Reputation:
The essential steps in verifying a file upload
What would you say are the essential steps in verifying a file upload?
I'd tend to check the MIME type, give it a new (random) name, make sure its got an allowed file extension, and then I'd check the contents of the file. How do you go about it?
Upvotes: 2
Views: 455
Answers (4)
Reputation: 9921
Check (in this order): the file MIME type (and note certain browsers have MIME type detection problems...); that the file path exists; that a previous version of the file with the same name doesn't exist, else, rev it; that the file isn't too big; on success, run a virus check on the server.
Upvotes: 1
Reputation: 7911
Depends on the expected file contents... might be a good idea to run a virus scan on the file.
Upvotes: 0
Reputation: 1841
If you are receiving a gif file for a profile photo as example, you should check that the mime type is gif.
And that way you avoid uploading bad files.
Here you have an example using php.
Upvotes: 0
Reputation: 140993
Check the file type, check the file size, the image dimension.
These are the 3 I always check to be sure to have good result.
Upvotes: 0
Related Questions
- the most reliable way to check upload file is an image
- PHP file verification
- PHP Upload File Validation
- How do I verify that files have been uploaded?
- Validation of files uploaded to the server
- How to validate that an uploaded file is complete
- Validate file completeness?
- Secure File Upload and validating it
- FileUpload - Verifying that an actual file was uploaded
- Verifying Uploaded File