class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
Are you using a Flash uploader? Flash rewrites all MIME types to application/octet-stream, so the class can only rely on the file extension.
I see that none of the MIME detection method are enabled on your server, and you are using a Windows server. So your system cannot determine the MIME type reliably. You should set up your server so that it can detect MIME types, or use a proper operating system for a server (Linux, BSD...)
In any case, the class on your system can only determine the MIME to be application/octet-stream for extensions it doesn't know. exe extensions are not known, so it falls back to application/octet-stream.
You can forbid the MIME application/octet-stream to prevent such files to be uploaded. But then it is really easy to spoof an upload, as in your case the class is forced to rely on the file extension. In other words, whatever you try to do to restrict the MIME types which can be uploaded, you cannot have something secure: just changing the file extension will allow an attacker to upload any file he wants.
My suggestion: use a proper operating system, or at least make sure that MIME detection is enabled on your system. Without this, you will not be able to secure your uploads.Reply
I see that none of the MIME detection method are enabled on your server, and you are using a Windows server. So your system cannot determine the MIME type reliably. You should set up your server so that it can detect MIME types, or use a proper operating system for a server (Linux, BSD...)
In any case, the class on your system can only determine the MIME to be application/octet-stream for extensions it doesn't know. exe extensions are not known, so it falls back to application/octet-stream.
You can forbid the MIME application/octet-stream to prevent such files to be uploaded. But then it is really easy to spoof an upload, as in your case the class is forced to rely on the file extension. In other words, whatever you try to do to restrict the MIME types which can be uploaded, you cannot have something secure: just changing the file extension will allow an attacker to upload any file he wants.
My suggestion: use a proper operating system, or at least make sure that MIME detection is enabled on your system. Without this, you will not be able to secure your uploads.