How to upload secure files? [duplicate]

1

I want to upload files securely without worrying about the extension. I'm afraid someone will try to upload a file to my website and run it inside the server, I do not know if it's possible and more hit me with fear.

  • How can I check if the file is really an image?

  • Can I block to only select files of type .jpg .png .gif in the window that opens to select the file?

asked by anonymous 05.12.2017 / 14:02

1 answer

0

To verify that the file is actually an image, through PHP, there is already a question answered about this in What is the way to identify that the upload file is an image? .

Now, by responding to how to block some file types in the check box that appears, your " best " option is to use the accept of the tag entry. In the code below you allow files of type .jpg , .png , and .gif . See the snippet :

<input type="file"  accept="image/x-png, image/gif, image/jpeg" />

Or if you want to allow all types of image you can do it as follows:

<input type="file" accept="image/*" />

It's important to note that this only suggests to the browser what types of display files for the user, however this can be easily circumvented, so importance validation of the file uploaded to the server also . Although it can usually be circumvented by users, it helps reduce results to users by default so they can get exactly what they are looking for without having to go through a hundred different file types.

For more detailed information on browser support, you can look at the Can I Use . But quickly accept is supported in IE 11, Firefox since version 56, and Chrome since version 49. On mobile devices, support is quite incomplete. Some like Edge and Opera Mini are not supported.

We also have a question answered about this in our Big Brother SO .

    
05.12.2017 / 14:16