FrontAccounting forum — Functions to prevent unwanted file types on file upload.

Re: Functions to prevent unwanted file types on file upload.

2014-08-22T04:26:29Z

Yes, I agree with your opinion. So, here I changed it as per my view,


//-----------------------------------------------------------------------------------
function file_cells($label, $name, $id="", $file_type=null)
{
    if ($id != "")
        $id = "id='$id'";
        echo $file_type ; 
    if($file_type== 'documents' ){
        $accept = '.doc,.docx, .rtf, .txt, .pdf, .ppt, .pptx' ;
    } elseif($file_type== 'image' ){
        $accept = 'image/*' ;
    } elseif( $file_type='video') {
        $accept ='video/*' ;
    } else 
        $accept = ''; 
        
    label_cells($label, "");
}        
function file_row($label, $name, $id = "", $file_type=null)
{
    echo "$label";
    file_cells(null, $name, $id, $file_type);
    echo "\n";
}

Here, you can input 4th parameter as the acceptable file type, and my code, i used three different things,

documents - doc, docx, rtf, txt, pdf, ppt, pptx,

image - all image types, which supported by html 5

video - all video file types, which supported by HTML5.

and final one is empty, Thats one for default use, it will support all file types,

Re: Functions to prevent unwanted file types on file upload.

2014-08-21T19:00:35Z

Are you referring to lines 674 to 685 in includes/ui/ui_input_inc.php :

function file_cells($label, $name, $id="")
{
    if ($id != "")
        $id = "id='$id'";
    label_cells($label, "");
}        
function file_row($label, $name, $id = "")
{
    echo "$label";
    file_cells(null, $name, $id);
    echo "\n";
}

If so, then an optional extra parameter (with any as default if omitted for backward compatibility) for various file type groups can be introduced to avoid any more functions.

Functions to prevent unwanted file types on file upload.

2014-08-21T08:58:30Z

here, i just changed it based on my convinent for the attachements, while uploading images of a product, we dont need to allow peoples to choose, some other file types, such as doc's and exe's.
in certain case its become vulnerable to our FA. So we should avoid choosing different file types, before selecting it. Eventhough we can check it while processing form submission. but this one avoids attaching some other files type, here i changed the file_row() based on images , pdf, and doc, just try these functions,

//-----------------------------------------------------------------------------------
function kv_image_cells($label, $name, $id="")
{
if ($id != "")
$id = "id='$id'";
label_cells($label, "");
}
function kv_image_row($label, $name, $id = "")
{
echo "$label";
kv_image_cells(null, $name, $id);
echo "\n";
}

//-----------------------------------------------------------------------------------
function kv_doc_cells($label, $name, $id="")
{
if ($id != "")
$id = "id='$id'";
label_cells($label, "");
}
function kv_doc_row($label, $name, $id = "")
{
echo "$label";
kv_doc_cells(null, $name, $id);
echo "\n";
}

//-----------------------------------------------------------------------------------
function kv_pdf_cells($label, $name, $id="")
{
if ($id != "")
$id = "id='$id'";
label_cells($label, "");
}
function kv_pdf_row($label, $name, $id = "")
{
echo "$label";
kv_pdf_cells(null, $name, $id);
echo "\n";
}