| View previous topic :: View next topic |
| Author |
Message |
Stefan_D
-
Joined: 21 Aug 2006
Posts: 4
|
 Posted: Fri Sep 01, 2006 12:06 pm Post subject: Problem with MIME types |
 |
|
Hello,
I have an Upload section on an Internetsite and I want to allow only certain files for Upload. Therefore I've created a whitelist (PHP script) and everything is working fine besides 3 file types:
1: .tiff should be allowed but it's not working. Although .tiff is implemented in the servers MIME list, I always get the error message: application/octet-stream. That's strange...
2: .rar should also be allowed. After adding: application/x-rar-compressed to the MIME list I still get the same error message as above.
3. .php should be blocked but I can upload this file type. It's not in my whitelist and it's not in the MIME type list. So I added: application/x-httpd-php to the MIME list (file extension php and phtml) but I can still upload those files although they should be blocked because they're not on the whitelist.
Please help me on this problem. I would like to make the Upload function as save as possible.
Thanx,
Stefan |
|
| Back to top |
  |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Fri Sep 01, 2006 12:41 pm Post subject: |
|
|
MIME types do not stop the uploading of files. They tell the server how to execute them. Your PHP upload script is the part that stops these file types. There is a small snippet of code in a recent post on how to do this. Search the forum and you should find it.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
 |
|
Stefan_D
-
Joined: 21 Aug 2006
Posts: 4
|
| Posted: Fri Sep 01, 2006 2:04 pm Post subject: |
|
|
I'll search the forum for that post and I know what MIME types do. My main problem is that I can't upload certain file (e.g. .tiff and .rar) although they are in my whitelist. I've created this php script which allows only file types listed in this whitelist.
Why I can still upload .php files although they're not in this whitelist is quite mysterious to me.
Thanks for your help so far... |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Fri Sep 01, 2006 3:41 pm Post subject: |
|
|
| Stefan_D wrote: | | Why I can still upload .php files although they're not in this whitelist is quite mysterious to me. |
It seems related to a programming error (or unexpected side effect) in your script. If you want us to review it, please post it here.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
Stefan_D
-
Joined: 21 Aug 2006
Posts: 4
|
| Posted: Mon Sep 04, 2006 8:58 am Post subject: Problem with MIME types / Upload from Mac and PC |
|
|
The script seems OK but I'll check it again and post it if I don't get rid of the problem. But another thing seems very strange:
I don't have the same problems with the file upload on different platforms. When trying to upload on a PC (with IE) .tiff and .rar are blocked (although listed in my whitelist) but .php isn't blocked (what it actually should).
When uploading from a Mac (Safari) .tiff is working (why??) but .pps isn't (on a PC it does). Rar-archives also can't be uploaded and .php is blocked (what it should).
This really makes no sense to me. Does anyone have an ideas??
Thanx... |
|
| Back to top |
|
|
|
