prevent gif's via upload..

tanita

Hi,

is it possible to prevent upload *.gif?

My upload-file looks like this:

<form action=\"<?=$SCRIPT_NAME; ?>\" method=\"POST\" enctype=\"multipart/form-data\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"1024000\">
<input type=\"file\" name=\"imgfile\" size=\"10\">
<input type=\"submit\" name=\"submit\" value=\"UploadImage\" onClick=\"location.reload()\" class=\"input1\">
<input type=\"hidden\" name=\"OLD_REFERER\" value=\"<? print $OLD_REFERER; ?>\">
<input type=\"hidden\" name=\"url\" value=\"<? print $url; ?>\">
</form>

THX

Tanja

cordex

I have a program that handles my uploads and I had to put my exclusions on the incoming side. What I mean is, when your script copies the file to it's final location, have it check the extension.

-Ben

mithril

A more accurate method is use the HTTP_POST_FILES array created when the file is uploaded to check the file's mime-type. In Tanya's example you'd use:

  if ($HTTP_POST_FILES["imgfile"]["type"] == "image/gif") {

    echo "You can't upload GIF images to this server<br>\n";
  }

I can change the file extension to .jpg and sneak the upload through on a system which just checks the file extension. It's much harder to change the mime-type and more people just won't be bothered.

-geoff