Hello! Through the post-form in the admin users upload images and flash drives to the site. Tell me, please, how can you reliably limit the choice of files only to images and flash in order to protect against viruses.

2 answers 2

Create an array of valid types and compare with the type of file being loaded: $ _FILES ['userfile'] ['type']

  • What prevents me from changing the type and quietly filling the executable file? - lampa
  • And what prevents me from changing the file extension and calmly upload it? - Deonis
  • And what will happen next? I will rename php to jpg. What's next? Will it be fulfilled? - lampa
  • I'll make it come true. But I'm not going to conduct hacking courses. Just give you a hint, so as not to be unfounded. For example, if I connected somewhere include_once ('some_file.jpg') ;, in which? well, let's say <script> alert (); </ script>, then the script will execute. What if ... - Deonis
  • @Deonis thanks, I neighing. If it were, that would be another story. I would then have fired from tank to house. Waiting for your wonderful courses. - lampa

About the flash I will not say, about the picture you can solve "in the forehead" - getimagesize :

 $s = getimagesize($path); if (!$s or empty($s[0])) echo 'fail'; // данные получить не удалось или ширина == 0

If libswf is connected to the hosting, you can use some functions from it.

  • but after all for getimagesize the file should already be on the server - masha2
  • @Mariya so put a limit on the file size :-) Filled the file, checked. If not the image - then deleted. - lampa
  • Yes, with the help of pkhp file can be checked only AFTER uploading to the server. in order to check BEFORE — look for either a Flash loader or libraries for javascript. - thunder