Simple validation function to confirm that an image is actually an image, not a malicious .gif or .php file.
function validate($upload){ // Must be a $_FILES array | |
if($upload['size'] == 0) return "Image not uploaded correctly."; | |
if($upload['size'] > 2097152){ // Measured in bytes, this is equal to 2MB | |
$filesize = $upload['size']/1048576; // Converts from bytes to Megabytes | |
return "The image you uploaded has a filesize that is too large. Please reduce your image to < 2MB. It is currently ".$filesize."MB."; | |
} | |
if(($upload['type'] != "image/gif" || "image/jpeg" || "image/png") || ($this->imageinfo['mime'] != "image/gif" || "image/jpeg" || "image/png")) | |
return "Uploads of that file type are not allowed. You need a jpg, png, or gif image."; | |
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".ph3", ".ph4"); | |
foreach ($blacklist as $item) { | |
if(preg_match("/$item\$/i", $upload['name'])) | |
return "Uploads with that file extension are not allowed. You need an image ending in .jpg, .png, or .gif"; | |
} | |
return true; // Validates | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment