Jump to content

[UPLOAD] dll


SiteSniffer
 Share

Recommended Posts

Is there a way to check if an attempt to upload a file with a dll extention by using $_FILES["file"]["type"] == ?I'm trying to let my script to allow only dll files.PS: script is working fine with images $_FILES["file"]["type"] == "image/png", only need to check for dll.

Edited by SiteSniffer
Link to comment
Share on other sites

You can do pathinfo() for the extension out of $_FILES['file']['name']. Of course, doing so doesn't guarantee that the DLL file is going to REALLY be a DLL (it might as well be an HTML page renamed to ".dll"), but at least you'll have that check at hand.

Link to comment
Share on other sites

i guess one can check that it was in fact a valid DLL by checking with PHP for the various commonalities between DLL files only - and displaying an error if not a valid DLL. Not specifically sure how, but it is with this approach that i would get to work in this situation :)

Link to comment
Share on other sites

You can do pathinfo() for the extension out of $_FILES['file']['name']. Of course, doing so doesn't guarantee that the DLL file is going to REALLY be a DLL (it might as well be an HTML page renamed to ".dll"), but at least you'll have that check at hand.
I did the pathinfo() on the cached file and gave a tmp as an extention. Can I get the real name of the cached file and store in in a $?
Link to comment
Share on other sites

I said do it on $_FILES['file']['name']... the filename as submitted by the user... Doing it on the temporary file is obviously always going to say ".tmp".

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...