PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Cooleo
Forum Newbie
Posts: 2 Joined: Fri Aug 12, 2005 6:21 am
Post
by Cooleo » Fri Aug 12, 2005 6:28 am
nm
Last edited by
Cooleo on Wed Dec 28, 2005 6:23 am, edited 1 time in total.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 12, 2005 6:35 am
$file isn't set, nor is $file_name.
move_uploaded_file() instead of copy()
the code explicitly avoids storing .php and .html files, although the regex is a tiny bit questionable.
Cooleo
Forum Newbie
Posts: 2 Joined: Fri Aug 12, 2005 6:21 am
Post
by Cooleo » Fri Aug 12, 2005 6:49 am
those changes still allow people to upload html and php files
is there another way to stop php + html files being uploaded, perhaps renaming them to a file without an extension
thanks alot for your help
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 12, 2005 6:55 am
you can analyze the file's contents. That's the only way to be sure if it's a PHP or HTML file.