Welcome Guest, Not a member yet? Register   Sign In
do upload is accepting .zip files instead of giving error
#1

Hello To All,

I have specified jpg, jpeg, png in allowed_types in do_upload.
I tried to upload .rar, .zip files but instead of throwing an error it redirects to a blank page.
It must not allow and throw an error.

if(!empty($_FILES['img1']['name'])){
               $config['upload_path'] = 'uploads/images/';
               $config['allowed_types'] = 'jpg|jpeg|png|gif';
               $config['file_name'] = $_FILES['img1']['name'];
               
               //Load upload library and initialize configuration
               $this->load->library('upload',$config);
               $this->upload->initialize($config);
               
               if(!$this->upload->do_upload('img1")){
                   $error = array('error'=>$this->upload->display_errors());
                   $this->session->set_flashdata('error',$error['error']);
                   redirect( redirect('my_controller/profile');
               }
               else{
                    $img1 = $this->upload->data();
                   $timg1 = $img1['file_name'];

               }
           }


Thank you in advance....
Reply
#2
Wink 

In Codeigniter 2.3 allowed_types validation is not working correctly. We can try the below alternative  by creating your own custom array of mime types and validating it


<?php
if(!empty($_FILES['img1']['name'])){
   $config['upload_path'] = 'uploads/images/';
   $config['allowed_types'] = '*';
   $config['file_name'] = $_FILES['img1']['name'];

   //create your custom mime types array to be checked. In the below have added various types of CSV file
   $csv_mime_type = array('text/plain','text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel');
   
   //Load upload library and initialize configuration
   $this->load->library('upload',$config);
   $this->upload->initialize($config);
   
   if(!$this->upload->do_upload("img1")){
       $error = array('error'=>$this->upload->display_errors());
       $this->session->set_flashdata('error',$error['error']);
       redirect('my_controller/profile');
   }
   elseif(!in_array($_FILES['img1']['type'], $csv_mime_type)) {   //check filetype is in csv format
      //error handling
     }
   else{
        $img1 = $this->upload->data();
       $timg1 = $img1['file_name'];
   }
}
?>
Reply




Theme © iAndrew 2016 - Forum software by © MyBB