I'm building a php file uploader and I've some issues with security. For example I don't want to allow ".php" file uploads. As I know the only way to check the file type is with \[code\]$_FILES['file']['type']\[/code\] and the value of it is browser dependent.I check with multiple browsers and found that when selecting a regular .php file different browsers return these values:\[code\]firefox: application/x-downloadchrome: text/plainsafari: text/plainIE: text/plainopera: application/octet-stream\[/code\]I've also tried the same experiment with the regular .txt files and all browses return \[code\]text/plain\[/code\] as the mime type.So here's the problem, If I want to allow the .txt file upload what should I do to prevent .php file uploads?
Checking filetypes when uploading, and browser dependency issues
- Thread starter kamil697
- Start date