Jump to content

Dangerous Files


Jeigh

Recommended Posts

One of the scripts I'm currently working on I want to let users upload as many file types as possible without causing a security threat. For this reason I'm going to take the approach of making a whitelist rather than a blacklist and list as many as I can using the following code:

 

$ext = strrchr($_FILES['uploaded_image']['name'], "."); 
        if ($ext != ".gif" AND $ext != ".jpg" AND $ext != ".jpeg" AND $ext != ".bmp" AND $ext != ".GIF" AND $ext != ".JPG" AND $ext != ".JPEG" AND $ext != ".png" AND $ext != ".ppt" AND $ext != ".xls" AND $ext != ".txt" AND $ext != "etc. etc.") { 
            $error = "your file was an unacceptable type.<br />"; 

 

Obviously I'm not going to allow any .php, .js, .html, .exe or other such files but my question is, is there any commonly used files that could pose a security threat? For example allowing .xls files, most users would use that fine however by adding a certain code in the file when it's accessed it would cause some kind of problem (I know that it dosn't, not that I know of anyway, just trying to give an example of what I mean).

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/
Share on other sites

yes xls files can pose a threat, because you can program VB express, but these files need to be executed to be harmful. Are you trying to protect you or your users? Because if you are trying to protect your server, it will be ok from files like xls, or something like that.

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/#findComment-589682
Share on other sites

Mainly I'm trying to protect myself, for the most part the only person who will have access to the file is the person who uploaded it so I assume it will be safe to allow .xls files then?

 

But yeah I just want people to post any other files like that, that may not be safe to allow apart from the obvious such as .php, .asp, .exe etc.

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/#findComment-589688
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.