How to determine if a file has been renamed from one extension to another?

D

davron28132015-04-15 11:10:37

Yii

davron2813, 2015-04-15 11:10:37

How to determine if a file has been renamed from one extension to another,
for example, on one site it is allowed to upload only files of the type (jpg, png, zip)
and if the file has been renamed from test.php to test.png --- how can you check the validity of C files HELP PHP ?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

F

FanatPHP, 2015-04-15
@FanatPHP

Determining whether a file has been renamed is , of course , impossible.
About "reality" is another question. In general, it cannot be determined. Any file may well be correct in terms of two or more formats - for example, a picture and a php script at the same time.
So in each specific case, we need to look separately - what we are protecting ourselves from, whether we need it, and if necessary, then how.
For example, about pictures the question was quite recently. If we want to make sure that there is no extra code in the picture, we resize it using GD.

D

Danila, 2015-04-15
@Ke1eth

1) Check on the server:

file -i /tmp/file.php
/tmp/file.php: image/png

2) Disable php execution in directories where file uploads are allowed

M

Mykola, 2015-04-15
@iSensetivity

Read the first bytes of a file.
In the case of php, you can check if the file contains the line "<?php" or "<?"