP. > > > > > > > > > > > > My code sofar is: > > > > > > > > <? > > > > $u_ext = "error"; > > > > $location ="http://mysite/upload_confirm.lasso?nj=" . $nj; > > > > $file_dir="e:\\upload\\"; > > > > foreach($HTTP_POST_FILES as $file_name => $file_array){ > > > > if($file_array['type']=="application/octet-stream"){ > > > > $u_ext = ".tif"; > > > > } > > > > if($file_array['type']=="application/pdf"){ > > > > $u_ext = ".pdf"; > > > > } > > > > if($file_array['type']=="application/x-zip-compressed"){ > > > > $u_ext = ".zip"; > > > > } > > > > if($u_ext=="error"){ > > > > die( "<h1>You have tried to upload a file that is not > 'pdf', 'zip' or > > > > 'tif'. Please go back and try again.</h1>\n"); > > > > } > > > > if(is_uploaded_file($file_array['tmp_name'])){ > > > > move_uploaded_file($file_array['tmp_name'], "$file_dir/$nj".$u_ext) > > > > or die ("Sorry, unable to upload the file at this time - please > > > try again > > > > later."); > > > > header("Location: $location"); > > > > } > > > > } > > > > ?> > > > > > > > > Although the above script works, octet-stream covers more than just > tif > > > > files. > > > > Any clues? > > > > > > > > Cheers > > > > > > > > George > > > > > > > > === > > > > > > > > George Pitcher > > > > HERON Technical Manager > > > > Ingenta plc > > > > 23-38 Hythe Bridge Street, Oxford, OX1 2ET > > > > T +44 (0)1865 799137 direct > > > > T +44 (0)1865 799000 switchboard > > > > F +44 (0)1865 799134 > > > > E [EMAIL PROTECTED] > > > > > > > > www.ingenta.com > > > > Ingenta: Empowering the exchange of academic and > professional content > > > > online. > > > > > > > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php