suppose we have a example.exe file. we first put that file in a new folder and then zip that folder with any zipping software, Can we prevent that zipped folder upload in a website???? how can we do that???????????
+2
A:
You cannot prevent it, because you can't tell what the browser is going to submit before it submits it. All you can do is when the file arrives on the server, check the file extension - if it's an exe (or a .zip and you open it up and find an .exe) then reject it.
You can use something like SWFupload to get a handle on the file before it's uploaded, but the best that'll do is tell you the name of the file.
Besides, they could just take "example.exe" change the name to "example.txt" and still upload it...
Dean Harding
2010-05-13 05:01:21
try to upload a zipped exe file in gmail ????it upload or not.....
subodh
2010-05-13 05:05:36
gmail uploads using ajax, so it does get to the server before rejection
thenoviceoof
2010-05-13 05:44:39
A:
You check on the server. Checking with javascript in form.onsubmit is dumb because its quite simple to post a form with a file to the same URL and skip your super secure javascript powered page.
mP
2010-05-13 05:40:44