Anyone know of a good free file uploader script?

Luke

Luke

Madly Diligent
Joined
Jun 11, 2010
Messages
5,396
Reaction score
2
FP$
14
Does anyone? It would be great if you could find one or know of one where you can control what can be uploaded eg. file extensions, looks good and isn't just for images, thanks :heart:
 
Re: Anyone know of a good free file uploader?

Box.net is great. I use it for a lot of things.
 
Sorry, I mean a file uploading script, like your image host, but does files, not a file host, a script 🙂
 
I don't think there is a good free one. There are free ones, but they will have massive security issues. It's easy to get a file uploaded from a form, but it's not that easy to prevent people from misusing it. i.e. You could prevent people from uploading .php files with file extension restrictions, but how can you prevent someone from uploading a .php file with a .jpg extension? If they manage to get something like that uploaded then they can pretty much ruin your solution.

Though if one actually exists, I'd like to see it also. 😀
 
jamesyfx said:
I don't think there is a good free one. There are free ones, but they will have massive security issues. It's easy to get a file uploaded from a form, but it's not that easy to prevent people from misusing it. i.e. You could prevent people from uploading .php files with file extension restrictions, but how can you prevent someone from uploading a .php file with a .jpg extension? If they manage to get something like that uploaded then they can pretty much ruin your solution.

Though if one actually exists, I'd like to see it also. 😀
Click to expand...

Correct me if I am wrong but I don't think you can actually do that, have PHP in a .JPG file. I know you can have it the other way around for stat images etc but PHP in JPG would not be possible I wouldn't have thought anyway.
 
Dan said:
Correct me if I am wrong but I don't think you can actually do that, have PHP in a .JPG file. I know you can have it the other way around for stat images etc but PHP in JPG would not be possible I wouldn't have thought anyway.
Click to expand...

Well, I used .jpg as an example. What I'm referring to is that you can prevent people from uploading .php files, but you can't prevent them from uploading code unless you use advanced security techniques.

The idea is not that you display an image and this executes code, the idea is that you just change the extension so your simple script allows you to upload in it.

Changing the file extension to .jpg does not make an image (obviously) - but it still contains PHP code - changing the extension from .php to .jpg allows you to upload this code to the server, which could be very damaging.
 
Again though it won't be as easy to just save a .PHP file as something else because it just wouldn't work. Also the security techniques are there and easier than you may think. All you would need to do is block .xyz and then as another security precaution disallow a matching string of characters within the file from being uploaded.

On the actual subject though, I was under the impression that Luke M had the knowledge of building something like this himself as I've seen elsewhere that he is supposedly a 'developer'.
 
I was just wondering if there was any good ones out there but managed to make my own, they aren't hard, was curious to see other ones 😉 I've managed to ban php files too, and others.
 
You don't have to worry, made by own, working on security features now. 🙂
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom