Comments on: Implementing Secure File Upload in PHP http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/ Daily Blog from Internet Entrepreneur/Webmaster Wed, 16 May 2012 07:15:05 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Toby http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-26141 Toby Wed, 25 Apr 2012 10:12:48 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-26141 Checking for a file extension is not secure - it could be renamed. Checking a header / content type is also not secure - a malicious script could also contain a jpg header and appear / behave like an image. Checking for a file extension is not secure – it could be renamed.

Checking a header / content type is also not secure – a malicious script could also contain a jpg header and appear / behave like an image.

]]> By: apexsol http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-25668 apexsol Wed, 14 Mar 2012 07:39:07 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-25668 [code] ?php if($_FILES['userfile']['type'] != "image/gif") { echo "Sorry, we only allow uploading GIF images"; exit; } $uploaddir = 'uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.n"; } else { echo "File uploading failed.n"; } ?> [/code] ?php if($_FILES['userfile']['type'] != "image/gif") { echo "Sorry, we only allow uploading GIF images"; exit; } $uploaddir = 'uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.n"; } else { echo "File uploading failed.n"; } ?> ]]> By: pbu http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23935 pbu Sat, 18 Feb 2012 07:16:38 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23935 It can put extra load on your server, if you too much use image processing library or if too many clients upload images at same time. It can put extra load on your server, if you too much use image processing library or if too many clients upload images at same time.

]]> By: gal http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23927 gal Sat, 18 Feb 2012 00:57:34 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23927 i actually handled it a bit differently. images are uploaded for specific causes, like user profile image, so i don't need to allow a complete directory file management. * the file is uploaded to the temp directory. * i'm checking the mime type of the file. * i'm not copying the file to the destination folder. instead, i use the gd2 library to create a similar looking image using imagecopyresampled. any thoughts? i actually handled it a bit differently.
images are uploaded for specific causes, like user profile image, so i don’t need to allow a complete directory file management.

* the file is uploaded to the temp directory.
* i’m checking the mime type of the file.
* i’m not copying the file to the destination folder. instead, i use the gd2 library to create a similar looking image using imagecopyresampled.

any thoughts?

]]> By: softboxkid http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23068 softboxkid Thu, 08 Dec 2011 09:07:46 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-23068 Great article. I'm going for the 2nd method. Thanks Great article. I’m going for the 2nd method.
Thanks

]]> By: Fap Turbo Discount http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-10265 Fap Turbo Discount Wed, 06 Oct 2010 15:44:37 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-10265 thanks for the great help for the beginner! Such a nice site for me… Thanks for the great info! You give more knowledge about the path I will going through. Hope to see this site successful in the near future. thanks for the great help for the beginner! Such a nice site for me… Thanks for the great info! You give more knowledge about the path I will going through. Hope to see this site successful in the near future.

]]> By: deW http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-10172 deW Wed, 22 Sep 2010 01:30:11 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-10172 Thx, it was very helpful. Thx, it was very helpful.

]]> By: lester lhory http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-8235 lester lhory Wed, 18 Aug 2010 07:40:59 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-8235 great article! Thanks for the suggestion! great article! Thanks for the suggestion!

]]> By: CUZIT http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-7779 CUZIT Wed, 28 Jul 2010 13:16:10 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-7779 Very Nice Articles Very Nice Articles

]]> By: pbu http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-7653 pbu Fri, 09 Jul 2010 12:57:33 +0000 http://corpocrat.com/2007/11/28/implementing-secure-file-upload-in-php/#comment-7653 Dont allow users to upload photos in GIF photos as it may contain harmful code. Allow only JPG and PNG Dont allow users to upload photos in GIF photos as it may contain harmful code. Allow only JPG and PNG

]]>