Limiting file upload type

Question

Simple question. Is there a way to only allow txt files upon uploading? I've looked around and all I find is text/php, which allows PHP.

$uploaded_type=="text/php

Answer 1

When you upload a file with PHP its stored in the $_FILES array. Within this there is a key called "type" which has the mime type of the file EG $_FILES['file']['type']

So to check it is a txt file you do

if($_FILES['file']['type'] == 'text/plain'){
    //Do stuff with it.
}

It's explained very well here. Also, don't rely on file extentions it's very unreliable.

Answer 2

You need to check the file extension of the uploaded file.

There is Pear HttpUpload, it supports this.

Answer 3

You could check the mime type of the uploading file. In codeIgniter, this code is used in the upload library:

$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);

The variable $this->file_type then used to check the upload configuration, to see if the uploaded file is in allowed type or not. You can see the complete code in the CodeIgniter upload library file.

Answer 4

Simply put: there's no way. Browsers don't consistently support type limiters on file upload fields (AFAIK that was planned or even is integrated into the HTML standard, but barely implemented at best). Both the file extension and mime-type information are user supplied and hence can't be trusted.

You can really only try to parse the file and see if it validates to whatever format you expect, that's the only reliable way. What you need to be careful with are buffer overflows and the like caused by maliciously malformed files. If all you want are text files, that's probably not such a big deal though.