Image type upload

Fritz

I am checking for literal file name extensions... but what worries me is that (at least on mac) you can take any file type and tack on .jpg EVEN if it is NOT actually a jpg image file.

This seems like a security problem.

is there a way to check for what a file REALLY is?

acey

very good question i must say 🙂

just like program.exe.jpg

Fritz

Originally posted by Fritz
I am checking for literal file name extensions... but what worries me is that (at least on mac) you can take any file type and tack on .jpg EVEN if it is NOT actually a jpg image file.

This seems like a security problem.

is there a way to check for what a file REALLY is?

some one on another board suggested that I test on mime types instead... and

Ironically THAT is where I started and ... but for some bizzare reason...

this...

<?php

//Check File Type
if ($_FILES['photo']['type']=="image/gif" or 
$_FILES['photo']['type']=="image/jpeg" or 
$_FILES['photo']['type']=="image/jpg")

?>

returns FALSE when anyone on a PC tries to upload a .jpg file...

only .gifs seem to work (yet on mac... it does allow both jpgs and gifs but nothing else.)

any clues as to why the above returns false on pcs trying to upload jpg files?

maybe I sould pose this as a separate question.

scoppc

You got to fix your IF statement to make it work.
But I suggest a better way.

$allowedType=array('image/gif','image/jpeg'); //you can add more
$ftype=$_FILES['file']['type'];
if (!in_array($ftype,$allowedType)){
    //display error here
}else{
    //continue with the rest of the scripts
}

HTH

cockney

or try type = 'image/pjpeg' ...