File Upload for video only

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
legsmacgee
Forum Newbie
Posts: 1
Joined: Sun Oct 26, 2008 10:46 am

File Upload for video only

Post by legsmacgee »

Hello,

I just set up the script for uploading files to my server. This can be dangerous territory, though, and I want to make sure that only video files are uploaded. I know how to restrict files to image files only (ie jpg, gif, etc) but I do not know how to restrict files to video files only (ie .mov, .avi, etc).

Can someone give me a quick code sample showing me how to do this? Thanks!

Legs
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: File Upload for video only

Post by jaoudestudios »

The same way you restrict the file type for images do it the same for the video extensions.

There is no difference.
Hannes2k
Forum Contributor
Posts: 102
Joined: Fri Oct 24, 2008 12:22 pm

Re: File Upload for video only

Post by Hannes2k »

Hi,
@jaoudestudios: Restricting the file upload just for extensions isn't sufficient. See this post for an example.

The movies, they are for downloading only or are they for streaming also? If the user just should downloading it, move the files into a protected folder (.htaccess 'deny from all') and uses a php script for providing the download (header + readfile or fopen).

An other way is to check the header of the file. But each format has another header, so this is not an easy job to implement.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: File Upload for video only

Post by jaoudestudios »

Sorry I did not explain myself well, I did not mean just check the extension (i.e *.txt) as it can be easily faked but check the mime-type of the file.

After reading the other article I understand what you mean. I will ask some colleagues at work today and get back to you.
Post Reply