Restrict allowed file upload types PHP

Posted by clang1234 on Stack Overflow See other posts from Stack Overflow or by clang1234
Published on 2010-06-10T22:52:52Z Indexed on 2010/06/10 23:03 UTC
Read the original article Hit count: 216

Filed under:
|
|

Right now I have a function which takes my uploaded file, checks the extension, and if it matches an array of valid extensions it's processed. It's a contact list importer.

What I need to figure out is how to be sure that file (in this case a .csv) is actually what it says it is (ex. not an excel file that just got renamed as a .csv).

Our servers run PHP 5.2.13

Here's the current validation function I have

public static function validateExtension($file_name,$ext_array) {
    $extension = strtolower(strrchr($file_name,"."));
    $valid_extension="FALSE";

    if (!$file_name) {
        return false;
    } else {
        if (!$ext_array) {
            return true;
        } else {
            foreach ($ext_array as $value) {
                $first_char = substr($value,0,1);

                if ($first_char <> ".") {
                    $extensions[] = ".".strtolower($value);
                } 
                else {
                    $extensions[] = strtolower($value);
                }
            }

            foreach ($extensions as $value) {
                if ($value == $extension) {
                    $valid_extension = "TRUE";
                }
            }

            if ($valid_extension==="TRUE") {
                return true;
            } else {
                return false;
            }
        }
    }

}

© Stack Overflow or respective owner

Related posts about php

Related posts about validation