I'm trying to upload a zip file and a csv file from HTML form.
On PHP, When I printed $_FILES (Actually $request->getFiles() in symfony), I got following.
Array
(
[zipfile] => Array
(
[name] => tempfiles.zip
[type] => application/octet-stream
[tmp_name] => C:\wamp\tmp\php5D42.tmp
[error] => 0
[size] => 850953
)
[csvfile] => Array
(
[name] => test.csv
[type] => application/vnd.ms-excel
[tmp_name] => C:\wamp\tmp\php5D52.tmp
[error] => 0
[size] => 312
)
)
I'm wondering with the type
and tmp_name
. I need to take few decisions based on type. Is it safe to take decisions on existing type? Will I get same result for similar files on Linux server?
Again tmp_name
have .tmp
extension. Is it consistent on both windows/linux? If not, is there any way that the code I write on windows (decision using type
) will work on linux without any issue?
Using this type
can be dangerous Because user can change the type of the files and can upload a php script.
You should validate the type
first just like get_image_size() to validate a image file.I have no idea about .zip file
It is not safe to trust the type
form $_FILES
, you need to validate the file type in server side.
For .tmp
extension, it is ok both on windows or linux.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.