Problems with uploading files

phoenixk33

Writing a file upload script - it uploads .txt and .php files fine, but not .doc or .xls. I suspect this means it has something to do with binary/ASCII?

What happens with .doc files is that they show up in the directory listing, with correct size, but when I click on them I get a 403.

Here's the code (largely borrowed ):

<?
if (!($submit))
{
?>
<form name="MyForm" enctype="multipart/form-data" method="post" action="upload.php">
<input type="file" name="userfile">
<input type="submit" name="submit" value="Submit!">
</form>
<?
}

else
{
$uploaddir = '../files/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
@chmod ($userfile, 0777);

}
?>

thanks!

sid

when starting the else branch, check the mime type of the file (its in the $_FILES array - i just cant think of the element name right now). its safer than just checking file endings.

b3rt

Hi!

I did not try your script but I noticed :

@chmod ($userfile, 0777);
should be
@chmod ($uploadfile, 0777);

Rest of the code looks seams like it should work ...