NYCPHP Meetup

NYPHP.org

[nycphp-talk] (no subject)

CED Consult at CovenantEDesign.com
Sat Sep 16 19:48:56 EDT 2006 

Your best bet is to alter your PHP.ini for specific files to only allow them
to be uploaded, and or to change that ini setting on the page that is
performing the upload and then default it back.

HTH,

Edward JS Prevost II
Me at EdwardPrevost.info
www.EdwardPrevost.info


----- Original Message ----- 
From: <jface at mercenarylabs.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Saturday, September 16, 2006 6:08 PM
Subject: [nycphp-talk] (no subject)



My jscript is a bit rusty, but at the very least you could have your form
submit button fire off a javascript function before submitting the form, via
an onSubmit event:

[CODE]
function checkExtension(){
     var input = document.formName.fileUploadName.value;
     if (input.indexOf(".jpg") == -1){ // file isn't a jpg
          alert("This isn't a jpg!");
     }
     else{
         document.formName.submit();
     }
}
[/CODE]

Obviously people could still upload fake files by adding a fake extension,
so I think ultimately you'd want php to do real filetype checking after
submission, just to be safe.

I didn't test that script out, so it may require tweaking to work. Hope it
helps.

Jonathan Face
www.mercenarylabs.com

On Sat, 16 Sep 2006 08:52:54 -0400, David Krings <ramons at gmx.net> wrote:
> Hi,
>
> this one is not squarely on topic with PHP, but I will use it with a PHP
> script, so hopefully this counts. I like to get some more control over
> file
> uploads. I am currently working on a small project for managing picture
> and
> videos for display on the web (yes, I know there are bazillions out there,
>
> but mine is better ;) ). One adds a picture by uploading the file to
> server. I want to filter the upload by file extension on the client side.
> The HTML input "file" is implemented quite crappy and leaves the interface
>
> at the mercy of the browser. Is there any way to get some more smarts into
>
> the browse box for file uploads? There isn't much merit in having someone
> upload a huge file that is clearly not an image just to throw it away. I
> tried some of the JavaScripts that I could find on the web, but I have no
> clue what they are doing and from my empirical evidence they don't do a
> thing, at least not with FiFo.
>
> Any advice is greatly appreciated.
>
> David
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the talk mailing list