Level 1
you should prevent from frontend to upload extention with (.exe) that file why you are allowing that request to reach at server side.
Apr 2, 2019
2
Level 1
Laravel mime type validation doesnt work for .exe file when it extension changes to .jpg or .gif or .png
Whem I want to upload image mime types work good but when I change executable file extension to image extension Laravel can not dtetct it is not an image.
assume we have a file with example.exe and after changing it's extension for example we will have example.png or example.gif or example.jpg file so after uploading laravel can not prevent to upload executable file with fake extension.
$validation = Validator::make(
$input,
[
'imageattachments.*' => 'required|mimes:jpg,jpeg,png,gif,bmp,svg,ico|max:2048
],[
'imageattachments.*.required' => 'Please upload an image',
'imageattachments.*.mimes' => 'Only jpg,jpeg,png,gif,bmp,svg,ico images are allowed'
]
);
if ($validation->fails()) {
return response()->json(['color' => 'bg-pink','message' => $validation->messages()->first() ]);
}
I hope help me soon
Level 2
@jaythanki it should detect the mimetype as exe and fail if the file extension was renamed. it relies on fileinfo , which isnt great at guessing the actual mimetype
Please or to participate in this conversation.