Secure image upload in php - php
I am making an image upload function which I can re-use in my code, which has to be 100% secure. Please tell me if you can spot and security holes in my initial code;
function Upload($file)
{
list($width,$height,$type,$attr) = getimagesize($file);
$mime = image_type_to_mime_type($type);
if(($mime != "image/jpeg") && ($mime != "image/pjpeg") && ($mime != "image/png"))
{
return 'Error3: Upload file type un-recognized. Only .JPG or .PNG images allowed';
}else{
$Newname = md5('sillysalt'.time());
if (move_uploaded_file($file, 'images/'.$Newname.$type))
{
return 'Uploaded!';
}else{
return 'Server Error!';
}
}
}
UPDATE This is how far I've gotten with your help and some research, please tell me what you think. I don't mind much about the speed, for me it's all about being 100% secure, or as close to.
function Upload($file)
{
list($width,$height,$type,$attr) = getimagesize($file);
$mime = image_type_to_mime_type($type);
$folder = 'images/';
// mime checks add a layer of security that keeps out less sophisticated attackers
if(($mime != "image/jpeg") && ($mime != "image/pjpeg") && ($mime != "image/png"))
{
return 'Error3: Upload file type un-recognized. Only .JPG or .PNG images allowed';
}else{
// If the file has no width its not a valid image
if(!$width)
{
$Newname = md5('sillysalt'.time());
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime2 = finfo_file($finfo, $folder.$Newname);
// Should I remove this second mime check? since the info comes form the same spoofable source in the image
if(($mime != "image/jpeg") && ($mime != "image/pjpeg") && ($mime != "image/png"))
{
$fileType = exif_imagetype($file);
$allowed = array(IMAGETYPE_JPEG, IMAGETYPE_PNG);
if(!in_array($fileType, $allowed))
{
// don't overwrite an existing file
$i = 0;
$parts = pathinfo($file);
while(file_exists($folder . $name))
{
$i++;
$name = $Newname."-".$i.".".$parts["extension"];
}
if(move_uploaded_file($file, $folder.$name))
{
// set good permissions for the file
chmod($name, 0644);
return 'Uploaded!';
}else{
return 'Server Error!';
}
}
}
}
}
}
As long as you don't use the FileInfo (http://www.php.net/manual/en/ref.fileinfo.php) extensions from php to check the mime type, your function is not secure at all (think later you'll want to upload pdf's, excels, etc).
Also, md5 over md5 does nothing than increasing the collision chances.
L.E: Something as simple as the following should do it:
function getExtensionToMimeTypeMapping() {
return array(
'ai'=>'application/postscript',
'aif'=>'audio/x-aiff',
'aifc'=>'audio/x-aiff',
'aiff'=>'audio/x-aiff',
'anx'=>'application/annodex',
'asc'=>'text/plain',
'au'=>'audio/basic',
'avi'=>'video/x-msvideo',
'axa'=>'audio/annodex',
'axv'=>'video/annodex',
'bcpio'=>'application/x-bcpio',
'bin'=>'application/octet-stream',
'bmp'=>'image/bmp',
'c'=>'text/plain',
'cc'=>'text/plain',
'ccad'=>'application/clariscad',
'cdf'=>'application/x-netcdf',
'class'=>'application/octet-stream',
'cpio'=>'application/x-cpio',
'cpt'=>'application/mac-compactpro',
'csh'=>'application/x-csh',
'css'=>'text/css',
'csv'=>'text/csv',
