Restrict allowed file upload types PHP
Posted
by clang1234
on Stack Overflow
See other posts from Stack Overflow
or by clang1234
Published on 2010-06-10T22:52:52Z
Indexed on
2010/06/10
23:03 UTC
Read the original article
Hit count: 216
Right now I have a function which takes my uploaded file, checks the extension, and if it matches an array of valid extensions it's processed. It's a contact list importer.
What I need to figure out is how to be sure that file (in this case a .csv) is actually what it says it is (ex. not an excel file that just got renamed as a .csv).
Our servers run PHP 5.2.13
Here's the current validation function I have
public static function validateExtension($file_name,$ext_array) {
$extension = strtolower(strrchr($file_name,"."));
$valid_extension="FALSE";
if (!$file_name) {
return false;
} else {
if (!$ext_array) {
return true;
} else {
foreach ($ext_array as $value) {
$first_char = substr($value,0,1);
if ($first_char <> ".") {
$extensions[] = ".".strtolower($value);
}
else {
$extensions[] = strtolower($value);
}
}
foreach ($extensions as $value) {
if ($value == $extension) {
$valid_extension = "TRUE";
}
}
if ($valid_extension==="TRUE") {
return true;
} else {
return false;
}
}
}
}
© Stack Overflow or respective owner