Using inspekt with the $_FILES array
2 views
Skip to first unread message
Kenrick
May 14, 2008, 2:24:00 PM5/14/08
to inspekt
Im looking for an example of how I would use inspekt with the $_FILES
array, as there are not any file specific type tests. Unless I'm just
going to write my own regex using testRegex, there isn't an easy to
test for a valid filename, ie, making sure it doesnt have any crap in
it. For example here are the indices of the $_FILES array:
name
size
type
error
tmp_name
I could see maybe having some kind of filters for first the name of
the file, so that its safe, or to at least return a safe name like:
$name = preg_replace('/[^\w.-_]+/', '_',$name);
for the file size, that it is not larger then the max you set:
for the type, maybe a mime type check, passing in a list of acceptable
mime types to check against the files mime
not sure if there needs to be something for tmp_name, but for the
error, it could just check if there is an error or return false or
something.
array, as there are not any file specific type tests. Unless I'm just
going to write my own regex using testRegex, there isn't an easy to
test for a valid filename, ie, making sure it doesnt have any crap in
it. For example here are the indices of the $_FILES array:
name
size
type
error
tmp_name
I could see maybe having some kind of filters for first the name of
the file, so that its safe, or to at least return a safe name like:
$name = preg_replace('/[^\w.-_]+/', '_',$name);
for the file size, that it is not larger then the max you set:
for the type, maybe a mime type check, passing in a list of acceptable
mime types to check against the files mime
not sure if there needs to be something for tmp_name, but for the
error, it could just check if there is an error or return false or
something.
Reply all
Reply to author
Forward
0 new messages