'dcr'=>'application/x-director',
'dir'=>'application/x-director',
'dms'=>'application/octet-stream',
'doc'=>'application/msword',
'drw'=>'application/drafting',
'dvi'=>'application/x-dvi',
'dwg'=>'application/acad',
'dxf'=>'application/dxf',
'dxr'=>'application/x-director',
'eps'=>'application/postscript',
'etx'=>'text/x-setext',
'exe'=>'application/octet-stream',
'ez'=>'application/andrew-inset',
'f'=>'text/plain',
'f90'=>'text/plain',
'flac'=>'audio/flac',
'fli'=>'video/x-fli',
'flv'=>'video/x-flv',
'gif'=>'image/gif',
'gtar'=>'application/x-gtar',
'gz'=>'application/x-gzip',
'h'=>'text/plain',
'hdf'=>'application/x-hdf',
'hh'=>'text/plain',
'hqx'=>'application/mac-binhex40',
'htm'=>'text/html',
'html'=>'text/html',
'ice'=>'x-conference/x-cooltalk',
'ief'=>'image/ief',
'iges'=>'model/iges',
'igs'=>'model/iges',
'ips'=>'application/x-ipscript',
'ipx'=>'application/x-ipix',
'jpe'=>'image/jpeg',
'jpeg'=>'image/jpeg',
'jpg'=>'image/jpeg',
'js'=>'application/x-javascript',
'kar'=>'audio/midi',
'latex'=>'application/x-latex',
'lha'=>'application/octet-stream',
'lsp'=>'application/x-lisp',
'lzh'=>'application/octet-stream',
'm'=>'text/plain',
'man'=>'application/x-troff-man',
'me'=>'application/x-troff-me',
'mesh'=>'model/mesh',
'mid'=>'audio/midi',
'midi'=>'audio/midi',
'mif'=>'application/vnd.mif',
'mime'=>'www/mime',
'mov'=>'video/quicktime',
'movie'=>'video/x-sgi-movie',
'mp2'=>'audio/mpeg',
'mp3'=>'audio/mpeg',
'mpe'=>'video/mpeg',
'mpeg'=>'video/mpeg',
'mpg'=>'video/mpeg',
'mpga'=>'audio/mpeg',
'ms'=>'application/x-troff-ms',
'msh'=>'model/mesh',
'nc'=>'application/x-netcdf',
'oga'=>'audio/ogg',
'ogg'=>'audio/ogg',
'ogv'=>'video/ogg',
'ogx'=>'application/ogg',
'oda'=>'application/oda',
'pbm'=>'image/x-portable-bitmap',
'pdb'=>'chemical/x-pdb',
'pdf'=>'application/pdf',
'pgm'=>'image/x-portable-graymap',
'pgn'=>'application/x-chess-pgn',
'png'=>'image/png',
'pnm'=>'image/x-portable-anymap',
'pot'=>'application/mspowerpoint',
'ppm'=>'image/x-portable-pixmap',
'pps'=>'application/mspowerpoint',
'ppt'=>'application/mspowerpoint',
'ppz'=>'application/mspowerpoint',
'pre'=>'application/x-freelance',
'prt'=>'application/pro_eng',
'ps'=>'application/postscript',
'qt'=>'video/quicktime',
'ra'=>'audio/x-realaudio',
'ram'=>'audio/x-pn-realaudio',
'ras'=>'image/cmu-raster',
'rgb'=>'image/x-rgb',
'rm'=>'audio/x-pn-realaudio',
'roff'=>'application/x-troff',
'rpm'=>'audio/x-pn-realaudio-plugin',
'rtf'=>'text/rtf',
'rtx'=>'text/richtext',
'scm'=>'application/x-lotusscreencam',
'set'=>'application/set',
'sgm'=>'text/sgml',
'sgml'=>'text/sgml',
'sh'=>'application/x-sh',
'shar'=>'application/x-shar',
'silo'=>'model/mesh',
'sit'=>'application/x-stuffit',
'skd'=>'application/x-koan',
'skm'=>'application/x-koan',
'skp'=>'application/x-koan',
'skt'=>'application/x-koan',
'smi'=>'application/smil',
'smil'=>'application/smil',
'snd'=>'audio/basic',
'sol'=>'application/solids',
'spl'=>'application/x-futuresplash',
'spx'=>'audio/ogg',
'src'=>'application/x-wais-source',
'step'=>'application/STEP',
'stl'=>'application/SLA',
'stp'=>'application/STEP',
