How to check file

See all posts See thread Reply

Re: How to check file new!
by jessica, 10 years, 12 months ago
thx for reply, how can i check the log class ?!Reply
Re: How to check file new!
by colin, 10 years, 12 months ago
Please see the first item in the FAQReply
Re: How to check file new!
by jessica, 10 years, 12 months ago
ok, i repeat this is a real image, i just change the extention
maphoto.jpg by maphoto.exe , when i print_r($_FILE) , it give me
[name] => moi2.exe [type] => application/octet-stream ,
here is the outputt of the class, thx for your help

system information
- class version : 0.32
- operating system : Linux
- PHP version : 5.4.4-14+deb7u5
- GD version : 2.0
- supported image types : png jpg gif bmp

- upload_max_filesize : 6M (6291456 bytes)
- language : fr_FR
source is an uploaded file
- upload OK
- file name OK
determining MIME type
- Checking MIME type with Fileinfo PECL extension
MAGIC path will not be used
MIME type detected as image/png; charset=binary by Fileinfo PECL extension
- MIME validated as image/png
source variables
- You can use all these before calling process()
file_src_name : moi2.exe
file_src_name_body : moi2
file_src_name_ext : exe
file_src_pathname : tmp/phpEmpi0c
file_src_mime : image/png
file_src_size : 177265 (max= 6291456)
file_src_error : 0
- source file is an image
image_src_x : 646
image_src_y : 652
image_src_pixels : 421192
image_src_type : png
image_src_bits : 8
process file to tmp/
- file size OK
- file mime OK : image/png
- new file name body : b36cf80167217ae1f0251717d4815809
- file name safe format
- destination variables
file_dst_path : tmp/
file_dst_name_body : b36cf80167217ae1f0251717d4815809
file_dst_name_ext : exe
- checking for auto_rename
- destination file details
file_dst_name : b36cf80167217ae1f0251717d4815809.exe
file_dst_pathname : tmp/b36cf80167217ae1f0251717d4815809.exe
- b36cf80167217ae1f0251717d4815809.exe doesn't exist already
- image resizing or conversion wanted
- source image is PNG
- setting destination file type to png
- crop image : 120 130 120 130
- add border : 3 3 3 3
- converting...
- saving image...
PNG image created
image objects destroyed
- process OKReply
Re: How to check file new!
by colin, 10 years, 12 months ago
Then it is all fine, no?

The MIME type as sent by the browser is irrelevant, and cannot be trusted.

Here, your file is an image (even tough you changed the file extension), and the class recognizes it as an image, and therefore can process it.

Isn't what you want?Reply
Re: How to check file new!
by jessica, 10 years, 12 months ago
i understand but i would like to directly print an error if extention are not jpg jpg png ,i believe its more clear because
its more décourageant si an hacker try some bad extention.
If he see successfull with an exe , i will continue to try ..
don't you think ?!Reply
Re: How to check file new!
by colin, 10 years, 12 months ago
Strictly speaking, the file is an image, even if the extension is exe

That said, if you want to prevent exe files, you can check on file_src_name_ext before calling process()Reply