File upload in PHP: Validating that a file is gpx

688 views Asked by At

I am currently working on a project where the users can upload images and GPX files. No problem in validating the images but I simply can't find a secure way to make sure that the gpx files are not some malicious file instead. Any hints are very much appreciated! Thanks in advance!

Edit: Can anyone please point out why this code is not working? By not working I mean that it does not reject PDF files.

$xml = new XMLReader();
if (!$xml->xml($_FILES["gps"]["tmp_name"], NULL, LIBXML_DTDVALID)) {
    echo '<script>alert("Not valid!");</script>';           
    exit();
}
1

There are 1 answers

0
Anas On BEST ANSWER
$xmlcontents = XMLReader::open($_FILES["gps"]["tmp_name"]);

$xmlcontents->setParserProperty(XMLReader::VALIDATE, true);

if($xmlcontents->isValid() and ($xml->xml($_FILES["gps"]["tmp_name"], NULL, LIBXML_DTDVALID))) {
}
else {
    echo 'Not a valid GPS file!")';            
    exit();
}

note here you check the file validity as xml , and it's extention try this