File upload, limit file type

[saw15]

I use the following to allow users to upload files. I would like to add the limitation of a specific file name or file type, but the following does not work:

<FORM METHOD="POST" ENCTYPE="multipart/form-data" ACTION="FTPAccess.asp" NAME="form1"">

File 1: <input TYPE="FILE" SIZE="40" NAME="FILE1" accept="text/html">

Does anyone see what I am doing wrong...

Thanks in advance.

 

[cLFlaVA]

so, they have to be html files?

try this:

function verify() {
    var el = document.forms['form1'].elements['FILE1'];
    var ext = el.value.split(".")[1];

    if ( ext != 'html' && ext != 'htm' ) {
        alert('only html files!');
        return false;
    }
    return true;
}

for security purposes, you'd need a similar validation on the server side.

*cLFlaVA
----------------------------
[tt]your mom goes to college[/tt]
[URL unfurl="true"]http://www.coryarthus.com/[/url]

 

[saw15]

Worked perfect, thanks.

 

[Foamcow]

I'd do a server side check of some kind too rather than rely on Javascript.

In fact, it's recommended that any uploaded files are uploaded into a "quarantine area" that is not user accessible. The files should then have rigorous tests performed on them to make sure they are what they claim to be. Only after passing the interrogation should they be moved into a user accessible area.

This is to prevent naughty people uploading harmful executables (disguised as other filetypes) and running them on your server which would probably make your day suck quite a bit.

In short, if security is an issue then don't rely on the file extension tellint the whole story.

Foamcow Heavy Industries - Web design and ranting
Buy Languedoc wines in the UK

 

[cLFlaVA]

for security purposes, you'd need a similar validation on the server side.

*cLFlaVA
----------------------------
[tt]your mom goes to college[/tt]
[URL unfurl="true"]http://www.coryarthus.com/[/url]