Or1g1naL Posted April 16, 2010 Share Posted April 16, 2010 $ext = basename(strtolower($_FILES['ufile']['type'][0]; // "jpg" if($ext == "x-png" or $ext == "pjpeg" or $ext == "gif"){ $image_path = $image_directory.$_FILES['ufile']['name'][0]; copy($_FILES['ufile']['tmp_name'][0], $image1_path); } Is this a bad idea for public use? Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 16, 2010 Share Posted April 16, 2010 Yes. It is redundant in security. Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 Yes. It is redundant in security. What do you mean? Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 16, 2010 Share Posted April 16, 2010 obviously, u need to check whether the image uploaded is a image or not but not with the extension. u need to check the mime type.. try getimagesize Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 $type = explode("/".$_FILES['ufile']['type'][0]); if($typep[0] == "image"){ $image_path = $image_directory.$_FILES['ufile']['name'][0]; copy($_FILES['ufile']['tmp_name'][0], $image1_path); } Then is this secure? Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 16, 2010 Share Posted April 16, 2010 I did check with the type. What are you talking about? did u read the post entire?? u can get the image type which is being uploaded..by scanning through the uploaded file.. Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 ym_chaitu - I now understand what you're talking about. Does this look better? if($type = "image"){ $image_path = $image_directory.$_FILES['ufile']['name'][0]; copy($_FILES['ufile']['tmp_name'][0], $image1_path); } It would be secure enough right? Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 16, 2010 Share Posted April 16, 2010 u have to the mime type and then use the upload. read the manual completely Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 what manual? Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 16, 2010 Share Posted April 16, 2010 Or1g1naL, you need to pay closer attention to posts. Click on the link ym_chaitu posted a few posts back. Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 16, 2010 Share Posted April 16, 2010 http://php.net/manual/en/function.getimagesize.php http://in2.php.net/manual/en/function.mime-content-type.php these links dude.. Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 I thought mime_content_type() had been deprecated. I'm just if you think this method of uploading images is secure for public use. Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 16, 2010 Share Posted April 16, 2010 I thought mime_content_type() had been deprecated. I'm just if you think this method of uploading images is secure for public use. Deprecation defines a succeeder. http://php.net/manual/en/ref.fileinfo.php Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 16, 2010 Share Posted April 16, 2010 mime_content_type is depricated so try using the getimagesize.. this will help you as far as i know..while giving for a public use Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 16, 2010 Share Posted April 16, 2010 I thought mime_content_type() had been deprecated. I'm just if you think this method of uploading images is secure for public use. You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated. Quote Link to comment Share on other sites More sharing options...
Or1g1naL Posted April 16, 2010 Author Share Posted April 16, 2010 You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated. I already knew it was deprecated. Everybody knows that. jeez I'm just asking if uploading an image using a form is secure in your opinion. I don't want it to upload if it isn't an image file. Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 16, 2010 Share Posted April 16, 2010 You thought? It's good that you read the page, but you should also read the part where it links you to the function(s) that are NOT deprecated. I already knew it was deprecated. Everybody knows that. jeez I'm just asking if uploading an image using a form is secure in your opinion. I don't want it to upload if it isn't an image file. Stop asking the same question, You already have multiple valid answers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.