Home/ Questions/Q 8998673
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T00:04:05+00:00

I have a site on which users can upload files to a subdirectory. I’m

  • 0

I have a site on which users can upload files to a subdirectory. I’m filtering the uploads check for potentially malicious code. I’m new to the security side of things, so does this look like a best-practice for securing uploads to the server? If not or if I’m missing anything, could you point me in the right direction?

//arrays with acceptable file extensions/types -- default validations set to false
$acceptable_ext = array('jpg', 'JPG', 'jpeg', 'JPEG', 'gif', 'GIF', 'png', 'PNG');
$acceptable_type = array('image/jpeg', 'image/gif', 'image/png');
$validated_ext = 0;
$validated_type = 0;

//validate file extension and type
if($_FILES && $_FILES['file']['name']) {

    $file_info = pathinfo($_FILES['file']['name']);

    //validate extension
    for ($x=0; $x < count($acceptable_ext); $x++) { 
        if($file_info['extension'] == $acceptable_ext[$x]) {
            $validated_ext = 1;
        }
    }
    //validate type
    for ($x=0; $x < count($acceptable_type); $x++) { 
        if($file_info['type'] == $acceptable_type[$x]) {
            $validated_type = 1;
        }
    }
}

if($validated_ext && $validated_type) {
   //upload file to the server blah blah
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can check out some security configurations here.

    Checking MIME types, ini config, .htaccess etc will give you extra security or extra validation as per the link.

    • 0