File upload security

Problems with the Windows version of XAMPP, questions, comments, and anything related.

File upload security

Postby kmukund87 » 28. July 2010 17:05

So, I have a website where I have let users to upload files. After the users upload the file to a directory, I store the file name, type, size in a DB and when the users request for the files, I fread the file and echo the file contents along with the appropriate header information.
This way I am trying to avoid running any scripts the user might have uploaded.
Now, are there any performance or security issues associated with this method?

Thanks in advance
kmukund87
 
Posts: 3
Joined: 26. July 2010 17:04

Re: File upload security

Postby WilliL » 29. July 2010 21:14

In a similar case I decided myself (private) only to accept pictures and zip-files..

Code: Select all
   $regex= '/^(.*)\.(jpg|jpeg|zip|gzip|gz|rar)$/';
   $ext_check = preg_match($regex, $_FILES['userfile']['name']);
   if (!$ext_check) { .. }
Willi
WilliL
 
Posts: 660
Joined: 08. January 2010 10:54
Operating System: Win7Home Prem 64 SP1

Re: File upload security

Postby kmukund87 » 01. August 2010 00:16

hmm.. I guess to be sure i have to restrict the file types.
Thanks for the regex code
kmukund87
 
Posts: 3
Joined: 26. July 2010 17:04


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 86 guests