pear html quickform

Forum Moderators: coopster

Message Too Old, No Replies

pear html quickform

topr8

8:16 am on Apr 11, 2008 (gmt 0)

if i use PEAR HTML_QuickForm to build a form and upload an image, setting a server side rule that the mime type should only be jpg, jpeg, gif, png

does it just check against the http mime type header or is it actually checking in a more secure way?

i can't see this documented anywhere.

henry0

11:18 am on Apr 11, 2008 (gmt 0)

I suppose it checks for file extension
however the best way in that case is to perform any temp GD manip; if it works then it is what it says it is, if not ALERT

topr8

12:45 pm on Apr 11, 2008 (gmt 0)

yes thanks, i'll use (GD) getimagesize to check

... i'm wondering if that step is just doubling up what pear did though?

jatar_k

3:30 pm on Apr 11, 2008 (gmt 0)

why not dig into what the pear code is doing and see?

a nit picky side note, getimagesize is not a GD function and does not require GD to be installed

topr8

4:03 pm on Apr 11, 2008 (gmt 0)

ok sorry, yes i saw that getimagesize is infact not part of GD, although even on the php.net site it is listed on what seems to me to be the GD page

[php.net...]

as for looking at what pear actually does, i'm not shy of digging in and looking, in fact i have been doing so and have been using the 'manual' such as it is - there seems to be very little tutorials online or those that are are so symplistic and don't actually explain why they are doing something ... just the
do this
do that
here's the result type tutorial (not much use really)

i've never done any OOP in my life before and even the syntax is pretty overwhelming for me at this point, although more understandable than it was yesterday ... so show some mercy :)

jatar_k

5:40 pm on Apr 11, 2008 (gmt 0)

>> show some mercy

hehe, fair enough

I have been picking through for a few minutes here. I see the file/class for the creation of a file form element

I also see where the validation is I just haven't picked through enough to see what it is

I'll keep looking

jatar_k

6:10 pm on Apr 11, 2008 (gmt 0)

>> setting a server side rule that the mime type should only be jpg, jpeg, gif, png

how do you set the rule? did you have to add a script to do it?

topr8

6:38 pm on Apr 11, 2008 (gmt 0)

thanks ...

no the rules are built in, i've written

$form->addRule('picSm','maxfilesize',50000);
$form->addRule('picSm','mimetype',array('jpg','jpeg','gif','png'));

where picSm is the form field name.
the default is server side validation, if i'd added client
$form->addRule('picSm','mimetype',array('jpg','jpeg','gif','png'),'client');
then it would be client side validation and presumably the created js would just check the mime type.

i'm thinking that maybe it just checks the http mime type, but given that it is not too difficult to check if the file truly is an image type i was thinkng it should validate it.

it's gettign better, although this whole

=> -> :: : syntax stuff is still strange

jatar_k

7:40 pm on Apr 11, 2008 (gmt 0)

hehe, that is one batch of code too, I can tell you when reading stuff like that which was coded for all eventualities it is always difficult.

I am guessing that it just checks mime type from reading through a bunch of the validation functions. I didn't read through all the thousands of lines of code, it would just take too long. ;)