'sv4cpio'=>'application/x-sv4cpio',
'sv4crc'=>'application/x-sv4crc',
'swf'=>'application/x-shockwave-flash',
't'=>'application/x-troff',
'tar'=>'application/x-tar',
'tcl'=>'application/x-tcl',
'tex'=>'application/x-tex',
'texi'=>'application/x-texinfo',
'texinfo'=>'application/x-texinfo',
'tif'=>'image/tiff',
'tiff'=>'image/tiff',
'tr'=>'application/x-troff',
'tsi'=>'audio/TSP-audio',
'tsp'=>'application/dsptype',
'tsv'=>'text/tab-separated-values',
'txt'=>'text/plain',
'unv'=>'application/i-deas',
'ustar'=>'application/x-ustar',
'vcd'=>'application/x-cdlink',
'vda'=>'application/vda',
'viv'=>'video/vnd.vivo',
'vivo'=>'video/vnd.vivo',
'vrml'=>'model/vrml',
'wav'=>'audio/x-wav',
'wrl'=>'model/vrml',
'xbm'=>'image/x-xbitmap',
'xlc'=>'application/vnd.ms-excel',
'xll'=>'application/vnd.ms-excel',
'xlm'=>'application/vnd.ms-excel',
'xls'=>'application/vnd.ms-excel',
'xlw'=>'application/vnd.ms-excel',
'xml'=>'application/xml',
'xpm'=>'image/x-xpixmap',
'xspf'=>'application/xspf+xml',
'xwd'=>'image/x-xwindowdump',
'xyz'=>'chemical/x-pdb',
'zip'=>'application/zip',
);
}
function getMimeType($filePath) {
if (!is_file($filePath)) {
return false;
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $filePath);
finfo_close($finfo);
return $mime;
}
function upload($filePath, $destinationDir = 'images', array $allowedMimes = array()) {
if (!is_file($filePath) || !is_dir($destinationDir)) {
return false;
}
if (!($mime = getMimeType($filePath))) {
return false;
}
if (!in_array($mime, $allowedMimes)) {
return false;
}
$ext = null;
$extMapping = getExtensionToMimeTypeMapping();
foreach ($extMapping as $extension => $mimeType) {
if ($mimeType == $mime) {
$ext = $extension;
break;
}
}
if (empty($ext)) {
$ext = pathinfo($filePath, PATHINFO_EXTENSION);
}
if (empty($ext)) {
return false;
}
$fileName = md5(uniqid(rand(0, time()), true)) . '.' . $ext;
$newFilePath = $destinationDir.'/'.$fileName;
if(!rename($filePath, $newFilePath)) {
return false;
}
return $fileName;
}
// use it
if (isset($_FILES['something']['tmp_name'])) {
$file = $_FILES['something']['tmp_name'];
$storagePath = 'images'; // this is relative to this script, better use absolute path.
$allowedMimes = array('image/png', 'image/jpg', 'image/gif', 'image/pjpeg');
$fileName = upload($file, $storagePath, $allowedMimes);
if (!$fileName) {
exit ('Your file type is not allowed.');
} else {
// check if file is image, optional, in case you allow multiple types of files.
// $imageInfo = #getimagesize($storagePath.'/'.$fileName);
exit ("Your uploaded file is {$fileName} and can be found at {$storagePath}/{$fileName}");
}
}
Stop filtering it by mime type it is not safe!
Client can send different mime types with different file extensions. So, you need to check file extension.
edit:
I think I have been misunderstood, I wrote the answer to tell that checking mime type to determine file type is not a good way, the best way to determine the file type is checking file extension. So, I don't mean that checking file extension is enough. Either checking only file extension or mime type is not safe way.
What to do?
