0
votes

Im trying to optimize my photo-uploader, so that it'll allow all file-extensions, including uppercase .JPG/.JPEG or .PNG

I've been trying to put strtolower() on the $extension variable, with no luck. And many other solutions, nothing helps. Here's where i filter extension names:

Just installed the exif and mbstrings .dll .. Now i got this error:

"exif_imagetype() filename cannot be empty"

   // FILE EXTENSION FILTER     
   $allowed_types = array(IMAGETYPE_GIF,IMAGETYPE_JPEG,IMAGETYPE_PNG);
   if(in_array(exif_imagetype($_FILES["uploaded_file"]["tmp_name"]), $allowed_types)){
   
         // SUCCSESFUL

Any help is much apreaciated! ive been trying to make this work for hours now :D

2
$extension = strtolower(end($temp)); should do the trick. Are you sure you did this ? - Justin Iurman
A better way to find the extension is to use pathinfo(): pathinfo($_FILES['uploaded_file']['name'], PATHINFO_EXTENSION). - George Brighton
@ Justin, yes in any thinkable way. Trust me :) @ George, thank you i will try in a moment! - user3103188
Rather than checking the file extension or mime type which can be anything for a legitimate or not allowed file, you should check the file itself. See stackoverflow.com/questions/16802079/… - Musa
@ Musa, thank you, this could be my solution. Check my edit ^^ can you help me with this error? The main advantage by doing it this way, is that my code gets shorter, AND security, no nasty scripts will pass through this badboy! :D - user3103188

2 Answers

1
votes

Use the strtolower() function for lowercase extension before check;

     // FILE EXTENSION FILTER       
     $allowedExts = array("gif", "jpeg", "jpg", "png");
     $temp = explode('.',$_FILES['uploaded_file']['name']);       
     $extension = end($temp);

                if ((($_FILES["uploaded_file"]["type"] == "image/gif")
                || ($_FILES["uploaded_file"]["type"] == "image/jpeg")
                || ($_FILES["uploaded_file"]["type"] == "image/jpg")
                || ($_FILES["uploaded_file"]["type"] == "image/pjpeg")
                || ($_FILES["uploaded_file"]["type"] == "image/x-png")
                || ($_FILES["uploaded_file"]["type"] == "image/png"))
                && ($_FILES["uploaded_file"]["size"] < 10485760)
                && in_array(strtolower($extension), $allowedExts))
                {
                    // SUCCSESFUL
0
votes

I have done something very similar on a website I made. Here was my solution.

$file_name = $_FILES['file']['name'];
if ($_FILES['file']['size']>$maxsize) $status = "Error: Picture size too large. Max file     size is $maxsize bytes.<br>";

if (($_FILES['file']['type']!="image/gif") && ($_FILES['file']['type']!="image/pjpeg") && ($_FILES['file']['type']!="image/jpeg") && ($_FILES['file']    ['type']!="image/png")){
$status .= "Error: Wrong file type. Must be JPG or GIF or PNG only.<br>";
}



$picextorg = substr($file_name,-3);
$picext = strtolower($picextorg);

if ((!isset($status)) && ($picext!="gif")&& ($picext!="jpg") && ($picext!="png"))    $status .= "Error: The Wrong file type. Must be JPG or GIF or PNG only.<br> ";

I don't think it would be very hard to implement this with your code. Let me know how it goes!