php - How to prevent the upload of absolutely every type of file imaginable
Get the solution ↓↓↓
Some time ago, someone injected javascript into my site. Since then, I have added many more security features, including restrictions through htaccess, etc. I would like to add an additional layer of security which is to prevent the uploading of absolutely every type of file imaginable through a php function. I'm looking for something really simple, yet robust and came up with the following three possibilities. This will need to apply site-wide on all pages and all posts. Which one, if any, would work best. Thank you
// Disallow all file uploads
if(filetype() != "jpgqstrhyzzstvm" && filesize > 0 ) { //some random impossible file extension
echo "Sorry, you are not allowed to upload any files.";
$uploadOk = 0;
}
OR
<input type="file" accept="none"></input>
echo "Sorry, you are not allowed to upload any files.";
OR
function checkFileExtension($ext) {
if ($ext == 'none') {
$pass = (int)1;
}
else {
$pass = (int)0;
}
return (int)$pass;
}
$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];
if($fileAccepted==1 && $fileSize < '0'){
echo "Sorry, you are not allowed to upload any files.";
}```
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: trying to access array offset on value of type bool in
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.