All geek questions in one place

Will it allow only certain extensions?

I found this snippet that says it will only allow certain types of files. Will this work and someone can get around it to upload any type of file that they want? And someone can explain part of the substrate, I do not understand how this works.

<?php
function CheckExt($filename, $ext) {
    $name = strtolower($filename);
    if(substr($name, strlen($name) -3, 3) == $ext)
        return true;
    else
        return false;
}
?>
+3
source share
4 answers

Best way to check extensions

function checkExt($filename, $ext)
{
  $fnExt = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
  if(!is_array($ext)) {
    $ext = (array)$ext;
  }
  $ext = array_map('strtolower', $ext);
  return in_array($fnExt, $ext);
}

Then you can call it like

var_dump(checkExt('test.temp', 'tmp')); // false
var_dump(checkExt('test.temp', array('tmp', 'temp'))); // true

Avoid using substr as extension length is unknown (you can also use substr and strrpos, but php provides you this function)

+7
source

, . , .exe, .jpg, - .exe, . , , .

substr() call:

substr($name, strlen($name) -3, 3)

:

substr($name, -3)

PHP " last 3 $name".

: , 3 . 2, 4, 5, 10. , , .

+5

Mimetypes, -

 $mimesGeneral = array(
        'txt'=>'text/plain',
        'doc'=>'application/msword',
        'pdf'=>'application/pdf',
        'xls'=>'application/x-excel',
        'xls'=>'application/excel',
        'xls'=>'application/vnd.ms-excel',
        'rtf'=>'application/rtf',
        'zip'=>'application/zip'

        );
$success = false;
foreach($allowedMimes as $key=>$value){

            if($_FILES['uploaded_file']['type'] == $value){

                return true;
            }
        }

, , "php", "pl", "exe" .....

+1
source

People can still download whatever they want; they just have to provide the file with a specific extension.

For substrsee the manual .

0
source

Source: https://habr.com/ru/post/1750597/

More articles:


All Articles