Solved

Pear (HTTP_Upload) - Exceptable File Types

Posted on 2007-11-26
3
432 Views
Last Modified: 2008-02-01
How can I have this Pear (HTTP_Upload) library only allow image files (ex. jpegs, gifs, bitmap, ect.)?  Please use the snippet to demonstrate.  Thanks in advance for your help.
<?php

require 'HTTP/Upload.php';

//$lang = "en";

$upload = new HTTP_Upload("en");

$files = $upload->getFiles();

$_SESSION['path'] = "../uploads/";

foreach($files as $file){

    if (PEAR::isError($file)) {

        echo $file->getMessage();

    }

    if ($file->isValid()) {

        $file->setName("uniq");

        $dest_name = $file->moveTo("../uploads/");

        if (PEAR::isError($dest_name)) {

            echo $dest_name->getMessage();

        }

        $real = $file->getProp("real");

        $name = $file->getProp("name");

    } elseif ($file->isMissing()) {

        //echo "No file was provided.";

    } elseif ($file->isError()) {

        echo $file->errorMsg();

    }

    if (!empty($real)) {

          $_SESSION['fid'][] = insert_files($name, $real);

          $_SESSION['name'][] = $name;

          $_SESSION['real'][] = $real;

        echo "<br />";

        print_r($_SESSION);

    }

}

?>

Open in new window

0
Comment
Question by:taynet29
  • 2
3 Comments
 
LVL 10

Expert Comment

by:wildzero
ID: 20354743
http://www.scanit.be/uploads/php-file-upload.pdf
Have a look at that.
Just checking the file extension is not enough, have a read of that pdf - it provides examples and reasons why.

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20355582
I am not sure exactly how your script works, however the below script is a simple extension filtering script which (at the moment) does nothing apart from echoing out the filtered files. Maybe you can implement and make use of it in your script?
Remember you have to change your extensions allwed and the file path accordingly.
Sorry I do not remember who wrote the script originally, but I did modify parts of it to suite my needs.
<?php

$image_file_path = 'images/'; // Directory of your Images

$regpattern = '.jpg$|.jpeg$|.png$|.tif$|.gif$'; // Extensions allowed

$d = dir($image_file_path) or die("Wrong path: $image_file_path");
 

while (false !== ($entry = $d->read())) 

{

	if($entry != '.' && $entry != '..' && !is_dir($dir.$entry) && ereg($regpattern,$entry))

	{

		$Images[] = $entry;

	}

}

$d->close();

$i=0;
 

while($i<count($Images))

{

	echo "<div><img src=\"" . $image_file_path . $Images[$i] . "\"/></div>"; // Outputs all the images into the webpage betwee DIV tags.

	$i++;

}
 

?>

Open in new window

0
 
LVL 10

Accepted Solution

by:
wildzero earned 500 total points
ID: 20356782
Should be noted like my first comment, simply filtering by extension isn't the best way.
View the pdf (which explains why).

0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now