Unstoppable Domains โ€” Get your daily AI drops report

File Extensions

Namecheap AuctionsNamecheap Auctions
SpaceshipSpaceship
Spacemail by SpaceshipSpacemail by Spaceship
Watch

Barrucadu

Established Member
Impact
64
Heres my code, its supposed to filter out disallowed file extensions:

PHP:
<?php
$ext = strrchr($_FILES['uploadedfile']['name'], '.');
if($ext == ".gz"){
   $ext = ".tar.gz";
}
if((!$ext==".gif")&&(!$ext==".zip")&&(!$ext==".jpg")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".jpeg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".wmv")&&(!$ext==".avi")&&(!$ext==".mpg")&&(!$ext==".mov")&&(!$ext==".asf")&&(!$ext==".asx")&&(!$ext==".swf")&&(!$ext==".3g2")&&(!$ext==".mp4")&&(!$ext==".mp3")&&(!$ext==".wav")&&(!$ext==".mid")&&(!$ext==".tar.gz")&&(!$ext==".arc")&&(!$ext==".arg")&&(!$ext==".czip")&&($ext==".doc")&&(!$ext==".xls")&&(!$ext==".mdb")&&(!$ext==".ppt")&&(!$ext==".txt")&&(!$ext==".rtf")) {
  //ive taken out this code because its not causing the problem
  //this is the disallowed extension code
}else{
  //ive taken out this code because its not causing the problem
  //this is the allowed extension code
}
?>

but I tested it and it dosnt stop any extensions at all, could someone fix it please?
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
GoDaddyGoDaddy
Change all the && to ||
 
0
•••
Yea, && means 'and' and || means 'not'.
 
0
•••
Yea, do as compuXP has stated, which will make your code:

PHP:
<?php 
$ext = strrchr($_FILES['uploadedfile']['name'], '.'); 
if($ext == ".gz"){ 
   $ext = ".tar.gz"; 
} 
if((!$ext==".gif") || (!$ext==".zip") || (!$ext==".jpg") || (!$ext==".jpx") || (!$ext==".jpe") || (!$ext==".jpeg") || (!$ext==".png") || (!$ext==".bmp") || (!$ext==".wmv") || (!$ext==".avi") || (!$ext==".mpg") || (!$ext==".mov") || (!$ext==".asf") || (!$ext==".asx") || (!$ext==".swf") || (!$ext==".3g2") || (!$ext==".mp4") || (!$ext==".mp3") || (!$ext==".wav") || (!$ext==".mid") || (!$ext==".tar.gz") || (!$ext==".arc") || (!$ext==".arg") || (!$ext==".czip") || ($ext==".doc") || (!$ext==".xls") || (!$ext==".mdb") || (!$ext==".ppt") || (!$ext==".txt") || (!$ext==".rtf")) { 
  //ive taken out this code because its not causing the problem 
  //this is the disallowed extension code 
}else{ 
  //ive taken out this code because its not causing the problem 
  //this is the allowed extension code 
} 
?>
 
0
•••
Actually, || is the BITWISE "or" operator.
 
0
•••
Whoops sorry.
 
0
•••
right, you've all confused me now, is it && or || or could someone recode that using an array for me?
 
0
•••
Yes, the || . As far as an array possibly:

PHP:
<?php

$dis_allowed = array();
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';
$dis_allowed[] = 'some ext';

foreach($dis_allowed as $denied) {
    $dis_allowed = "Disallowed extensions here";
    if($dis_allowed == $denied){
         //ive taken out this code because its not causing the problem
        //this is the disallowed extension code
    } else {
      //Code here for the allowed extensions
    }
        exit();
}

?>
 
0
•••
Heres the code I use...

it reverses the string to get the PROPER extension (if a file has more than one period in it, then your way wouldn't work)

PHP:
<?php
require('db_connect.php');

// This function reverses the string, finds the file extension, then reverses it back
function find_file_ext($file)
{
   $revfile = strrev($file);
   $ext = strtolower( strrev(substr($revfile,0,strpos($revfile,"."))) );

   return $ext;
}

$allowed_ext = array('gif', 'jpg', 'jpeg', 'png');

$extension = find_file_ext($file);

if (!in_array($extension, $allowed_ext))
{
    // This extension is not allowed!!!
}
else
{
    // Success! It's an allowed file extension!!!!!
}

?>
 
0
•••
Outer said:
Heres the code I use...

it reverses the string to get the PROPER extension (if a file has more than one period in it, then your way wouldn't work)

PHP:
<?php
require('db_connect.php');

// This function reverses the string, finds the file extension, then reverses it back
function find_file_ext($file)
{
   $revfile = strrev($file);
   $ext = strtolower( strrev(substr($revfile,0,strpos($revfile,"."))) );

   return $ext;
}

$allowed_ext = array('gif', 'jpg', 'jpeg', 'png');

$extension = find_file_ext($file);

if (!in_array($extension, $allowed_ext))
{
    // This extension is not allowed!!!
}
else
{
    // Success! It's an allowed file extension!!!!!
}

?>



whats db_connect.php?
 
0
•••
Mikor said:
whats db_connect.php?
A file he/she using to connect to the sql db..
 
0
•••
0
•••
yes, i forgot to remove that bit when I was editing the file to put in here, sry ^^

the db_connect.php is not needed ;)
 
0
•••
Appraise.net
Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the pageโ€™s height.
Back