darius92's avatar

File upload vulnerabilities

I want to make secure file upload and have some question.

  1. Is this file extension check is safe from uploading html or php file? $temp = explode('.', $fileName); $extension = end($temp); if(in_array(strtolower($extension), $whitelist)){ return true; }

  2. Hacker can write his malicious code inside his .jpeg file with tools like jhead. Is there any way that his code(ex. PHP or JS) will be executed even when file have .jpeg extension?

I keep uploaded files outside Laravel project root.

0 likes
0 replies

Please or to participate in this conversation.