php - How to prevent the upload of absolutely every type of file imaginable
Get the solution ↓↓↓Some time ago, someone injected javascript into my site. Since then, I have added many more security features, including restrictions through htaccess, etc. I would like to add an additional layer of security which is to prevent the uploading of absolutely every type of file imaginable through a php function. I'm looking for something really simple, yet robust and came up with the following three possibilities. This will need to apply site-wide on all pages and all posts. Which one, if any, would work best. Thank you
// Disallow all file uploads
if(filetype() != "jpgqstrhyzzstvm" && filesize > 0 ) { //some random impossible file extension
echo "Sorry, you are not allowed to upload any files.";
$uploadOk = 0;
}
OR
<input type="file" accept="none"></input>
echo "Sorry, you are not allowed to upload any files.";
OR
function checkFileExtension($ext) {
if ($ext == 'none') {
$pass = (int)1;
}
else {
$pass = (int)0;
}
return (int)$pass;
}
$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];
if($fileAccepted==1 && $fileSize < '0'){
echo "Sorry, you are not allowed to upload any files.";
}```
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: call to a member function format() on string
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.