FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Serious file uploading Problem (Probably a Bug)





imagefree
Recently i made an image uploading system and now a days i am trying to make it safe and reliable. I have noticed one thing:

If you , instead of selecting an image , just type few random words like jahflkajshf and click upload, the $_FILES array will contain comething similar to the following if you use Opera browser:

Code:
Array
(
    [image] => Array
        (
            [name] => default.htm
            [type] => text/html
            [tmp_name] => C:\xampp\tmp\php14B.tmp
            [error] => 0
            [size] => 1246
        )

)


i tried it on Ffox too. Firefox's upload box doesnt let you easily type anything inside, so i selected an image for upload and then in the filesystem renamed the image so that no image was left available for uploading. In this case $_FILES contained this data:

Code:
Array
(
    [image] => Array
        (
            [name] => 167.jpg
            [type] => application/octet-stream
            [tmp_name] => C:\xampp\tmp\php228.tmp
            [error] => 0
            [size] => 0
        )

)


when i did the same in opera browser (i mean renamed the file before uploading), opera submitted the file name, mime, and $_FILES contained:

Code:

Array
(
    [image] => Array
        (
            [name] => Nature Wallpaper 133.jpg
            [type] => image/jpeg
            [tmp_name] => C:\xampp\tmp\php237.tmp
            [error] => 0
            [size] => 0
        )

)


See that uploaded file types are totally different.

Internet Explorer 'Cant Find Server' , so i cant tell its behaviour. Very Happy Very Happy Very Happy
Other browsers like sfari, etc etc etc may be having completely different behaviour.

Taking the above two example, it is not easy to tell whether the file uploaded was what i allow (if i allow html files to be uploaded, opera shows that file name is default.htm so i cant tell whether the file uploaded is correct or generated because of error. Also the default.htm is not accessible. I tried to trace it in my temp directory, but it was not there.)

Comments/Suggestions.
rvec
try using this:
http://nl.php.net/manual/en/function.is-uploaded-file.php
Related topics
New design of the home page
Cant Download File on my HOST
form to email service: 20 FRIH$
Yet another Heart problem...
Slight username problem.
Internet Explorer Bug
File hosting for third parties
File upload problem :'(
Any good file uploading or sharing site?
FTP problem...
mkportal and the phpbb templates
problem with public_html folder
uploading problem
PHP vs ASP
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.