Pear (HTTP_Upload) - Exceptable File Types

Posted on 2007-11-26
Last Modified: 2008-02-01
How can I have this Pear (HTTP_Upload) library only allow image files (ex. jpegs, gifs, bitmap, ect.)?  Please use the snippet to demonstrate.  Thanks in advance for your help.

require 'HTTP/Upload.php';

//$lang = "en";

$upload = new HTTP_Upload("en");

$files = $upload->getFiles();

$_SESSION['path'] = "../uploads/";

foreach($files as $file){

    if (PEAR::isError($file)) {

        echo $file->getMessage();


    if ($file->isValid()) {


        $dest_name = $file->moveTo("../uploads/");

        if (PEAR::isError($dest_name)) {

            echo $dest_name->getMessage();


        $real = $file->getProp("real");

        $name = $file->getProp("name");

    } elseif ($file->isMissing()) {

        //echo "No file was provided.";

    } elseif ($file->isError()) {

        echo $file->errorMsg();


    if (!empty($real)) {

          $_SESSION['fid'][] = insert_files($name, $real);

          $_SESSION['name'][] = $name;

          $_SESSION['real'][] = $real;

        echo "<br />";





Open in new window

Question by:taynet29
  • 2
LVL 10

Expert Comment

ID: 20354743
Have a look at that.
Just checking the file extension is not enough, have a read of that pdf - it provides examples and reasons why.

LVL 21

Expert Comment

ID: 20355582
I am not sure exactly how your script works, however the below script is a simple extension filtering script which (at the moment) does nothing apart from echoing out the filtered files. Maybe you can implement and make use of it in your script?
Remember you have to change your extensions allwed and the file path accordingly.
Sorry I do not remember who wrote the script originally, but I did modify parts of it to suite my needs.

$image_file_path = 'images/'; // Directory of your Images

$regpattern = '.jpg$|.jpeg$|.png$|.tif$|.gif$'; // Extensions allowed

$d = dir($image_file_path) or die("Wrong path: $image_file_path");

while (false !== ($entry = $d->read())) 


	if($entry != '.' && $entry != '..' && !is_dir($dir.$entry) && ereg($regpattern,$entry))


		$Images[] = $entry;







	echo "<div><img src=\"" . $image_file_path . $Images[$i] . "\"/></div>"; // Outputs all the images into the webpage betwee DIV tags.




Open in new window

LVL 10

Accepted Solution

wildzero earned 500 total points
ID: 20356782
Should be noted like my first comment, simply filtering by extension isn't the best way.
View the pdf (which explains why).


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now