modify.cgi and add.cgi appear to have slight differences in the way they handle regex from a
table column, modify.cgi is enforcing regular expressions erroniously, can someone else confirm this or it is just me? maybe my regex is all wrong. this is what I use in a custom added image field:

^[\w-]+\.(gif|GIF|jpg|JPG|png|PNG)$

add.cgi handles this perfectly fine. I can add only
gif, jpg and png images, and I can NOT include an image and still it will work. however, modify.cgi tells me that the field (image) can not contain xxx characters, as if it is eforcing the regex in a different way.

Sad, but this is soo true!

Anybody can upload any type of file!

Actually,

The best way to enforce file typing (because the browsers will display images regardless of extension), is to actually check the uploaded file for the graphics signature.

There are a few CPAN modules you can get that will do that, and simple plugin/hook will check the files.

My original logo program would read the file, and change the extension to match the data in the file, if necessary, then reject the file if the encoded type did not match the list of valid extensions. It did this not by a hook, but by moving the upload routines to a separate script ie: the link add/etc was left to Links to manage, but the image/upload fields were managed by the Upload.cgi

andy took this in a different direction, but it's on my list to tweak back in to the image upload routine library.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.

  
What if you want to upload various types of files?

.doc .txt .pdf