Restrict allowed file upload types PHP

Posted by clang1234 on Stack Overflow See other posts from Stack Overflow or by clang1234
Published on 2010-06-10T22:52:52Z Indexed on 2010/06/10 23:03 UTC
Read the original article Hit count: 222

Filed under:

php

|

validation

|

fileupload

Right now I have a function which takes my uploaded file, checks the extension, and if it matches an array of valid extensions it's processed. It's a contact list importer.

What I need to figure out is how to be sure that file (in this case a .csv) is actually what it says it is (ex. not an excel file that just got renamed as a .csv).

Our servers run PHP 5.2.13

Here's the current validation function I have

public static function validateExtension($file_name,$ext_array) {
    $extension = strtolower(strrchr($file_name,"."));
    $valid_extension="FALSE";

    if (!$file_name) {
        return false;
    } else {
        if (!$ext_array) {
            return true;
        } else {
            foreach ($ext_array as $value) {
                $first_char = substr($value,0,1);

                if ($first_char <> ".") {
                    $extensions[] = ".".strtolower($value);
                } 
                else {
                    $extensions[] = strtolower($value);
                }
            }

            foreach ($extensions as $value) {
                if ($value == $extension) {
                    $valid_extension = "TRUE";
                }
            }

            if ($valid_extension==="TRUE") {
                return true;
            } else {
                return false;
            }
        }
    }

}

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about validation

How can I use Windows Workflow for validation of a Silverlight application?

as seen on Programmers - Search for 'Programmers'
I want to use Windows Workflow to provide a validation service. The validation that will be provided may have multiple tiers with chaining and redirecting to other stages of validation. The application that will generate the data for validation is a Silverlight app. I imagine the validation will… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
Introducing Data Annotations Extensions

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Validation of user input is integral to building a modern web application, and ASP.NET MVC offers us a way to enforce business rules on both the client and server using Model Validation. The recent release of ASP.NET MVC 3 has improved these offerings on the client side by introducing an unobtrusive… >>> More
jQuery validation per multiple fieldsets, how to use different event to trigger validation per secti

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All! I have a really, really long form (about 300 fields) that I broke down into different sections using this slick jQuery plugin Form Wizard. If you group your form into different fieldsets, the FormWizard will automagically display one section at a time, with a Next hyperlink to take you to… >>> More