[wplug] Clean up a PHP script

Zach netrek at gmail.com
Thu Jan 31 21:45:39 EST 2008 

I don't know if you can do something like exec() in PHP but maybe run
it through a program like /usr/bin/file to make sure it really is a
text file. They could name anything .txt that doesn't mean it is.

Zach

On Jan 31, 2008 8:46 PM, Kevin Squire <gentgeen at wikiak.org> wrote:
> I have created a web form with PHP.  The webform is in online application
> form, that then emails our HR department.  They want me to include an option
> on the form to upload a resume.  I would like to stem off some trouble by
> making sure that the file they upload is one of our "acceptable" formats.
> (Arguments about acceptable can be tabled -- I had to fight them to accept
> .txt file formats)
>
> I have my check working, but I have two questions about it:
>
> 1) It seems to be a bit of a clug - can I clean it up some?
> 2) What false-positives could occur?
>
> Here is a snip:
>
>       error_reporting(0);
>        // initialize a array to hold any errors we encounter
>       $errors = array();
>       // check to see if a first name was entered
>       if (!$_POST['fName'])
>          $errors[] = "First Name is required";
>        // check to see if a last name was entered
>       if (!$_POST['lName'])
>          $errors[] = "Last Name is required";
>
> CUT SOME STUFF OUT HERE......
>
>         // check file types against known extensions
>        $whitelist = array(".rtf", ".doc", ".txt", ".pdf");
>       // initialize the extension errors counter
>       $ext_err = 0;
>       // check the file extension
>       foreach ($whitelist as $item) {
>          if (!preg_match("/$item\$/i", $_FILES['userfile']['name']))
>            $ext_err = $ext_err + 1 ;
>       }
>       if ($ext_err == 4)
>              $errors[] = "We only allow certain file formats " .$ext_err;
>
> From the "foreeach" loop down is that part that I would think I could clean
> up some.. but I just can't seem to figure it out myself.
>
> Thanks,
> Kevin
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
>

More information about the wplug mailing list