File Extensions

Barrucadu · Sep 3, 2005

Heres my code, its supposed to filter out disallowed file extensions:

PHP:

<?php
$ext = strrchr($_FILES['uploadedfile']['name'], '.');
if($ext == ".gz"){
   $ext = ".tar.gz";
}
if((!$ext==".gif")&&(!$ext==".zip")&&(!$ext==".jpg")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".jpeg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".wmv")&&(!$ext==".avi")&&(!$ext==".mpg")&&(!$ext==".mov")&&(!$ext==".asf")&&(!$ext==".asx")&&(!$ext==".swf")&&(!$ext==".3g2")&&(!$ext==".mp4")&&(!$ext==".mp3")&&(!$ext==".wav")&&(!$ext==".mid")&&(!$ext==".tar.gz")&&(!$ext==".arc")&&(!$ext==".arg")&&(!$ext==".czip")&&($ext==".doc")&&(!$ext==".xls")&&(!$ext==".mdb")&&(!$ext==".ppt")&&(!$ext==".txt")&&(!$ext==".rtf")) {
  //ive taken out this code because its not causing the problem
  //this is the disallowed extension code
}else{
  //ive taken out this code because its not causing the problem
  //this is the allowed extension code
}
?>

but I tested it and it dosnt stop any extensions at all, could someone fix it please?

user-7256 · Sep 3, 2005

Change all the && to ||

aaronfalloon · Sep 3, 2005

Yea, && means 'and' and || means 'not'.

Eric · Sep 3, 2005

Yea, do as compuXP has stated, which will make your code:

PHP:

<?php 
$ext = strrchr($_FILES['uploadedfile']['name'], '.'); 
if($ext == ".gz"){ 
   $ext = ".tar.gz"; 
} 
if((!$ext==".gif") || (!$ext==".zip") || (!$ext==".jpg") || (!$ext==".jpx") || (!$ext==".jpe") || (!$ext==".jpeg") || (!$ext==".png") || (!$ext==".bmp") || (!$ext==".wmv") || (!$ext==".avi") || (!$ext==".mpg") || (!$ext==".mov") || (!$ext==".asf") || (!$ext==".asx") || (!$ext==".swf") || (!$ext==".3g2") || (!$ext==".mp4") || (!$ext==".mp3") || (!$ext==".wav") || (!$ext==".mid") || (!$ext==".tar.gz") || (!$ext==".arc") || (!$ext==".arg") || (!$ext==".czip") || ($ext==".doc") || (!$ext==".xls") || (!$ext==".mdb") || (!$ext==".ppt") || (!$ext==".txt") || (!$ext==".rtf")) { 
  //ive taken out this code because its not causing the problem 
  //this is the disallowed extension code 
}else{ 
  //ive taken out this code because its not causing the problem 
  //this is the allowed extension code 
} 
?>

user-7256 · Sep 3, 2005

Actually, || is the BITWISE "or" operator.

aaronfalloon · Sep 3, 2005

Whoops sorry.

Barrucadu · Sep 3, 2005

right, you've all confused me now, is it && or || or could someone recode that using an array for me?

Eric · Sep 3, 2005

Yes, the || . As far as an array possibly:

PHP:

<?php

$dis_allowed = array();
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';

foreach($dis_allowed as $denied) {
    $dis_allowed = "Disallowed extensions here";
    if($dis_allowed == $denied){
         //ive taken out this code because its not causing the problem
        //this is the disallowed extension code
    } else {
      //Code here for the allowed extensions
    }
        exit();
}

?>

Outer · Sep 3, 2005

Heres the code I use...

it reverses the string to get the PROPER extension (if a file has more than one period in it, then your way wouldn't work)

PHP:

<?php
require('db_connect.php');

// This function reverses the string, finds the file extension, then reverses it back
function find_file_ext($file)
{
   $revfile = strrev($file);
   $ext = strtolower( strrev(substr($revfile,0,strpos($revfile,"."))) );

   return $ext;
}

$allowed_ext = array('gif', 'jpg', 'jpeg', 'png');

$extension = find_file_ext($file);

if (!in_array($extension, $allowed_ext))
{
    // This extension is not allowed!!!
}
else
{
    // Success! It's an allowed file extension!!!!!
}

?>

Barrucadu · Sep 4, 2005

Outer said:

Heres the code I use...

it reverses the string to get the PROPER extension (if a file has more than one period in it, then your way wouldn't work)

PHP:

<?php
require('db_connect.php');

// This function reverses the string, finds the file extension, then reverses it back
function find_file_ext($file)
{
   $revfile = strrev($file);
   $ext = strtolower( strrev(substr($revfile,0,strpos($revfile,"."))) );

   return $ext;
}

$allowed_ext = array('gif', 'jpg', 'jpeg', 'png');

$extension = find_file_ext($file);

if (!in_array($extension, $allowed_ext))
{
    // This extension is not allowed!!!
}
else
{
    // Success! It's an allowed file extension!!!!!
}

?>

whats db_connect.php?

Eric · Sep 4, 2005

Mikor said:
whats db_connect.php?

A file he/she using to connect to the sql db..

Icespadez · Sep 4, 2005

compuXP said:
Actually, || is the BITWISE "or" operator.

| is the bitwise operator. || is the logical or operator.

http://www.php.net/manual/en/language.operators.php

Outer · Sep 4, 2005

yes, i forgot to remove that bit when I was editing the file to put in here, sry ^^

the db_connect.php is not needed

File Extensions

Established Member

VIP Member

Established Member

VIP Member

VIP Member

Established Member

Established Member

VIP Member

Established Member

Established Member

VIP Member

Established Member

Established Member

Similar threads

We're social

barleysyrup.com

wqk.xyz

AMMW.Com

ShutterCrypto.com

tahitiverse.com

slate.fi

ZLSU.com

HumanoidClone.com

missoulahomeCare.com

Dissect.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling