Robis Posted September 15, 2005 Report Share Posted September 15, 2005 Sveiki. Varbūt kāds zin, kā php nočekot vai augšupielādētais fails caur html formu, nav kaut tāds tips, kas varbūt potenciāli kaitīgs (vīruss, nevajadzīgs fails, kas var radīt problēmas), kā piem, .exe, .com, .bat u.c. (es jau visus nezinu...) ? Link to comment Share on other sites More sharing options...
Delfins Posted September 15, 2005 Report Share Posted September 15, 2005 (edited) Uzcept JS-funkciju function checkExt( inputObject ) var badExtensions = new Array( 'bat', 'exe' ); for ( i in badExtensions ) { var re = new RegExp( badExtensions[i] + '$' ); // paskatīsies pats, kā te ir if ( !re.test(inputObject .value) ) inputObject.reset(); // neesmu pārliecināts... bte var arī removeNode + izveidot jaunu node } } Edited September 15, 2005 by Delfins Link to comment Share on other sites More sharing options...
rpr Posted September 15, 2005 Report Share Posted September 15, 2005 labaak jau paskatiitues aploudeetaa faila type un viss buus skaidrs. vislabaak jau ir nevis ierobezjot konkreetu tipu, bet visu aizliegt un atljaut vieniigi taadu un taadu. Link to comment Share on other sites More sharing options...
Delfins Posted September 15, 2005 Report Share Posted September 15, 2005 vislabaak jau ir nevis ierobezjot konkreetu tipu, bet visu aizliegt un atljaut vieniigi taadu un taadu. 22314[/snapback] :) if ( !re.test(inputObject .value) ) => if ( re.test(inputObject .value) ) Link to comment Share on other sites More sharing options...
v3rb0 Posted September 15, 2005 Report Share Posted September 15, 2005 imo kas zinaas kas tas pa slikto failu un ka vajag tiesi to uplodeet, tam nebuus gruuti tikt valjaa no javascripta validacijas.. Link to comment Share on other sites More sharing options...
Robis Posted September 15, 2005 Author Report Share Posted September 15, 2005 JavaScript tak neiet krastā. Kad viņš ir uploadots uz servera, vai nevar tikt kaut ka vaļā drīzāk? Vai arī aizsardzību abos galos - gan JavaScript, gan php? Link to comment Share on other sites More sharing options...
rpr Posted September 15, 2005 Report Share Posted September 15, 2005 tieshi, taa labaak servera pusee apstraadaat if ($_FILES['fails']['type']!='images/jpeg') { die('tikai jpegus!'); } Link to comment Share on other sites More sharing options...
Robis Posted September 15, 2005 Author Report Share Posted September 15, 2005 Ok, tad kādas varētu būt šie $_FILE['userfile']['type'] vērtības nevēlamiem failiem? Link to comment Share on other sites More sharing options...
v3rb0 Posted September 15, 2005 Report Share Posted September 15, 2005 vieglak apzinaat atlauto failu tipus, bet to jau rpr teica Link to comment Share on other sites More sharing options...
Robis Posted September 15, 2005 Author Report Share Posted September 15, 2005 Šai gadījumā grūtāk - jo man nav sevišķi jāierobežo atļauto failu tipi, man vienīgais ir nepieciešams, lai nevar augšupielādēt kādus kaitīgus tipus. Link to comment Share on other sites More sharing options...
Robis Posted September 15, 2005 Author Report Share Posted September 15, 2005 Pie tam - cik zinu, tie Mime atšķiras uz IE un Mozilla piemēram, kā arī tajos Mime varot sarakstīt, ko grib. Link to comment Share on other sites More sharing options...
bubu Posted September 15, 2005 Report Share Posted September 15, 2005 Atšķiras tikai jpeg (IE to uzskata par pjpeg, ja pareizi atceros). Citas atšķirības neesmu novērojis. Protams, IE padotos mime tipus var izkoriģēt kā vēlas caur reģistru. Gan jau arī Mozillai to pašu var. Tā ka uz mime tipiem labāk nepaļauties. Link to comment Share on other sites More sharing options...
Delfins Posted September 15, 2005 Report Share Posted September 15, 2005 .. jo tas tips tiek notiekts pēc extension un uz clienta puses PS: reāli neiedomājos, kur varētu izmantot visus tipus.. izņemot mail-webu. Ieliec visus bieži izmantojamus extension-us Link to comment Share on other sites More sharing options...
Robis Posted September 15, 2005 Author Report Share Posted September 15, 2005 Nu, man tāds bariņš sanāca atļauto tipu :) 'image', 'text', 'text/plain', 'image/gif', 'application/x-gzip', 'multipart/x-gzip', 'text/html', 'text/webviewhtml', 'image/x-icon', 'image/jpeg', 'image/pjpeg', 'image/bmp', 'image/x-windows-bmp', 'application/msword', 'application/word', 'application/wordperfect5.1', 'application/zip', 'application/rtf', 'application/pdf', 'application/excel', 'application/powerpoint', 'image/x-tiff', 'image/x-win-bmp', 'image/x-xbitmap', 'image/x-xpixmap', 'image/x-windowdump', 'image/jpe', 'image/jpg', 'image/tif', 'image/tiff', 'image/x-pict', 'image/x-portable-graymap', 'image/x-portable-pixmap', 'image/x-portable-bitmap', 'image/x-portable-anymap', 'image/x-rgb', 'image/', 'image/', 'image/', 'multipart/mixed', 'multipart/x-tar', 'multipart/x-ustar', 'multipart/x-www-form-urlencoded', 'multipart/x-zip', 'message/rfc822', 'message/partial', 'message/external-body', 'message/http', 'message/news', 'text/enriched', 'text/richtext', 'text/sgml', 'text/tab-separeted-values', 'text/x-sgml', 'text/xml', 'application/x-rtf', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'application/x-excel', 'application/vnd.ms-excel', 'application/x-msexcel', 'application/wordperfect', 'application/wordperfect6.0', 'application/vnd.ms-powerpoint', 'application/x-mspowerpoint', 'application/mspowerpoint', 'image/png', 'text/rtf', 'application/x-rtf', 'text/x-server-parsed-html', 'application/plain', 'application/gnutar', 'application/x-compressed', 'image/x-tiff' Link to comment Share on other sites More sharing options...
Delfins Posted September 15, 2005 Report Share Posted September 15, 2005 1.) tie nav failu tipi, tie ir Mime-Types, jeb kontenta tips 2.) Kontenta tips ne vienmēr sakrīt ar faila extension (un ej tu pakāries!) 3.) kurš teica ka nedrīkst izmantot masīvus? (tavu postu nokonvertējam uz masīvu un nekas ar roku nav jāraksta) Link to comment Share on other sites More sharing options...
Recommended Posts