Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Sep 2002
    Posts
    454
    Thanks
    0
    Thanked 20 Times in 20 Posts

    validating a GET method...

    Ok I downloaded a script to create a file viewer to stream images, but the script says the following method is used to check if an individual is trying to access the file system...
    if(isset($_GET['pic']) && basename($_GET['pic']) == $_GET['pic'] ){

    do process...
    }

    This just looks strange for some reason. If the 'pic' is a directory the basename would be the same. And the basename for a file would be the same.
    $_GET['mydir/'];
    $_GET['mypic.jpg']

    Basenames:
    mydir
    mypic.jpg

    the difference between file and diretory basename is the use of the '.', but if the directory being called were something like 'image.smilies' or the image was called 'smiley.happy.jpg'

    How would you actually validate that it is an image? I'm lost...
    NO Limits!! DHCreationStation.com
    ------------------------------------------------------------
    Broken items wanted for tinkerin'! PostItNow@BrokenEquipment.com
    Global Complaint Dept.

  • #2
    New Coder
    Join Date
    Nov 2011
    Location
    Ratio, Logic
    Posts
    60
    Thanks
    3
    Thanked 6 Times in 6 Posts
    PHP Code:
    $allowed_types = array('jpg''jpeg''png''gif');
    $file_extension end(explode('.'$_GET['pic']));
    if (
    in_array($file_extension$allowed_types))
    {
      
    //your code here

    You should make some additional safety checks, but also see the GLOB function if you can use it.

  • #3
    Regular Coder
    Join Date
    Sep 2002
    Posts
    454
    Thanks
    0
    Thanked 20 Times in 20 Posts
    so you validate the same way you would an upload?
    I thought about that, just figured it would be excess coding.
    Thanks for the help Tpojka
    NO Limits!! DHCreationStation.com
    ------------------------------------------------------------
    Broken items wanted for tinkerin'! PostItNow@BrokenEquipment.com
    Global Complaint Dept.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •