Solved

Pear (HTTP_Upload) - Exceptable File Types

Posted on 2007-11-26
3
436 Views
Last Modified: 2008-02-01
How can I have this Pear (HTTP_Upload) library only allow image files (ex. jpegs, gifs, bitmap, ect.)?  Please use the snippet to demonstrate.  Thanks in advance for your help.
<?php
require 'HTTP/Upload.php';
//$lang = "en";
$upload = new HTTP_Upload("en");
$files = $upload->getFiles();
$_SESSION['path'] = "../uploads/";
foreach($files as $file){
    if (PEAR::isError($file)) {
        echo $file->getMessage();
    }
    if ($file->isValid()) {
        $file->setName("uniq");
        $dest_name = $file->moveTo("../uploads/");
        if (PEAR::isError($dest_name)) {
            echo $dest_name->getMessage();
        }
        $real = $file->getProp("real");
        $name = $file->getProp("name");
    } elseif ($file->isMissing()) {
        //echo "No file was provided.";
    } elseif ($file->isError()) {
        echo $file->errorMsg();
    }
    if (!empty($real)) {
          $_SESSION['fid'][] = insert_files($name, $real);
          $_SESSION['name'][] = $name;
          $_SESSION['real'][] = $real;
        echo "<br />";
        print_r($_SESSION);
    }
}
?>

Open in new window

0
Comment
Question by:taynet29
  • 2
3 Comments
 
LVL 10

Expert Comment

by:wildzero
ID: 20354743
http://www.scanit.be/uploads/php-file-upload.pdf
Have a look at that.
Just checking the file extension is not enough, have a read of that pdf - it provides examples and reasons why.

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20355582
I am not sure exactly how your script works, however the below script is a simple extension filtering script which (at the moment) does nothing apart from echoing out the filtered files. Maybe you can implement and make use of it in your script?
Remember you have to change your extensions allwed and the file path accordingly.
Sorry I do not remember who wrote the script originally, but I did modify parts of it to suite my needs.
<?php
$image_file_path = 'images/'; // Directory of your Images
$regpattern = '.jpg$|.jpeg$|.png$|.tif$|.gif$'; // Extensions allowed
$d = dir($image_file_path) or die("Wrong path: $image_file_path");
 
while (false !== ($entry = $d->read())) 
{
	if($entry != '.' && $entry != '..' && !is_dir($dir.$entry) && ereg($regpattern,$entry))
	{
		$Images[] = $entry;
	}
}
$d->close();
$i=0;
 
while($i<count($Images))
{
	echo "<div><img src=\"" . $image_file_path . $Images[$i] . "\"/></div>"; // Outputs all the images into the webpage betwee DIV tags.
	$i++;
}
 
?>

Open in new window

0
 
LVL 10

Accepted Solution

by:
wildzero earned 500 total points
ID: 20356782
Should be noted like my first comment, simply filtering by extension isn't the best way.
View the pdf (which explains why).

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question