1-Check mime type
2-Check file extension
3- decode file name
4- check file content consistency (if possible)
5- regenerate file content (if possible)
I know that attackers can bypass first and second way by using "null byte hack" and "mime type bypass"
So, 3,4 and 5 is so important for security.
Related
Count page PDF with Imagick (Prestashop)
I use Imagick to count the number of pages in my PDF which is uploaded by the client except that my var_dump does not return any results.
Here is my prestashop code from my ProductController.php controller for uploading files.
class ProductController extends ProductControllerCore
{
const CUSTOMIZATION_FILE_DIR = 'customizations';
protected function pictureUpload()
{
if (!($field_ids = $this->product->getCustomizationFieldIds()))
return false;
$authorized_file_fields = array();
foreach ($field_ids AS $field_id)
{
if ($field_id['type'] == Product::CUSTOMIZE_FILE)
$authorized_file_fields[(int)$field_id['id_customization_field']] = 'file' . (int)$field_id['id_customization_field'];
}
$indexes = array_flip($authorized_file_fields);
foreach ($_FILES AS $field_name => $file)
{
if (in_array($field_name, $authorized_file_fields) AND isset($file['tmp_name']) AND !empty($file['tmp_name']))
{
// If there is an upload error, let the parent handle it
if ($file['error'] != UPLOAD_ERR_OK)
continue;
// If the file is not allowed, let the parent handle it
if (!$this->isUploadTypeAllowed($file))
continue;
// Unset the PDF to prevent the parent to handle this file
unset($_FILES[$field_name]);
// Create dir
mkdir(_PS_UPLOAD_DIR_ . ProductController::CUSTOMIZATION_FILE_DIR.'/'.$this->context->cart->id, 0777, true);
// Mark the file as a custom upload
$file_name = ProductController::CUSTOMIZATION_FILE_DIR.'/'.$this->context->cart->id.'/P'. md5(uniqid(rand(), true)).'.pdf';
$doc = exec("identify -format %n $file_name");
var_dump($doc);
$tmp_name = tempnam(_PS_TMP_IMG_DIR_, 'PS');
if (!move_uploaded_file($file['tmp_name'], $tmp_name))
{
$this->errors[] = Tools::displayError('An error occurred during the PDF upload.');
return false;
}
// Copy file to the upload dir
if (!copy($tmp_name, _PS_UPLOAD_DIR_.$file_name))
{
$this->errors[] = Tools::displayError('An error occurred during the PDF upload.');
return false;
}
// Chmod the new file
if (!chmod(_PS_UPLOAD_DIR_.$file_name, 0777))
{
$this->errors[] = Tools::displayError('An error occurred during the PDF upload.');
return false;
}
// Create a fake thumb to avoid error on delete, this hack avoids lots of core method override
file_put_contents(_PS_UPLOAD_DIR_ . $file_name . '_small', '');
chmod(_PS_UPLOAD_DIR_ . $file_name . '_small', 0777);
// Register the file
$this->context->cart->addPictureToProduct($this->product->id, $indexes[$field_name], Product::CUSTOMIZE_FILE, $file_name);
// Remove tmp file
unlink($tmp_name);
}
}
return parent::pictureUpload();
}
protected function isUploadTypeAllowed($file)
{
/* Detect mime content type */
$mime_type = false;
$types = array('application/pdf', 'application/zip'); // Extra mime types can be added here
if (function_exists('finfo_open'))
{
$finfo = finfo_open(FILEINFO_MIME);
$mime_type = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
}
elseif (function_exists('mime_content_type'))
{
$mime_type = mime_content_type($file['tmp_name']);
}
elseif (function_exists('exec'))
{
$mime_type = trim(exec('file -b --mime-type '.escapeshellarg($file['tmp_name'])));
}
if (empty($mime_type) || $mime_type == 'regular file')
{
$mime_type = $file['type'];
}
if (($pos = strpos($mime_type, ';')) !== false)
$mime_type = substr($mime_type, 0, $pos);
// is it allowed?
return $mime_type && in_array($mime_type, $types);
}
}
Thank you.
How do l make a function that validates and image
l have used the function below but its allowing even pdf to be uploaded
and its not checking if its an image
function image_allowed($file_extn) {
$allowed = array('jpg','jpeg','gif','png');
$file_name = $_FILES['image']['image_name'];
$file_extn = strtolower(end(explode('.', $file_name)));
$file_temp = $_FILES['image']['tmp_name'];
if (in_array($allowed,$file_extn )=== true){
return true;
}else {
return false;
}
and l checked using the code below and l dont know were lam getting it wrong
if (image_allowed($_POST['image'])=== true) {
$errors[] = ' images only are allowed.';
and l would love to know any checks that l might have ommited here
While comparing extensions might do the trick, it's not very safe as it easy to fake an extension. I would advise to check the mime types of the files.
Option 1 - using finfo
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file_type = finfo_file($finfo, "image.gif");
finfo_close($finfo);
Output for this case: image/gif
Just remember to change your $allowed array accordingly.
You can see a list of possible mime types for images at wikipedia.
Option 2 - Using exif-imagetype
exif_imagetype('image.gif')
Just notice that in that case your $allowed array should contain constants that represent possible return values. (For further information look at the manual - link above)
You can check your image type using pathinfo (http://php.net/manual/en/function.pathinfo.php):
$path_parts = pathinfo('/your/image/path/');
echo $path_parts['extension']; // Your extension...
In your function code:
function image_allowed($imagePath) {
$allowed = array('jpg','jpeg','gif','png');
$myExtension = pathinfo($imagePath);
if(in_array($myExtension['extension'], $allowed)
return true;
else
return false;
}
You need to use like this:
function image_allowed() {
$allowed = array('jpg','jpeg','gif','png');
$file_name = $_FILES['image']['name'];
$file_extn = strtolower(end(explode('.', $file_name)));
$file_temp = $_FILES['image']['tmp_name'];
if (in_array($file_extn,$allowed)=== true){
return true;
}
return false;
}
if (image_allowed()=== false) {
$errors[] = ' images only are allowed.';
}else{
//save image or something else
}
upload and displaying files on webpage
The code below is uploading and displaying files on the upload.php page and it's working fine. The problem I have is that it's not displaying the files if I copy and paste the url of the upload.php page into a new webpage.
upload.php code
<?php
if (isset($_FILES['file_upload'])) {
$file = $_FILES['file_upload'];
$name = $file['name'];
$type = $file['type'];
$tmp_location = $file['tmp_name'];
$upload = 'uploads';
$final_destination = $upload.'/'.$name;
$error = $file['error'];
$max_upload_size = 2097152;
$size = $file['size'];
$allowedImageTypes = array( 'image/png', 'image/jpeg', 'image/gif', );
function imageTypeAllowed($imageType){
global $allowedImageTypes;
if(in_array($imageType, $allowedImageTypes)){
return true;
}
else{
return false;
}
}
//Check for errors
if($error > 0 || is_array($error)){
die("Sorry an error occured");
}
//Check if file is image
//Only required if image is only whjat we need
if(!getimagesize($tmp_location)){
die("Sorry, you can only upload image types");
}
if(!imageTypeAllowed($type)){
die("Sorry, file type is not allowed");
}
if(file_exists($final_destination)){
$final_destination = $upload.'/'.time().$name;
}
if(!move_uploaded_file($tmp_location, $final_destination)){
die("Cannot finish upload, something went wrong");
}
$handle = opendir('uploads');
if($handle){
while(($entry = readdir($handle)) !== false){
if($entry != '.' && $entry != '..'){
echo "$entry<br>";
}
}
closedir($handle);
}
}
?>
<h2>File Successfully uploaded!</h2>
If you indent your code to be human-readable, you'll find that the entire server-side code block is wrapped in this conditional:
if (isset($_FILES['file_upload'])) {
// all of your code
}
This means that all of that server-side code will execute only if a file_upload value is POSTed to the form. When you copy/paste the URL into a new browser window and invoke that request, you're invoking a GET request with no form values. Since you're not uploading a file in this request, the isset() condition evaluates to false and your code isn't executed.
