POST method upload secure?

[Or1g1naL]

$ext = basename(strtolower($_FILES['ufile']['type'][0]; // "jpg"
if($ext == "x-png" or $ext == "pjpeg" or $ext == "gif"){
  $image_path = $image_directory.$_FILES['ufile']['name'][0];
  copy($_FILES['ufile']['tmp_name'][0], $image1_path);
}

 

Is this a bad idea for public use?

[oni-kun]

Yes. It is redundant in security.

[Or1g1naL]

Yes. It is redundant in security.

 

What do you mean?

[Deoctor]

obviously,

u need to check whether the image uploaded is a image or not but not with the extension. u need to check the mime type..

 

try getimagesize

[Or1g1naL]

 

$type = explode("/".$_FILES['ufile']['type'][0]);
if($typep[0] == "image"){
  $image_path = $image_directory.$_FILES['ufile']['name'][0];
  copy($_FILES['ufile']['tmp_name'][0], $image1_path);
}

 

Then is this secure?

 

[Deoctor]

I did check with the type.  What are you talking about?

 

did u read the post entire??

u can get the image type which is being uploaded..by scanning through the uploaded file..

[Or1g1naL]

ym_chaitu - I now understand what you're talking about.  Does this look better?

if($type = "image"){
  $image_path = $image_directory.$_FILES['ufile']['name'][0];
  copy($_FILES['ufile']['tmp_name'][0], $image1_path);
}

 

It would be secure enough right?

[Deoctor]

u have to the mime type and then use the upload.

read the manual completely

[Or1g1naL]

what manual?

[Ken2k7]

Or1g1naL, you need to pay closer attention to posts. Click on the link ym_chaitu posted a few posts back.

[Deoctor]

http://php.net/manual/en/function.getimagesize.php

 

http://in2.php.net/manual/en/function.mime-content-type.php

 

these links dude..

 

[Or1g1naL]

I thought mime_content_type() had been deprecated.

 

I'm just if you think this method of uploading images is secure for public use.

 

[oni-kun]

I thought mime_content_type() had been deprecated.

 

I'm just if you think this method of uploading images is secure for public use.

 

Deprecation defines a succeeder. http://php.net/manual/en/ref.fileinfo.php

[Deoctor]

mime_content_type is depricated so try using the getimagesize..

this will help you as far as i know..while giving for a public use

[Ken2k7]

I thought mime_content_type() had been deprecated.

 

I'm just if you think this method of uploading images is secure for public use.

 

You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated.

[Or1g1naL]

You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated.

I already knew it was deprecated.  Everybody knows that.  jeez

 

I'm just asking if uploading an image using a form is secure in your opinion.

I don't want it to upload if it isn't an image file.

[oni-kun]

You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated.

I already knew it was deprecated.  Everybody knows that.  jeez

 

I'm just asking if uploading an image using a form is secure in your opinion.

I don't want it to upload if it isn't an image file.

 

Stop asking the same question, You already have multiple valid answers.