I am currently working on a project where the users can upload images and GPX files. No problem in validating the images but I simply can't find a secure way to make sure that the gpx files are not some malicious file instead. Any hints are very much appreciated! Thanks in advance!
Edit: Can anyone please point out why this code is not working? By not working I mean that it does not reject PDF files.
$xml = new XMLReader();
if (!$xml->xml($_FILES["gps"]["tmp_name"], NULL, LIBXML_DTDVALID)) {
echo '<script>alert("Not valid!");</script>';
exit();
}
note here you check the file validity as xml , and it's extention try this