Inspired by above commentary from dw08gm, I've added some php code to verify acceptable extensions.
At the moment the array of extension is just residing here in the header_php.php file. Could someone tell me where a better place to hold it would be, if the user is modifying it by hand?
Code:
$acceptable_extensions = array(
jpg, jpeg, gif, png, bmp, pdf, il, psd
);
foreach($_FILES as $key => $file) {
$file_ext = basename($_FILES['uploaded_file']['name']);
$ext = substr($file_ext, strrpos($file_ext, '.') + 1);
if ((zen_not_null($_FILES[$key]['tmp_name'])) && (in_array($ext, $acceptable_extensions))
&& $_FILES[$key]['tmp_name'] != 'none') {
if ($_FILES[$key]['size'] <= MAX_FILE_UPLOAD_SIZE) {
if ($upload = new upload($key, DIR_FS_UPLOADS)) {
$att_array[] = array('file' => $upload->destination . $upload->filename, 'name' => $upload->filename);
}
} else {
$Max_Size_Exceeded = $_FILES['uploaded_file']['name']." exceeds maximum file size of ".((MAX_FILE_UPLOAD_SIZE/1024)/1000)."MB. ";
$messageStack->add('image_to_contact', $Max_Size_Exceeded.FILE_SIZE_CHECK_ERROR);
return false;
}//EOF Filesize check
}else{
if ( zen_not_null($_FILES[$key]['tmp_name']) && ($_FILES[$key]['tmp_name'] != 'none') ) {
$Unacceptable_Extension_Submitted = $_FILES['uploaded_file']['name']." contains the unnacceptable extension $ext.
Please submit a version with one of the following extensions: ".implode(", ", $acceptable_extensions);
$messageStack->add('image_to_contact', $Unacceptable_Extension_Submitted.FILE_EXTENSION_SUBMISSION_ERROR);
return false;
}//EOF if acceptable extension
}
}
Thanks a bunch.
Mike
Bookmarks