You should separate your functionality into two groups:
Handling the upload.
Displaying the current state of the data.
The code for handling the upload should execute only when an upload is present. The code for displaying the data should execute always.
If I'm reading your code correctly, all you should need to do is split out the last few parts:
if (isset($_FILES['file_upload'])) {
// the rest of your code
}
$handle = opendir('uploads');
if($handle){
while(($entry = readdir($handle)) !== false){
if($entry != '.' && $entry != '..'){
echo "$entry<br>";
}
}
closedir($handle);
}
Is it possible to check that mp3 file is exactly mp3 file with php? [duplicate]
How can I check if a file is an mp3 file or image file, other than check each possible extension?
Native ways to get the mimetype:
For PHP < 5.3 use mime_content_type()
For PHP >= 5.3 use finfo_fopen()
Alternatives to get the MimeType are exif_imagetype and getimagesize, but these rely on having the appropriate libs installed. In addition, they will likely just return image mimetypes, instead of the whole list given in magic.mime.
If you don't want to bother about what is available on your system, just wrap all four functions into a proxy method that delegates the function call to whatever is available, e.g.
function getMimeType($filename)
{
$mimetype = false;
if(function_exists('finfo_fopen')) {
// open with FileInfo
} elseif(function_exists('getimagesize')) {
// open with GD
} elseif(function_exists('exif_imagetype')) {
// open with EXIF
} elseif(function_exists('mime_content_type')) {
$mimetype = mime_content_type($filename);
}
return $mimetype;
}
You can identify image files using getimagesize. To find out more about MP3 and other audio/video files, I have been recommended php-mp4info getID3().
To find the mime type of a file I use the following wrapper function:
function Mime($path)
{
$result = false;
if (is_file($path) === true)
{
if (function_exists('finfo_open') === true)
{
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if (is_resource($finfo) === true)
{
$result = finfo_file($finfo, $path);
}
finfo_close($finfo);
}
else if (function_exists('mime_content_type') === true)
{
$result = preg_replace('~^(.+);.*$~', '$1', mime_content_type($path));
}
else if (function_exists('exif_imagetype') === true)
{
$result = image_type_to_mime_type(exif_imagetype($path));
}
}
return $result;
}
try mime_content_type()
<?php
echo mime_content_type('php.gif') . "\n";
echo mime_content_type('test.php');
?>
Output:
image/gif
text/plain
Or better use finfo_file() the other way is deprecated.
getimageinfo is best to find images . Check if return type is false .
You can use FileInfo module which is built into PHP since 5.3. If you are using a PHP version less than PHP 5.3, you can install it as a PECL extension: After installation the finfo_file function will return file information. PECL extension: http://pecl.php.net/package/fileinfo PHP Documentation: http://www.php.net/manual/en/book.fileinfo.php
You could use finfo like this:
$mime = finfo_open(FILEINFO_MIME, $path_to_mime_magic_file);
if ($mime ===FALSE) {
throw new Exception ('Finfo could not be run');
}
$filetype = finfo_file($mime, $filename);
finfo_close($mime);
or if you have problems with finfo not being installed, or the mime magic file just not working (it works correctly on 3 out of our 4 servers - all identical OS and PHP installs) - then try using Linux's native file (don't forget to sanitise the filename though: in this example, I know the filename can be trusted as it's a PHP temporary filename in my test code):
ob_start();
system('file -i -b '.$filename);
$output = ob_get_clean();
$output = explode("; ", $output);
if (is_array($output)) {
$filetype = trim($output[0]);
}
Then just pass the mime file type to a switch statement like:
switch (strtolower($filetype)) {
case 'image/gif':
return '.gif';
break;
case 'image/png':
return '.png';
break;
case 'image/jpeg':
return '.jpg';
break;
case 'audio/mpeg':
return '.mp3';
break;
}
return null;
This function checks if the file is an image based on extension and mime and returns true if it's a browser compatible image...
