Uploading a non-image file and sending image type mime
Moderator: General Moderators
Uploading a non-image file and sending image type mime
According to the PHP Manual :
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
So how do I get to change that ?
I want upload a php file and have to browser send a mime type of image/jpeg. Is that possible ?
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
So how do I get to change that ?
I want upload a php file and have to browser send a mime type of image/jpeg. Is that possible ?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Assuming I have no access to the server.
I upload an image which is allowed. It is obviously checked on the server side for $_FILE['userfile']['type'] to see if its and image type.
I want to upload a php file (.php) and send the mime as image so that it gets accepted on the server.
Is this possible ?
The last option is change the source of FF and send it like this but Im looking for a direct method.
I upload an image which is allowed. It is obviously checked on the server side for $_FILE['userfile']['type'] to see if its and image type.
I want to upload a php file (.php) and send the mime as image so that it gets accepted on the server.
Is this possible ?
The last option is change the source of FF and send it like this but Im looking for a direct method.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Im using Win XP but Apache 2.x - I think Apache handles this stuff and not the OS ?
Tried to upload a test.php but doesnt get accepted - the code checks like this :
Renamed test.php to test.jpg and test.php.jpg and gets accpeted but the image doesnt show. Instead the entire php code is the source (when right-clicked in FF) and gives the error :
The image “http://localhost/xxx/test.php.jpg” cannot be displayed, because it contains errors.
I want to upload an image which gets accepted that contains this :
Tried to upload a test.php but doesnt get accepted - the code checks like this :
Code: Select all
if (substr($_FILES['userfile']['type'][$i],0,5)!="image") {return 1;}The image “http://localhost/xxx/test.php.jpg” cannot be displayed, because it contains errors.
I want to upload an image which gets accepted that contains this :
Code: Select all
<?php
header("Content-type: image/jpeg");
$Image = @imagecreatetruecolor(100,50);
// Create my dynamic image
@imagejpeg($Image);
?>The browser got fooled and thought it was an image file, but on the server side, your file's actual header is not.anjanesh wrote:Im using Win XP but Apache 2.x - I think Apache handles this stuff and not the OS ?
Tried to upload a test.php but doesnt get accepted - the code checks like this :Renamed test.php to test.jpg and test.php.jpg and gets accpeted but the image doesnt show. Instead the entire php code is the source (when right-clicked in FF) and gives the error :Code: Select all
if (substr($_FILES['userfile']['type'][$i],0,5)!="image") {return 1;}
The image “http://localhost/xxx/test.php.jpg” cannot be displayed, because it contains errors.
I want to upload an image which gets accepted that contains this :Code: Select all
<?php header("Content-type: image/jpeg"); $Image = @imagecreatetruecolor(100,50); // Create my dynamic image @imagejpeg($Image); ?>
If you can somehow make your php work right after being uploaded, I guest youcould read the server's security info
.. not sure if this link helps:
viewtopic.php?t=33208
Actually this is not because of the browser - its because Apache didn't get that file parsed - it doesnt parse .php.jpg or .jpg files containing php code - it sends the entire contents directly.hongco wrote:The browser got fooled and thought it was an image file, but on the server side, your file's actual header is not.
that's because to the server the ext .jpg is an image and .php is a php file, providing there server understands .php ext.
I'll ask agian why do you want to fool the server in this way?
if you had access to the server you get .jpg to be interpreted as php but that would ruin the .jpg's that are actually images.
I'll ask agian why do you want to fool the server in this way?
if you had access to the server you get .jpg to be interpreted as php but that would ruin the .jpg's that are actually images.