Page 1 of 1

Simple upload problem.

Posted: Fri Aug 12, 2005 6:28 am
by Cooleo
nm

Posted: Fri Aug 12, 2005 6:35 am
by feyd
  1. $file isn't set, nor is $file_name.
  2. move_uploaded_file() instead of copy()
  3. the code explicitly avoids storing .php and .html files, although the regex is a tiny bit questionable.

Posted: Fri Aug 12, 2005 6:49 am
by Cooleo
those changes still allow people to upload html and php files

:roll:

is there another way to stop php + html files being uploaded, perhaps renaming them to a file without an extension

thanks alot for your help

Posted: Fri Aug 12, 2005 6:55 am
by feyd
you can analyze the file's contents. That's the only way to be sure if it's a PHP or HTML file.