Re: FN-FORUM: file size /type best practice

date posted 29th January 2007 12:58

I wanted all of this but didnt have a clue as to how to do but there is a
way as I found a phph form 2 email script at http://form2email.net/ that
does all that you are asking, its quite good I thought!

If the file is the wrong type or wrong size then they are told and have the
option to go back and correct the error.
Hope this helps

Martin
atdc

----- Original Message -----
From: "Tony Crockford" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Monday, January 29, 2007 1:29 PM
Subject: Re: FN-FORUM: file size /type best practice


>
> [EMAIL REMOVED] wrote:
>> parsing the filename for the correct extension is a good idea as a
>> basic check, but you really need to make sure that whats being
>> uploaded really is an image and not a script with a image file
>> extension. Mime-type checks are one way but they can be spoofed.
>> I'd use something like exif_imagetype() which is a bit better at
>> making sure an image is indeed an image.
>
> any suggestions for how to check a PDF is in fact a PDF other than using
> $_FILES['file']['type']
>
> especially as some extensions (can't find which one it was/is) for Firefox
> turn the PDF mime type into 'application/x-force-download'
>
> Which I could add to my acceptable type array, but what else gets that
> type? anyone know?
>
> TIA
>
> --
> Freelancers, contractors earn more with Prosperity4
> Call 0870 870 4414 or visit www.prosperity4.com
> and benefit from Inland Revenue approved expenses today.
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>