[Phpwm] auto reading Zip files
Phil Beynon
phil at infolinkelectronics.co.uk
Thu Nov 9 15:54:37 GMT 2006
> > Thanks for any thoughts, alan dunn
>
> I have a similar setup, although I use scp (+certificates == no
> password).
>
> The file is uploaded to '$something . ".new"' and when it's finished
> uploading it's renamed to $something.
>
> Alternatively, move the files from one directory to another after
> uploading has finished.
>
> David.
>
>
> --
> David Goodwin
>
Hi,
I would have thought best practice would be to upload it to /tmp with a
spoiler code added in case two people happened to upload a file with the
same name at the same time. Then just copy() it to where you want it to live
once its been validated.
Do a filename validation since its coming off a windows box onto a unix one
as well;-
$file_name = eregi_replace("[^._0-9a-z-]","_",$file_name); // remove
illegal chars and replace with underscores
Might be worth mentioning that as a security check its worth looking at the
file extension then using this to validate against the correct embedded mime
type against a lookup table.
Stops users ever uploading a script or something else renamed as a .zip
file.
Phil
More information about the Phpwm
mailing list