File upload (file.php): Check last .xxx as file ext

  • Resolved kod0b101010

    (@kod0b101010)


    4 years, 4 months ago

    Servus,

    when using file upload, there is a check (inside file.php, lines 1.108 ff) for an allowed file type (= file extension):
    – it checks (stripos) for the *first* occurance of any limited file type
    That is, by chance, a file containing the file extension in the file name itself, will be rejected.

    Example:
    – let $limit_type be “pdf”
    – check of file “dummy.pdfPattern.one.pdf” will be rejected (because stripos finds pos=5 (.pdfPattern…) instead of real extension “.pdf”

    Solution proposal:
    – use strripos instead of stripos, which will find the last position of extension
    – or use any a other check, e.g.
    – strlen(substr($file[‘name’]) > strlen($limit_type)
    – and substr($file[‘name’], -1 * strlen($limit_type))

    Gru? from Bavaria,
    Daniel

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘File upload (file.php): Check last .xxx as file ext’ is closed to new replies.