Jump to content

Recommended Posts

One of the scripts I'm currently working on I want to let users upload as many file types as possible without causing a security threat. For this reason I'm going to take the approach of making a whitelist rather than a blacklist and list as many as I can using the following code:

 

$ext = strrchr($_FILES['uploaded_image']['name'], "."); 
        if ($ext != ".gif" AND $ext != ".jpg" AND $ext != ".jpeg" AND $ext != ".bmp" AND $ext != ".GIF" AND $ext != ".JPG" AND $ext != ".JPEG" AND $ext != ".png" AND $ext != ".ppt" AND $ext != ".xls" AND $ext != ".txt" AND $ext != "etc. etc.") { 
            $error = "your file was an unacceptable type.<br />"; 

 

Obviously I'm not going to allow any .php, .js, .html, .exe or other such files but my question is, is there any commonly used files that could pose a security threat? For example allowing .xls files, most users would use that fine however by adding a certain code in the file when it's accessed it would cause some kind of problem (I know that it dosn't, not that I know of anyway, just trying to give an example of what I mean).

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/
Share on other sites

yes xls files can pose a threat, because you can program VB express, but these files need to be executed to be harmful. Are you trying to protect you or your users? Because if you are trying to protect your server, it will be ok from files like xls, or something like that.

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/#findComment-589682
Share on other sites

Mainly I'm trying to protect myself, for the most part the only person who will have access to the file is the person who uploaded it so I assume it will be safe to allow .xls files then?

 

But yeah I just want people to post any other files like that, that may not be safe to allow apart from the obvious such as .php, .asp, .exe etc.

Link to comment
https://forums.phpfreaks.com/topic/114670-dangerous-files/#findComment-589688
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.