chester Posted February 3, 2009 Share Posted February 3, 2009 I test file type to only allow PDFs: if ($_FILES["file"]["type"] == "application/pdf") { move_uploaded_file($_FILES["file"]["tmp_name"],"sources/" . $_POST['fname']); echo "<body onload=\"window.close()\">"; } Users are reporting that occasionally PDFs will be rejected as not being PDFs. The users have sent me the files and they are valid PDFs that open in Adobe. Anyone else experience this before? Any suggestions for a solution? Link to comment https://forums.phpfreaks.com/topic/143556-pdf-file-type-issue/ Share on other sites More sharing options...
ratcateme Posted February 3, 2009 Share Posted February 3, 2009 i haven't tried to upload PDF's before but diffrent browses could be sending different types one one way to avoid it is to do a check like if (strtolower(substr($_FILES["file"]["name"],strlen($_FILES["file"]["name"])-3)) == "pdf") { it will check the file extension Scott. Link to comment https://forums.phpfreaks.com/topic/143556-pdf-file-type-issue/#findComment-753233 Share on other sites More sharing options...
chester Posted February 3, 2009 Author Share Posted February 3, 2009 Anyway this could be abused? Could someone upload a php script with the extension pdf and then execute it? Link to comment https://forums.phpfreaks.com/topic/143556-pdf-file-type-issue/#findComment-753314 Share on other sites More sharing options...
ratcateme Posted February 3, 2009 Share Posted February 3, 2009 no they shouldn't be able to and anyway $_FILES["file"]["type"] is worked out by the users browser using the file extension. they could upload a pdf file with php code in it but should not be able to run it. Scott. Link to comment https://forums.phpfreaks.com/topic/143556-pdf-file-type-issue/#findComment-753322 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.