Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an uploads folder with permissions set to 777 (cannot be changed).
In this, I allow trusted users to upload images.
I want to only allow .jpg .png and .gif files into this folder.
How can I do this (with .htaccess?)?
EDIT: Someone has said this is not secure. For it to be dangerous, the hacker would still need to get into the server to add files into the directory and execute them, for example using FTP, so it is not that dangerous I think.
This is probably something that is better off enforced by the upload script itself –
.htaccessonly lets you control what users can access from the web server, it doesn’t have any effect on what files are allowed to be created in the directory.However, if you do simply want to limit viewing access to certain file types, you can do that:
(Note that this has the side effect of denying access to the directory index listing, which you may or may not actually need. If you have direct links to all the files, then it doesn’t matter.)