[TYPO3] PHP help ! does this code look like it would check a file extensions, and disallow php files or exe files to be attached

Rens Admiraal typo3 at ambitiondesign.nl
Thu Jun 14 14:54:02 CEST 2007 

Hi Dave,

How does this cover executables named file.crap?

Maybe it's better to read the filetype of a file. In this case you  
could use something like the following:

<?php
	$disallowed = array(	'application/exe' ,
						'application/x-msdos-program',
						'application/x-dosexec',
						'application/x-exe'
	);

	if (in_array(filetype(t3lib_div::_POST('filename'), $disallowed) {
		echo "mime type doesn't work";
	} else {
		// Rest of the code
	}
?>

The mime type array is not complete I think, but in my opinion this  
is a better indication if the filetype is allowed or not.

Hope this helps you out a bit ;-)

Greetz

Op 14-jun-2007, om 14:42 heeft dave typo het volgende geschreven:

> I'm trying to  write php that disallows the posting of specific files,
> namely php files and exe files
>
> if someone could look over this snippet and tell me if it works or  
> not that
> would be appreciated.
>
> <?php
>
>
> $filelinks=t3lib_div::_POST('file_name'); // the posting of the  
> file name
>
> $exttypes = "php3,php,exe";                                     //  
> list of
> extensions that shouldnt be used
> $fileextension = substr($filelinks,0,strpos($filelinks,"."));     // 
> get the
> extension after the .
> if ($fileextension == $exttypes['php']['php3']['exe']) {         // 
> if the
> file extension equals php, php3, or exe
>     echo "mime type doesn't  
> work";                                 //if the
> extension is php, php3, exe, than echo doesn't work
>     }
>     if ($fileextension != $extypes['php']['php3']['exe']) {     // 
> if the
> file extension doesn't equal php, php3, or exe than
>                                                                 //  
> store the
> file
>         $filelinks = $this->storeFile();
>         }
>
> ?>
>
>
> I'm not a programmer, and I'm very new at php so im sure there are  
> errors
> and stupid logic in my code.
>
> It would be greatly appreciated if anyone here could critique and  
> rip apart
> my code.
>
> thank you,
>
> -dave
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list