tallaljamshed's avatar

How to prevent .ZIP file upload

I'm using general file validations in laravel for word, excel, ppt (etc) but it allows zip files to be uploaded. how can i stop that,

0 likes
4 replies
MichalOravec's avatar

You can add whitelist of type files by:

'file' => 'mimes:pdf,doc,ppt,xls,docx,pptx,xlsx'

Or you can create your own validator rule and add there your custom login for that, how to make it you can find it in documentation.

tallaljamshed's avatar

ok i'll try to explain further PLEASE READ IT ALL. @oussama.tn @michaloravec I made this web app to upload files with all proper validation for office files. As far as i knew all validations worked . No file other then docs, pdf, ppt, excel were uploading. but some how (could be hacking attempt) somebody uploaded what LOOKS LIKE a zip file. why i say LOOKS LIKE a zip file? beacause im saving file name and mime types in database. now these (SUSPICIOUS) Files does not have any extension with its file name (which all other valid files do). and the mime type is

application/octet-stream

ok now i downloaded this file and it downloads as .ZIP file and opens with winrar. and theres some XML files in it. further i tried to investigate, and uploaded some other zip file from my pc which was blocked by validation(which is a good thing), but tried to re-upload that (SUSPICIOUS) file and it does upload again . So neither mimes nor mimetype validation is stoping it . PS: when i re-uploaded that (SUSPICIOUS) file this time it shows extension .zip and mimetype as

application/x-zip-compressed

ive been stuck with these types of file errors and havnt got much help so far on this forum so KINDLY SOME ONE HELP

MichalOravec's avatar

Create custom validation rule where you will check mimetypes and extension.

Please or to participate in this conversation.