[TYPO3] PHP help ! does this code look like it would check a file extensions, and disallow php files or exe files to be attached
Rens Admiraal
typo3 at ambitiondesign.nl
Thu Jun 14 15:40:47 CEST 2007
Hi Dave,
The code below is correct... If you want the right mime types you can
search google...
examples:
png: image/png
jpg: image/jpg & image/jpeg
gif: image/gif
Op 14-jun-2007, om 15:32 heeft dave typo het volgende geschreven:
> could you give me an example of the code, ries? I assume something
> like
>
>
> <?php
> $allowed = array( 'file/pdf' ,
> 'file/doc',
> 'file/xls',
> 'file/ppt'
> );
>
> if (in_array(filetype(t3lib_div::_POST('filename'), $allowed) {
>
> $filelinks = $this->storeFile();
> } else {
> echo "this is not an allowed file";
> }
>
> ?>
> is the file/ppt file/doc correct syntax?
>
> -dave
>
> On 6/14/07, ries van Twisk <typo3 at rvt.dds.nl> wrote:
>>
>> I would do it the other way around,
>>
>> allow only the files you can allow and want to have,
>> and deny the rest. That is more defensive .
>>
>> Ries
>>
>> On Jun 14, 2007, at 7:54 AM, Rens Admiraal wrote:
>>
>>> Hi Dave,
>>>
>>> How does this cover executables named file.crap?
>>>
>>> Maybe it's better to read the filetype of a file. In this case you
>>> could use something like the following:
>>>
>>> <?php
>>> $disallowed = array( 'application/exe' ,
>>>
>> 'application/x-msdos-program',
>>> 'application/x-
>>> dosexec',
>>> 'application/x-exe'
>>> );
>>>
>>> if (in_array(filetype(t3lib_div::_POST('filename'),
>>> $disallowed) {
>>> echo "mime type doesn't work";
>>> } else {
>>> // Rest of the code
>>> }
>>> ?>
>>>
>>> The mime type array is not complete I think, but in my opinion this
>>> is a better indication if the filetype is allowed or not.
>>>
>>> Hope this helps you out a bit ;-)
>>>
>>> Greetz
>>>
>>> Op 14-jun-2007, om 14:42 heeft dave typo het volgende geschreven:
>>>
>>>> I'm trying to write php that disallows the posting of specific
>>>> files,
>>>> namely php files and exe files
>>>>
>>>> if someone could look over this snippet and tell me if it works or
>>>> not that
>>>> would be appreciated.
>>>>
>>>> <?php
>>>>
>>>>
>>>> $filelinks=t3lib_div::_POST('file_name'); // the posting of the
>>>> file name
>>>>
>>>> $exttypes = "php3,php,exe"; //
>>>> list of
>>>> extensions that shouldnt be used
>>>> $fileextension = substr($filelinks,0,strpos
>>>> ($filelinks,".")); //
>>>> get the
>>>> extension after the .
>>>> if ($fileextension == $exttypes['php']['php3']['exe']) { //
>>>> if the
>>>> file extension equals php, php3, or exe
>>>> echo "mime type doesn't
>>>> work"; //if the
>>>> extension is php, php3, exe, than echo doesn't work
>>>> }
>>>> if ($fileextension != $extypes['php']['php3']['exe']) { //
>>>> if the
>>>> file extension doesn't equal php, php3, or exe than
>>>> //
>>>> store the
>>>> file
>>>> $filelinks = $this->storeFile();
>>>> }
>>>>
>>>> ?>
>>>>
>>>>
>>>> I'm not a programmer, and I'm very new at php so im sure there are
>>>> errors
>>>> and stupid logic in my code.
>>>>
>>>> It would be greatly appreciated if anyone here could critique and
>>>> rip apart
>>>> my code.
>>>>
>>>> thank you,
>>>>
>>>> -dave
>>>> _______________________________________________
>>>> TYPO3-english mailing list
>>>> TYPO3-english at lists.netfielders.de
>>>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>>
>>> _______________________________________________
>>> TYPO3-english mailing list
>>> TYPO3-english at lists.netfielders.de
>>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>
>> _______________________________________________
>> TYPO3-english mailing list
>> TYPO3-english at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list