Limit file uploads to certain file extensions #25

gunemalli · 2017-11-13T01:13:23Z

Hi There,

Love this script. Helped a lot with a few customers. I'd like to request a new feature if it's possible.

My requirement is that I only want a certain file extension to be able to be uploaded for security. Further to this, is it possible to lock down the file rename, not to be able to change the extension?

Regards
Asanka

prasathmani · 2017-11-15T06:32:38Z


$total = count($_FILES['upload']['name']);
$allowed =  array('gif','png' ,'jpg');
for ($i = 0; $i < $total; $i++) {
	$filename = $_FILES['upload']['name'][$i];
    $tmp_name = $_FILES['upload']['tmp_name'][$i];
	$ext = pathinfo($filename, PATHINFO_EXTENSION);
    if (empty($_FILES['upload']['error'][$i]) && !empty($tmp_name) && $tmp_name != 'none' && in_array($ext,$allowed)) {
        if (move_uploaded_file($tmp_name, $path . '/' . $_FILES['upload']['name'][$i])) {
            $uploads++;
        } else {
            $errors++;
        }
    }
}

replace the code from line no 445. you can add allowed list of extension in $allowed.

prasathmani added enhancement Feature labels Nov 15, 2017

prasathmani closed this as completed in f002ba2 Nov 15, 2017

ner00 pushed a commit to ner00/tinyfilemanager that referenced this issue May 7, 2023

Fix prasathmani#25 Limit file uploads to certain file extensions

51f2e3d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Limit file uploads to certain file extensions #25

Limit file uploads to certain file extensions #25

gunemalli commented Nov 13, 2017

prasathmani commented Nov 15, 2017 •

edited

Limit file uploads to certain file extensions #25

Limit file uploads to certain file extensions #25

Comments

gunemalli commented Nov 13, 2017

prasathmani commented Nov 15, 2017 • edited

prasathmani commented Nov 15, 2017 •

edited