class.upload.php
class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
I first want to say this class is great! I'm love it ;-), I'm not sure if I'm using it correctly or not because I was able to upload files that were not images.
I took a php file and renamed with jpg extention just a s any stupid hacker would do then I added in the
$handle->allowed = array('image/jpeg', 'image/gif', 'image/png'); $handle->mime_check = TRUE; #security $handle->mime_magic_check = TRUE;I've tried all combinations with and without each other listed above and it made no difference.I think it's because the class is looking at what the mime type the browser thinks it is rather than reading the mime type from the php temp directory.
What I did is used getimagesize on the file while it's in the temp directory....i.e. before copy to public html area and detected it using the mime type if all is ok then I proceeded with the rest of the class opperations of copying file from temp.
I'm wondering if I'm using it wrong or I'm reporting a possible bug? I'll gladly give you the code I used.