class.upload.php
class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
class.upload.php is a powerful and mature PHP class to manage uploaded files, and manipulate images in many ways. The script is available under a GPL license.
I first want to say this class is great! I'm love it ;-), I'm not sure if I'm using it correctly or not because I was able to upload files that were not images.
I took a php file and renamed with jpg extention just a s any stupid hacker would do then I added in the
$handle->allowed = array('image/jpeg', 'image/gif', 'image/png'); $handle->mime_check = TRUE; #security $handle->mime_magic_check = TRUE;I've tried all combinations with and without each other listed above and it made no difference.I think it's because the class is looking at what the mime type the browser thinks it is rather than reading the mime type from the php temp directory.
What I did is used getimagesize on the file while it's in the temp directory....i.e. before copy to public html area and detected it using the mime type if all is ok then I proceeded with the rest of the class opperations of copying file from temp.
I'm wondering if I'm using it wrong or I'm reporting a possible bug? I'll gladly give you the code I used.
2. On this topic:
Note that the php file that I changed to jpg could not execute as is of course....so to all who are wondering it's still a safe class!!!
3. However, I believe, if I'm using the class correctly?, then there should be TWO checks for the mime type to validate the file before it get's moved to the public directory.
A) The current initial check which seems to be received from the browser and then a second check when the file reaches the phptemp directory....
4. Oh one other minor thing
When I tell it to overwrite the file it doesn't it keeps appending with _NN
Anyway...Love this class !!!
2. The image will be executable depending on the server configuration. Generally, the picture will not be executed through PHP, and will be served as an image.
3. I will check all of that, and post the results here.
4. You also need to deactivate file_auto_rename, as following:
I don't have enough time just right now to check the issue you describe, but I will so so ASAP, and let you know.
In the meantime, feel free to paste your code here.
;-)
Could you paste here the logs of the class you get after processing the file? You can just echo $handle->log
Basically I had two calls in my function to do Process
2X of the following
One was further down in my code so what was happening is when I would upload a real image it actually was uploading it twice and applying all the setups to one but not the other in the second Process...
The class is solid!!! no worries, I even tried a few other things.
Sorry it was my mistake... ;-) happens when working late...LOL
It is good anyway, since it tests the class even more. All feedback is useful.