John Nichel wrote:
Jack Jackson wrote:
<snip>
Also, it seems that directories must be blown wide open (777) to allow
the script to copy the file over from /tmp. My ISP won't allow
directories to be set to 777 under public_html/ -- but we need to
access the files via web browser which is the whole point.
It shouldn't have to be this way. The webserver should be configured to
run as your virtual user, or belong to a group which has write
permission to that directory, or.....I'm getting a bit off track with
that. This is something you'll have to take up with your ISP.
Will do.
So my questions:
1. How do you validate Word and Excel files before upload?
Before? JavaScript...if JavaScript can even do it (I haven't touched
the stuff in ages). After upload, you can check the mime type, but
that's not foolproof.
Okay, sorry I miswrote: after upload to the temp directory, BEFORE using
move_uploaded_file(). Checking the mime type is the problem - if I can't
trust the browsers am I really reliant on the file extension? Can't I
peek in some manner into it as we do with getimagesize()?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