function checkImage($image) {
//checks if the file is a browser compatible image
$mimes = array('image/gif','image/jpeg','image/pjpeg','image/png');
//get mime type
$mime = getimagesize($image);
$mime = $mime['mime'];
$extensions = array('jpg','png','gif','jpeg');
$extension = strtolower( pathinfo( $image, PATHINFO_EXTENSION ) );
if ( in_array( $extension , $extensions ) AND in_array( $mime, $mimes ) ) return TRUE;
else return FALSE;
}
For Images, I use:
function is_image($path)
{
$a = getimagesize($path);
$image_type = $a[2];
if(in_array($image_type , array(IMAGETYPE_GIF , IMAGETYPE_JPEG ,IMAGETYPE_PNG , IMAGETYPE_BMP)))
{
return true;
}
return false;
}
The best way is to use finfo_file function.
Example:
<?php
if (isset($_FILES['yourfilename']['tmp_name'])) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $_FILES['yourfilename']['tmp_name']);
if ($mime == 'image/jpg') {
echo "It's an jpg image!";
}
finfo_close($finfo);
}
?>
This function get a file path and with use finfo_open and mime_content_type if supported, return image or video or audio string.
/**
* get file type
* #return image, video, audio
*/
public static function getFileType($file)
{
if (function_exists('finfo_open')) {
if ($info = finfo_open(defined('FILEINFO_MIME_TYPE') ? FILEINFO_MIME_TYPE : FILEINFO_MIME)) {
$mimeType = finfo_file($info, $file);
}
} elseif (function_exists('mime_content_type')) {
$mimeType = mime_content_type($file);
}
if (strstr($mimeType, 'image/')) {
return 'image';
} else if (strstr($mimeType, 'video/')) {
return 'video';
} else if (strstr($mimeType, 'audio/')) {
return 'audio';
} else {
return null;
}
}
malformed url php mysql
I am uploading 4 things to my website. For filetype 3 and filetype 4, I am using dd_folder; yet when I try to call it I am getting something like this
url/dd_folder/dd_folder/(filename)
this only happens for filetype 4; here is the code i believe is responsible
else if (!empty($variables_array['item_file_url_' . $file_type]))
{
$file_name = $variables_array['item_file_url_' . $file_type];
$embedded_code = ($this->setts['enable_embedded_media'] && $file_type == 2) ? $variables_array['embedded_code'] : 0;
if ($create_row)
{
$this->upload_create_row($upload_item_id, $file_type, $file_name, $embedded_code);
}
}
if ($file_type == 1) /* image */
{
$nb_uploads = $this->count_contents($variables_array['ad_image']);
$variables_array['ad_image'][$nb_uploads] = $file_name;
}
else if ($file_type == 2) /* video */
{
$nb_uploads = $this->count_contents($variables_array['ad_video']);
$variables_array['ad_video'][$nb_uploads] = $file_name;
}
else if ($file_type == 3) /* digital media */
{
$nb_uploads = $this->count_contents($variables_array['ad_dd']);
$variables_array['ad_dd'][$nb_uploads] = str_replace($this->setts['dd_folder'], '', $file_name);
}
else if ($file_type == 4) /* 4.18.2012 torrent support */
{
$nb_uploads = $this->count_contents($variables_array['ad_torrent']);
$variables_array['ad_torrent'][$nb_uploads] = str_replace($this->setts['dd_folder'], '', $file_name);
}
I think what is happening is that during the other 3 different file uploads, the first dd_folder bit gets removed. Yet when I try it for file type 4 it keeps it for some reason. Can anyone help on this issue?