[TYPO3] PHP help ! does this code look like it would check a file extensions, and disallow php files or exe files to be attached
dave typo
typothree at gmail.com
Thu Jun 14 15:32:28 CEST 2007
could you give me an example of the code, ries? I assume something like
<?php
$allowed = array( 'file/pdf' ,
'file/doc',
'file/xls',
'file/ppt'
);
if (in_array(filetype(t3lib_div::_POST('filename'), $allowed) {
$filelinks = $this->storeFile();
} else {
echo "this is not an allowed file";
}
?>
is the file/ppt file/doc correct syntax?
-dave
On 6/14/07, ries van Twisk <typo3 at rvt.dds.nl> wrote:
>
> I would do it the other way around,
>
> allow only the files you can allow and want to have,
> and deny the rest. That is more defensive .
>
> Ries
>
> On Jun 14, 2007, at 7:54 AM, Rens Admiraal wrote:
>
> > Hi Dave,
> >
> > How does this cover executables named file.crap?
> >
> > Maybe it's better to read the filetype of a file. In this case you
> > could use something like the following:
> >
> > <?php
> > $disallowed = array( 'application/exe' ,
> >
> 'application/x-msdos-program',
> > 'application/x-dosexec',
> > 'application/x-exe'
> > );
> >
> > if (in_array(filetype(t3lib_div::_POST('filename'), $disallowed) {
> > echo "mime type doesn't work";
> > } else {
> > // Rest of the code
> > }
> > ?>
> >
> > The mime type array is not complete I think, but in my opinion this
> > is a better indication if the filetype is allowed or not.
> >
> > Hope this helps you out a bit ;-)
> >
> > Greetz
> >
> > Op 14-jun-2007, om 14:42 heeft dave typo het volgende geschreven:
> >
> >> I'm trying to write php that disallows the posting of specific
> >> files,
> >> namely php files and exe files
> >>
> >> if someone could look over this snippet and tell me if it works or
> >> not that
> >> would be appreciated.
> >>
> >> <?php
> >>
> >>
> >> $filelinks=t3lib_div::_POST('file_name'); // the posting of the
> >> file name
> >>
> >> $exttypes = "php3,php,exe"; //
> >> list of
> >> extensions that shouldnt be used
> >> $fileextension = substr($filelinks,0,strpos($filelinks,".")); //
> >> get the
> >> extension after the .
> >> if ($fileextension == $exttypes['php']['php3']['exe']) { //
> >> if the
> >> file extension equals php, php3, or exe
> >> echo "mime type doesn't
> >> work"; //if the
> >> extension is php, php3, exe, than echo doesn't work
> >> }
> >> if ($fileextension != $extypes['php']['php3']['exe']) { //
> >> if the
> >> file extension doesn't equal php, php3, or exe than
> >> //
> >> store the
> >> file
> >> $filelinks = $this->storeFile();
> >> }
> >>
> >> ?>
> >>
> >>
> >> I'm not a programmer, and I'm very new at php so im sure there are
> >> errors
> >> and stupid logic in my code.
> >>
> >> It would be greatly appreciated if anyone here could critique and
> >> rip apart
> >> my code.
> >>
> >> thank you,
> >>
> >> -dave
> >> _______________________________________________
> >> TYPO3-english mailing list
> >> TYPO3-english at lists.netfielders.de
> >> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
> >
> > _______________________________________________
> > TYPO3-english mailing list
> > TYPO3-english at lists.netfielders.de
> > http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
More information about the TYPO3-english
mailing list