08-15-2012, 10:17 AM
[eluser]malzahar[/eluser]
I'm curious as to what the best practices are regarding security for codeigniter's file upload library.
I typically use set my allowed types in the configuration and make sure the files are uploaded outside of the codeigniter application directory as can be seen in the sample config below.
Are the allowed types case sensitive? And do they take into account files with wrong file extensions? What other security measures can be taken. Also, Is it possible to make a file upload a required form field in codeigniter?
Sorry for all the questions I haven't had to really deal with file uploads in the past but any help is appreciated.
I'm curious as to what the best practices are regarding security for codeigniter's file upload library.
I typically use set my allowed types in the configuration and make sure the files are uploaded outside of the codeigniter application directory as can be seen in the sample config below.
Code:
$config = array(
'allowed_types' => 'jpg|jpeg|pdf',
'upload_path' => realpath(APPPATH . '../uploads/'),
'max_size' => 1500
);
$this->load->library('upload', $config);
Are the allowed types case sensitive? And do they take into account files with wrong file extensions? What other security measures can be taken. Also, Is it possible to make a file upload a required form field in codeigniter?
Sorry for all the questions I haven't had to really deal with file uploads in the past but any help is appreciated.