Script failing when trying to upload large images.

Discussion in 'PHP' started by Jikdor, Aug 31, 2007.

0
  1. #1
    When uploading a image over 1.9 MB or so on http://www.dreamuploader.com/ the upload fails and it gives me "wrong filetype".

    Code edited out
     
    Jikdor, Aug 31, 2007 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    Do never trust the MIME type given in ['type']. This value is defined by the user's browser, and therefore it can be modified/faked.

    You're not checking for the extension, so what if I sent a PHP file with a fake MIME type to your script? I could do pretty much everything from there on.

    Plus, some browsers (specially when IE is involved) send a different MIME type, even if the same file is uploaded.

    Check for the extension, or even use getimagesize() to verify if it's an image. No one will be able to run PHP code with an image extension.
     
    nico_swd, Aug 31, 2007 IP
  3. Jikdor

    Jikdor Peon

    Messages:
    33
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    OK thanks for pointing that out, disabeld the site intill I fixed that :rolleyes:
     
    Jikdor, Aug 31, 2007 IP