How do I change my PHP script to accept only images to upload on a server?

Question

I have a simple script to upload images from a mobile app. But this security hole to load other scripts. How can I allow only JPEG and PNG files?

<?php
$name=$_GET['imgname'];

if ( substr($name, 0, 1) == '/' ) $name = substr($name, 1);

if ( isset ( $GLOBALS["HTTP_RAW_POST_DATA"] )) {
    $fp = fopen( $name,"wb");
    fwrite( $fp, $GLOBALS[ 'HTTP_RAW_POST_DATA' ] );
    fclose( $fp );

     echo "filename=".$name;
}
?>

possible duplicate of [How can I only allow certain filetypes on upload in php?](http://stackoverflow.com/questions/2486329/how-can-i-only-allow-certain-filetypes-on-upload-in-php) — Epodax, Sep 04 '15 at 08:15
Did you try to google it first? [google.com/How-to-only-allow-image-uploads](https://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1CHMO_daDK530DK530&ion=1&espv=2&ie=UTF-8#q=How+to+only+allow+image+uploads) — Epodax, Sep 04 '15 at 08:19
I use HTTP_RAW_POST_DATA and your example not work in my case. — Astraport, Sep 04 '15 at 08:26

score 0 · Answer 1 · edited Sep 04 '15 at 14:37

0

$name=$_GET['imgname'];   
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
if($imageFileType==="jpg" && 
   $imageFileType=== "png" && 
   $imageFileType=== "jpeg" && 
   $imageFileType=== "gif" ) {
   // start upload pic here
}

here you can check file type

edited Sep 04 '15 at 14:37

Eric Leschinski

146,994
96
417
335

answered Sep 04 '15 at 08:25

jasbir singh

71
5

This only checks the extension, users will still be able to pass in non images, like executables and viruses, and it will get past the if statement. – Eric Leschinski Sep 04 '15 at 14:36

How do I change my PHP script to accept only images to upload on a server?

1 Answers1