Speedysnail6 Posted November 3, 2013 Share Posted November 3, 2013 Hi. I have a file upload script and I want to allow css files to be uploaded as well. Here is my code allowing the certain filetipes allowed to be uploaded. || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")) When I tried doing this code to allow css files through || ($_FILES["file"]["type"] == "text/css")) it didn't work. Should it? If not, what did I do wrong? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 it didn't work. Should it? Yes. text/css is the correct mime type for css files. What is the output of printf('<pre>%s</pre>', print_r($_FILES, 1)); when you upload a css file Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 That's strange. It says Invalid file Array ( [file] => Array ( [name] => bootstrap-theme.css [type] => text/css [tmp_name] => /tmp/php9QKeIm [error] => 0 [size] => 17202 ) ) but my code is || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "text/css") || ($_FILES["file"]["type"] == "image/png")) I don't see what's going wrong Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 Have you only tested this with css files? Does you code work with images being uploaded? If you cant upload any files then post your code here. Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 It works fine with images. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 If it works with images then it should work with css files. You must be doing something wrong. We cant help if you don't post your code. Quote Link to comment Share on other sites More sharing options...
Psycho Posted November 3, 2013 Share Posted November 3, 2013 Slightly off topic. Instead of a bunch of OR statements in your condition, I'd suggest creating an array of allowed types and using in_array() $allowedTypes = array('image/jpeg', 'image/jpg', 'image/pjpeg', 'image/x-png', 'text/css', 'image/png'); if(in_array($_FILES["file"]["type"], $allowedTypes)) { //File is allowed } else { //File is not allowed } Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 3, 2013 Share Posted November 3, 2013 based on the error message, your code is based on the w3schools code and has lumped together all the validation tests into one with one generic error message. what's really really sad about the w3schools code is they 'improved' it to add file extension testing, but the rest of the code that they didn't change is just as bad as it was. when validating user supplied input, an uploaded file in this case, a) you must test if the upload worked without error before you attempt to use any of the uploaded file information, and b) you need to have separate, unique, and verbose messages telling the user what is wrong with the input they supplied (in this case, its probably the file extension) and what if anything they can do to fix the problem. assuming the problem is the file extension, tell the user what value the code used from his upload file (css) and what the permitted values are. Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 If it works with images then it should work with css files. You must be doing something wrong. We cant help if you don't post your code What other code do you need? I thought that that was all that was important Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 based on the error message, your code is based on the w3schools code and has lumped together all the validation tests into one with one generic error message. what's really really sad about the w3schools code is they 'improved' it to add file extension testing, but the rest of the code that they didn't change is just as bad as it was. when validating user supplied input, an uploaded file in this case, a) you must test if the upload worked without error before you attempt to use any of the uploaded file information, and b) you need to have separate, unique, and verbose messages telling the user what is wrong with the input they supplied (in this case, its probably the file extension) and what if anything they can do to fix the problem. assuming the problem is the file extension, tell the user what value the code used from his upload file (css) and what the permitted values are. Should I use a different set of code? Because the code I used worked for everything I needed BUT css... Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 Slightly off topic. Instead of a bunch of OR statements in your condition, I'd suggest creating an array of allowed types and using in_array() $allowedTypes = array('image/jpeg', 'image/jpg', 'image/pjpeg', 'image/x-png', 'text/css', 'image/png'); if(in_array($_FILES["file"]["type"], $allowedTypes)) { //File is allowed } else { //File is not allowed } I'll try that.. Thanks Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 What other code do you need? I thought that that was all that was important The code you have posted is not enough no. However after reading mac_gyver's post I guess you are using the upload code from w3schools. In which case you need to add css to the $allowedExts arrays as well as checking for the file type. $allowedExts = array("gif", "jpeg", "jpg", "png", "css"); // add css to this array ... if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "text/css") || ($_FILES["file"]["type"] == "image/png")) ... Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 The code you have posted is not enough no. However after reading mac_gyver's post I guess you are using the upload code from w3schools. In which case you need to add css to the $allowedExts arrays as well as checking for the file type. $allowedExts = array("gif", "jpeg", "jpg", "png", "css"); // add css to this array ... if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "text/css") || ($_FILES["file"]["type"] == "image/png")) ... Thanks! I decided to use Psycho's code instead and it worked. Thanks so much though. Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 Ah... I se what you mean Ch0cu3r I had $allowedExts = array("gif", "jpeg", "jpg", "png"); but i forgot about css. Thanks Quote Link to comment Share on other sites More sharing options...
Speedysnail6 Posted November 3, 2013 Author Share Posted November 3, 2013 (edited) Is it still safe if I dont use the $allowedExts in the if statement? Edited November 3, 2013 by Speedysnail6 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.