(Link to AcmlmWiki) Offline: thank ||bass
Register | Login
Views: 13,040,846
 Main | Memberlist | Active users | Calendar | Chat | Online users
Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album 		06-01-24 06:13 PM
0 users currently in Help, Suggestions, Bug Reports.
Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - upload file extensions..
  
User name:
Password:
Reply:
 
Options: - -
Quik-Attach:
Preview for more options
Max size 1.00 MB, types: png, gif, jpg, txt, zip, rar, tar, gz, 7z, ace, mp3, ogg, mid, ips, bz2, lzh, psd

UserPost
mvent2
Posts: 50/76		 It all depends what kind of header is sent to the client. For example, you can make a PHP script but if you put:
header("Content-type: image/png");
The browser will read it as if it was a .png file. In non-PHP files, I have no idea what determines the MIME type of a file. It isn't the extension, I don't think.
Xkeeper
Posts: 1210/5653
Originally posted by Gavin
MIME types can be spoofed, but it requires someone to actually know what they are doing versus just changing a file extension, which even people at this board might be capable of doing.
Wouldn't MIME types still be different even if you changed the file extension?
Gavin
Posts: 110/181
Originally posted by Xkeeper
Gavin: Yes, however, MIME types can also be spoofed.

I base it on the fact extensions are usually what the server reads (i.e., it won't parse a txt just because it has


MIME types can be spoofed, but it requires someone to actually know what they are doing versus just changing a file extension, which even people at this board might be capable of doing.
Xkeeper
Posts: 1179/5653		 Also: I think I've said I wasn't done with attachments several times already.
Xkeeper
Posts: 1178/5653		 Gavin: Yes, however, MIME types can also be spoofed.

I base it on the fact extensions are usually what the server reads (i.e., it won't parse a txt just because it has <?php in it)...
HyperHacker
Posts: 982/5072		 Speaking of files, you can't attatch one when creating a thread. Nor can you edit them when editing a post.

Testes...

[edit] Either that file I just uploaded is really popular, or the counter's wrong. It apparently got 18 hits in the time between me uploading it (and viewing it once to test) and editing my post.

[edit 2] Hah, I think I know what's up with the download counter. I noticed Winamp's been flickering back and forth between "[Connecting] http://board.acmlm.org/download.php?id=47" and "Connection error" for some time now. Whoops.
Gavin
Posts: 109/181		 I noticed the new board logo with some of the code you're using to get file extensions:



I was curious what exactly the file extension is used for, and if it is for checking file type? Might be, might not be. And I'm not sure how relevant it is for this case, but if you are using it for file type restrictions I just thought I would recommend that in the future, the current method is kind of a no-no. You're going to want to use MIME magic, because checking for file type by extension is easily spoofed. Specifically, mime_content_type();. This prevents simple file name change subversion.
Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - upload file extensions..


ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.009 seconds; used 350.46 kB (max 394.34 kB)