Restricting file upload types

rpupkin77

I have written a number of applications in which the user can upload a file, however, I sometimes have issues when I restrict the upload to certain file types. I am fairly certain that the code I am writing does not correctly specify the file type.

For example my code for restricting uploads to jpegs works, but my code for pdfs does not.

Is there any link which gives a comprehensive list of the mime type restrictions syntax for file uploads?

LordShryku

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mime+types&btnG=Google+Search

mcrbids

You can easily rename a file (such as a .exe) to a .jpg, and the mime type identifier passed by the browser will be wrong.

Instead, trust a Unix shell tool called "file".

$allowed=array(
'PHP script text',
'ASCII text',
'JPEG image data');

$fname=escapeshellarg($_FILE[varname][tmp_name]);
$type=file $fname;
foreach($allowed as $allow)
if (stristr($type, $allow)!==false)
{
// It's an acceptable type - move on!
}

the "file" shell command will accept whatever type of file and completely disregards the name of the file, mime-type, or anything else. This provides a much greater degree of trustability.