• From: India, TN, Karur
  • Registered: 05/16/2014
  • Posts: 1,182

Topic: Functions to prevent unwanted file types on file upload.

here, i just changed it based on my convinent for the attachements, while uploading images of a product, we dont need to allow peoples to choose, some other file types, such as doc's and exe's.
in certain case its become vulnerable to our FA. So we should avoid choosing different file types, before selecting it.  Eventhough we can check it while processing form submission. but this one avoids attaching some other files type, here i changed the file_row() based on images , pdf, and doc, just try these functions,

//-----------------------------------------------------------------------------------
function kv_image_cells($label, $name, $id="")
{
    if ($id != "")
        $id = "id='$id'";
    label_cells($label, "<input type='file' name='$name' $id  accept='image/*'/>");
}       
function kv_image_row($label, $name, $id = "")
{
    echo "<tr><td class='label'>$label</td>";
    kv_image_cells(null, $name, $id);
    echo "</tr>\n";
}   


//-----------------------------------------------------------------------------------
function kv_doc_cells($label, $name, $id="")
{
    if ($id != "")
        $id = "id='$id'";
    label_cells($label, "<input type='file' name='$name' $id  accept='.doc,.docx'/>");
}       
function kv_doc_row($label, $name, $id = "")
{
    echo "<tr><td class='label'>$label</td>";
    kv_doc_cells(null, $name, $id);
    echo "</tr>\n";
}   

//-----------------------------------------------------------------------------------
function kv_pdf_cells($label, $name, $id="")
{
    if ($id != "")
        $id = "id='$id'";
    label_cells($label, "<input type='file' name='$name' $id  accept='.pdf'/>");
}       
function kv_pdf_row($label, $name, $id = "")
{
    echo "<tr><td class='label'>$label</td>";
    kv_pdf_cells(null, $name, $id);
    echo "</tr>\n";
}

Subscription service based on FA
HRM CRM POS batch Themes

kvvaradha's Website

  • From: Singapore, India, Chennai
  • Registered: 05/02/2009
  • Posts: 6,094

Re: Functions to prevent unwanted file types on file upload.

Are you referring to lines 674 to 685 in includes/ui/ui_input_inc.php :

function file_cells($label, $name, $id="")
{
    if ($id != "")
        $id = "id='$id'";
    label_cells($label, "<input type='file' name='$name' $id />");
}        
function file_row($label, $name, $id = "")
{
    echo "<tr><td class='label'>$label</td>";
    file_cells(null, $name, $id);
    echo "</tr>\n";
}

If so, then an optional extra parameter (with any as default if omitted for backward compatibility) for various file type groups can be introduced to avoid any more functions.

apmuthu's Website

3 Reply by kvvaradha (edited by kvvaradha 08/25/2014 08:05:50 am)

  • From: India, TN, Karur
  • Registered: 05/16/2014
  • Posts: 1,182

Re: Functions to prevent unwanted file types on file upload.

Yes, I agree with your opinion.  So, here I changed it as per my view,

<pre>
//-----------------------------------------------------------------------------------
function file_cells($label, $name, $id="", $file_type=null)
{
    if ($id != "")
        $id = "id='$id'";
        echo $file_type ;
    if($file_type== 'documents' ){
        $accept = '.doc,.docx, .rtf, .txt, .pdf, .ppt, .pptx' ;
    } elseif($file_type== 'image' ){
        $accept = 'image/*' ;
    } elseif( $file_type='video') {
        $accept ='video/*' ;
    } else
        $accept = '';
       
    label_cells($label, "<input type='file' name='$name' $id  accept='$accept' $file_type />");
}       
function file_row($label, $name, $id = "", $file_type=null)
{
    echo "<tr><td class='label'>$label</td>";
    file_cells(null, $name, $id, $file_type);
    echo "</tr>\n";
}   
</pre>

Here, you can input 4th parameter as the acceptable file type, and my code, i used three different things,

documents - doc, docx, rtf, txt, pdf, ppt, pptx,

image -  all image types, which supported by html 5

video - all video file types, which supported by HTML5.

and final one is empty, Thats one for default use, it will support all file types,

Subscription service based on FA
HRM CRM POS batch Themes

kvvaradha's Website