new guy here asking a question that what should be met with simple solutions.
I have tried a bunch of code. It seems I can get the file stream for getimagesize and get other things to work without crashing.
I'm dusting off an old project that needs to limit the files uploaded so that they are only image files and nothing evil.
This code always give me an error message no matter what
$imageinfo = getimagesize($_FILES['bf_file'][$key]['tmp_name']);
if($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg') {
alert ("Sorry, we only accept GIF and JPEG images");
exit;
}
Here is the black list effort
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py"
,".txt", ".doc");
foreach ($blacklist as $file)
{
if(preg_match("/$file\$/i", $_FILES['bf_file'][$key]['tmp_name']))
{
alert "ERROR: Uploading executable files Not Allowed\n";
exit();
}
}
Here is another getimagesize
$size = getimagesize($_FILES[bf_file][$key][tmp_name]);
$fp = fopen($_FILES[bf_file][$key][tmp_name], "rb");
if ($size && $fp) {
header("Content-type: {$size['mime']}");
fpassthru($fp);
continue;
} else
// error
alert("Inappropriate file type");
On each of these I get the error message no matter if a file is uploaded or not.
I just need to place these controls somewhere in my file so that if the uploaded file passes the checks then everything just passes through as the uploader and everything else works like it should but without the benefit of these limiters and checks.
Also, the user should not be required to upload file. There are 3 fields, subject, body and file upload. Only subject and body are required to have data and that works right now.
Any help will be greatly appreciated.
Thanks,
James