Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
On 29/07/10 19:10, tedd wrote: At 9:50 AM -0700 7/29/10, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. The short answer is you can't -- not from php. You can create a standard form and upload it from there, but you don't have control over file type. So you can't stop people from uploading anything to your site via the form, but you can look at the document once it's there and inspect it. Using a HEX Editor, I see that most pdf file have the first four bytes as %PDF so you might check that before moving the file to somewhere important. But that doesn't stop spoofing. Other than that, I can't see any way to do it. Cheers, tedd Second what tedd says, with a bit more: on a Linux backend system I run uploaded files through the 'file' command with a decent magic file to detect the file type. I also run every upload through a virus scanner (clamscan, for example) before I accept it. If your PHP backend is windows then you might need to do some research to find a good file-type detection routine, although the virus scanning should be possible. You certainly cannot trust the client side to do any checking. In any case, JavaScript doesn't (shouldn't) have access to the file you are trying to upload, so there's not much you can do there. You might achieve something client-side with Flash, or a Java uploader applet, I suppose. Cheers Pete -- Peter Ford, Developer phone: 01580 89 fax: 01580 893399 Justcroft International Ltd. www.justcroft.com Justcroft House, High Street, Staplehurst, Kent TN12 0AH United Kingdom Registered in England and Wales: 2297906 Registered office: Stag Gates House, 63/64 The Avenue, Southampton SO17 1XS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
** Hans Åhlin Tel: +46761488019 icq: 275232967 http://www.kronan-net.com/ irc://irc.freenode.net:6667 - TheCoin ** 2010/7/30 Pete Ford p...@justcroft.com On 29/07/10 19:10, tedd wrote: At 9:50 AM -0700 7/29/10, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. The short answer is you can't -- not from php. You can create a standard form and upload it from there, but you don't have control over file type. So you can't stop people from uploading anything to your site via the form, but you can look at the document once it's there and inspect it. Using a HEX Editor, I see that most pdf file have the first four bytes as %PDF so you might check that before moving the file to somewhere important. But that doesn't stop spoofing. The pdf files also ends with startxref [some numbers] %%EOF Other than that, I can't see any way to do it. Cheers, tedd Second what tedd says, with a bit more: on a Linux backend system I run uploaded files through the 'file' command with a decent magic file to detect the file type. I also run every upload through a virus scanner (clamscan, for example) before I accept it. If your PHP backend is windows then you might need to do some research to find a good file-type detection routine, although the virus scanning should be possible. You certainly cannot trust the client side to do any checking. In any case, JavaScript doesn't (shouldn't) have access to the file you are trying to upload, so there's not much you can do there. You might achieve something client-side with Flash, or a Java uploader applet, I suppose. Cheers Pete -- Peter Ford, Developer phone: 01580 89 fax: 01580 893399 Justcroft International Ltd. www.justcroft.com Justcroft House, High Street, Staplehurst, Kent TN12 0AH United Kingdom Registered in England and Wales: 2297906 Registered office: Stag Gates House, 63/64 The Avenue, Southampton SO17 1XS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Trapping for PDF Type and file size in a UPLOAD form...
I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. Something like: html body form enctype=multipart/form-data action=upload.php method=post input type=hidden name=MAX_FILE_SIZE value=100 accept=application/pdf / Choose a file to upload: input name=uploaded_file type=file / input type=submit value=Upload / /form /body /html It is documented online that I can pass a parameter ACCEPT=applaction/ pdf, BUT it is not recognized in most browsers. It was suggested by someone that I could trap for this using a JAVASCRIPT. Can someone assist with a snippet of javascript code to trap for this for me? This is the end result I need: If the user selects a file that IS NOT a PDF file, display an javascript alert You can only upload PDF files. Please try again. If the user selects a PDF file greater than 1MB, display an javascript alert File uploads may not exceed 1M in file size. Please try again. I appreciate any help that can be offered. Thanks in advanced! Don Wieland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
On Thu, 2010-07-29 at 09:50 -0700, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. Something like: html body form enctype=multipart/form-data action=upload.php method=post input type=hidden name=MAX_FILE_SIZE value=100 accept=application/pdf / Choose a file to upload: input name=uploaded_file type=file / input type=submit value=Upload / /form /body /html It is documented online that I can pass a parameter ACCEPT=applaction/ pdf, BUT it is not recognized in most browsers. It was suggested by someone that I could trap for this using a JAVASCRIPT. Can someone assist with a snippet of javascript code to trap for this for me? This is the end result I need: If the user selects a file that IS NOT a PDF file, display an javascript alert You can only upload PDF files. Please try again. If the user selects a PDF file greater than 1MB, display an javascript alert File uploads may not exceed 1M in file size. Please try again. I appreciate any help that can be offered. Thanks in advanced! Don Wieland Perhaps asking on a Javascript list might be better for this particular question, as this is a PHP list... ;) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
On Jul 29, 2010, at 12:50 PM, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. Something like: html body form enctype=multipart/form-data action=upload.php method=post input type=hidden name=MAX_FILE_SIZE value=100 accept=application/pdf / Choose a file to upload: input name=uploaded_file type=file / input type=submit value=Upload / /form /body /html It is documented online that I can pass a parameter ACCEPT=applaction/pdf, BUT it is not recognized in most browsers. It was suggested by someone that I could trap for this using a JAVASCRIPT. Can someone assist with a snippet of javascript code to trap for this for me? This is the end result I need: If the user selects a file that IS NOT a PDF file, display an javascript alert You can only upload PDF files. Please try again. If the user selects a PDF file greater than 1MB, display an javascript alert File uploads may not exceed 1M in file size. Please try again. I appreciate any help that can be offered. Thanks in advanced! Don Wieland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Don- Remember that anything submitted by the client can be spoofed or faked. Ensure that your PHP script accounts for Javascript being disabled. Past that, I'm sure you can get results from somewhere like Stackoverflow.com instead of a PHP mailing list. Thanks, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
At 9:50 AM -0700 7/29/10, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. The short answer is you can't -- not from php. You can create a standard form and upload it from there, but you don't have control over file type. So you can't stop people from uploading anything to your site via the form, but you can look at the document once it's there and inspect it. Using a HEX Editor, I see that most pdf file have the first four bytes as %PDF so you might check that before moving the file to somewhere important. But that doesn't stop spoofing. Other than that, I can't see any way to do it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php