I am creating a file upload script and I am looking for the best methods and methods for checking uploaded files.
Allowed Extensions:
$allowed_extensions = array('gif','jpg','png','swf','doc','docx','pdf','zip','rar','rtf','psd');
Here is a list of what I'm doing.
Check file extension
$path_info = pathinfo($filename);
if( !in_array($path_info['extension'], $allowed_extensions) ) {
die('File #'.$i.': Incorrent file extension.');
}
Checking the mime file type
$allowed_mimes = array('image/jpeg','image/png','image/gif','text/richtext','multipart/x-zip','application/x-shockwave-flash','application/msword','application/pdf','application/x-rar-compressed','image/vnd.adobe.photoshop');
if( !in_array(finfo_file($finfo, $file), $allowed_mimes) ) {
die('File #'.$i.': Incorrent mime type.');
}
Check file size.
What to do so that the downloaded files are valid? I noticed a strange thing. I changed the .jpg file extension to .zip and ... it was uploaded. I thought it would have the wrong MIME type, but after that I noticed that I was not checking for a specific type, but if there was a specific MIME type in the array. I will fix it later, it does not create problems for me (of course, if you have a good solution / idea, feel free to share it, please).
, ( , , ..), , .
.
- ? , .zip/.rar, (doc, pdf)?
- , .psd?
- , .psd mime: application/octet-stream,
.psd, (image/vnd.adobe.photoshop). . MIME?
, . - , ?