I am working on a script. Its automated the submission of webtemplates. When the zip and form is upload/submitted the zip file is unzipped to a folder. Only problem is with safety and someone includes a php or malicious script in their folder and then runs it.
Any ideas how I could solve this? I was thinking I could write a script to read the folder which the zip was extracted to . It scans the folder and folders which it contains and deletes all files which arent jpg,gif,psd,html,css,txt. Im not sure how to go about that though. Any ideas?
What would be even better is to be able to scan the zip and if the files are found the user trying to submit it is told and it is not unzipped or saved. Not sure if thats possible. Im using DunZip to unzip by the way and just read the following which seems to suggest I could do this somehow.
The dUnzip2 class is pretty good and it that can retrieve a full list of the packed files inside the ZIP file, and also you can see the file type details (e.g. uncompressed size, mod time, comments - if any, and so on).
|
No php knowledge - google and editing is my expertise