Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

file upload validation problem

Jul 4, 2000, 6:27 AM
lanerj
User (304 posts)
Jul 4, 2000, 6:27 AM
Post #1 of 5
Views: 1446
Shortcut
Quote Reply
file upload validation problem
I don't know if this has been discussed before. I've search the forum, but maybe I missed it.
I have the new file upload mod up and running, both on my server and offline under win 95, and it all seems to be working fine, except I'm having a problem validating the uploaded file.
It will catch the allowed file extensions, .gif and .jpg, and also file size, but that's all.
It's not checking for forward or backward slashes, periods, or even if it's actually a file.
So if you type in a file that doesn't exist ie, wsw/.lo..\asw.jpg, it thinks that it is a valid file and renames it to match $db_key. Naturally the file doesn't exist and contains 0 bytes, but it still tries to print it anyway.
Would it be something to do with $filekey not being passed correctly through CGI.pm. I'm not sure how that bit works.
Has any one else had this problem.

thanks
Bob


Jul 4, 2000, 6:47 AM
JPDeni
Veteran / Moderator (8669 posts)
Jul 4, 2000, 6:47 AM
Post #2 of 5
Views: 1398
Shortcut
Quote Reply
Re: file upload validation problem In reply to
You're the first to say anything about it. I took the code pretty much straight from Jeff Carnahan's script, but it's very possible I made a mistake somewhere.

I'll have to see if I can figure it out later today.

JPD
http://www.jpdeni.com/dbman/
Jul 4, 2000, 9:10 PM
LoisC
Veteran / Moderator (3034 posts)
LoisC's avatar
Jul 4, 2000, 9:10 PM
Post #3 of 5
Views: 1402
Shortcut
Quote Reply
Re: file upload validation problem In reply to
If people choose to browse to locate the graphic from their hard drive, then it would have to be a valid file on their computer. Right?

There really wouldn't be a need to have anyone type in the url directly. This I'm thinking is what makes it so much easier to avoid problems with entering a url directly.

Just had to add my 2 cents Smile

Unoffical DBMan FAQ
http://webmagic.hypermart.net/dbman/
Jul 6, 2000, 7:06 AM
lanerj
User (304 posts)
Jul 6, 2000, 7:06 AM
Post #4 of 5
Views: 1390
Shortcut
Quote Reply
Re: file upload validation problem In reply to
Unfortunately you can not have the browse button without the field, and people will add silly stuff into the field and try to upload it.
Anyway here is a quick fix for this.
In default.cfg add $MINIMUM_UPLOAD = 1000; I set mine to 1000 bytes to force users to upload a decent quality image.
To db.cgi sub validate_upload add:

if ($totalbytes < $MINIMUM_UPLOAD) {
unlink "$SAVE_DIRECTORY\/$filename";
return "There was a problem with your Image Upload.
The file you are uploading is to small.<BR>The minimum allowed file size is <B>$MINIMUM_UPLOAD</B> bytes.<BR>Your file was not saved. Please try a larger file.";
}

This will catch non existent files like hgfhgfvgfd.jpg, and text or html files which have had their extensions changed like C:\dbman\README.gif as these also upload as 0 byte files, and bad header files, although I don't have many of them to test.
Not the best solution but it seems to work ok.
Anyone know of a better way.

Bob
http://totallyfreeads.com




Jul 6, 2000, 5:44 PM
JPDeni
Veteran / Moderator (8669 posts)
Jul 6, 2000, 5:44 PM
Post #5 of 5
Views: 1378
Shortcut
Quote Reply
Re: file upload validation problem In reply to
Looks good to me! Smile

JPD
http://www.jpdeni.com/dbman/