If you have GD extension build in your PHP use it to find the type(if you are limited ot jpeg/gif/png files). I want to say again that the using of $ImageFile* is a possible security hole.
Regards, Andrey Hristov ----- Original Message ----- From: "Ryan Stephens" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 28, 2001 10:39 AM Subject: Re: [PHP] Image Uploads beeing corupted > the funny thing is this.... > > the information is beeing inserted into the database... the file is beeing > uploaded (as i can see it in the directory). I can get results from > $ImageFile > $ImageFile_name > $ImageFile_size > > but i cant get a result for $ImageFile_type.... this comes up blank.... > there is obviously some connection, but just not sure what. > > Ryan > > > "Andrey Hristov" <[EMAIL PROTECTED]> wrote in message > 0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY... > > The problem is in that you do global only for $ImageFile, but not for > $ImageFile_name. > > Big flaw is that if someone make a form > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" > > ENCTYPE="multipart/form-data" > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000"> > > > > <Input Type="text" Name="ImageFile__name" value="../../../../etc/passwd"> > > <Input Type="Submit" Name="Submit"> > > </FORM> > > > > may be can make a big shot. Depends on under which user Apache is running. > > The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will > be new name > > for it => $_FILES .This array will be global, so there is no need to write > > global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST > is > > merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini). > > > > Regards, > > Andrey Hristov > > IcyGEN Corporation > > http://www.icygen.com > > BALANCED SOLUTIONS > > > > > > ----- Original Message ----- > > From: "Ryan Stephens" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, November 28, 2001 10:12 AM > > Subject: [PHP] Image Uploads beeing corupted > > > > > > > Hey guys, > > > > > > I got my uploads to work thanks to some peoples help here in this > > > newsgroup.... but now im having a problem with the files beeing > corrupted > > > upon upload..... not sure why.... any help would be greatly apreciated. > > > > > > I have included my code again if it helps any. > > > > > > <----------------------------------------> > > > function UploadImage(){ > > > global $HTTP_POST_FILES; > > > global $ImageFile; > > > reset($HTTP_POST_FILES); > > > $pic_file = $HTTP_POST_FILES['ImageFile']; > > > copy ($pic_file['tmp_name'], "../images/$ImageFile_name"); > > > } > > > > > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" > > > ENCTYPE="multipart/form-data" > > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000"> > > > > > > <Input Type="File" Name="ImageFile"> > > > <Input Type="Submit" Name="Submit"> > > > </FORM> > > > <----------------------------------------> > > > > > > I've found that just doing this seems to do the same > > > > > > function UploadImage(){ > > > global $ImageFile; > > > copy ($ImageFile, "../images/$ImageFile_name"); > > > } > > > > > > > > > Thanks > > > Ryan Stephens > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
