Uploadify + Upload Class

[eluser]Philo01[/eluser]
Hi there!

I'm trying to get Uploadify work with the codeigniter upload class.
If I manualy code it like:

Code:

<?php
$tempFile = $_FILES['userfile']['tmp_name'];
$targetFile = './uploads/'.$_FILES['userfile']['name'];
        
move_uploaded_file($tempFile,$targetFile);
?>

That works, but I prefer to get it working with the normal file uploading class.
So this is my attempt:

Code:

$config['upload_path'] = './uploads/';
        $config['allowed_types'] = 'jpg';
        $config['max_size']    = '100';
        $config['max_width']  = '1024';
        $config['max_height']  = '768';

        
        $this->load->library('upload', $config);
        
        if ( ! $this->upload->do_upload())
        {
            $error = array('error' => $this->upload->display_errors());
            echo "0";
        }    
        else
        {
            $data = array('upload_data' => $this->upload->data());
            
            echo "1";
        }
        
        $myFile = "./log.txt";
        $fh = fopen($myFile, 'w') or die("can't open file");
        $stringData = $this->upload->display_errors().' '.$_FILES['userfile']['name'];
        fwrite($fh, $stringData);
        fclose($fh);

As you can see, I write any errors and the filename to my log.txt file.
Now when I try to upload something, I will get the following error:

<p>The filetype you are attempting to upload is not allowed.</p> test.jpg

It throws me that error all the time, while the fileext is set to jpg in the "allowed_types" part.

Anyone who can help me out ?

Thanks!

Philo

[eluser]sofwan[/eluser]
Try to change this : $config['allowed_types'] = 'jpg|jpeg';

and make sure you don't put in your autoload file, library 'upload' because it's already put in your controller:
$this->load->library('upload', $config);

[eluser]vitoco[/eluser]
i had the same problem, and it's not in the allowed types, but in the way that uploadify handle the MIME, almost every file( i can't say all files cause i haven't tried all of them ) get assigned the

Code:

"application/octet-stream"

MIME type, you can veify this using :

Code:

print_r( $_FILES );

so, in your config/mimes.php you must add this mime type to the filetypes that you wanna upload with uploadify, like this

Code:

'jpg'    =>    array('image/jpeg', 'image/pjpeg' , 'application/octet-stream'),

i don't know, and if anyone can clarify if this is a security flaw, please do.

Saludos

[eluser]Philo01[/eluser]
[quote author="vitoco" date="1266229298"]i had the same problem, and it's not in the allowed types, but in the way that uploadify handle the MIME, almost every file( i can't say all files cause i haven't tried all of them ) get assigned the

Code:

"application/octet-stream"

MIME type, you can veify this using :

Code:

print_r( $_FILES );

so, in your config/mimes.php you must add this mime type to the filetypes that you wanna upload with uploadify, like this

Code:

'jpg'    =>    array('image/jpeg', 'image/pjpeg' , 'application/octet-stream'),

i don't know, and if anyone can clarify if this is a security flaw, please do.

Saludos[/quote]

Thanks allot!
Works great!

[eluser]Philo01[/eluser]
Just wondering if it is possible to filter the allowed file types.

When I set it to:

Code:

$config['allowed_types'] = 'png';

And then upload a .jpg it will get accepted, because it is 'application/octet-stream'.

Code:

'jpg'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream')

I know I can remove the application/octet-stream part, but I want my application to have dynamic file type support.
So you can choose the allowed file types: jpg,jpeg,png and gif.
Anyway to get around this problem?

Thanks!

[eluser]Cro_Crx[/eluser]
[quote author="Philo01" date="1266243560"]
Anyway to get around this problem?[/quote]

Uplodify isn't going to send the correct MIME type in the headers so you can't rely on it being accurate. You extend the uploader class and overright the is_allowed_filetype method to check the file extension rather than the MIME type.

Uploadify also has an option to allow files based on file extension, check the documentation for the parm 'fileExt'.

[eluser]Philo01[/eluser]
[quote author="Cro_Crx" date="1266244076"][quote author="Philo01" date="1266243560"]
Anyway to get around this problem?[/quote]

Uplodify isn't going to send the correct MIME type in the headers so you can't rely on it being accurate. You extend the uploader class and overright the is_allowed_filetype method to check the file extension rather than the MIME type.

Uploadify also has an option to allow files based on file extension, check the documentation for the parm 'fileExt'.[/quote]

Yes I know about the fileExt parameter, although people could just edit the javascript and change it using a inline html editor like firebug, and just add there own extension.

Although, what I could do is check if they where modified.
Lets say the file types are retrieved from the database.

I can check if the allowed filetypes in the database match the fileExt send by Uploadify.
Should be quite secure right? I just want people to be able to upload image formats.

Besides that I can check if the upload data is_image is 1. And check the file_ext again for extra security.
Think that would do?

Edit

I just noticed that when uploading it ignores everything:

Code:

$config['upload_path'] = './uploads/';
        $config['allowed_types'] = 'jpg|jpeg|png';
        $config['max_size']    = '100';
        $config['max_width']  = '10';
        $config['max_height']  = '10';

When I upload a to large image it will upload, while it should reject it.
When I print out the $this->upload->data() array it only returns the number 1.
Is this correct? Does CI ignore the other configs when uploading via uploadify.

Edit
I found out that the array does contain data, all but the width and height.
Anyone know how why this is?

Kind regards,

Philo