   #PHP Manual Filesystem functions is_readable is_writable

   PHP Manual
   Prev  Next
   ______________________________________________________________________

                               is_uploaded_file

   (PHP 3>= 3.0.17, PHP 4 >= 4.0.3)
   is_uploaded_file -- Tells whether the file was uploaded via HTTP POST

Description

   bool is_uploaded_file ( string filename)

   Returns TRUE if the file named by filename was uploaded via HTTP POST.
   This is useful to help ensure that a malicious user hasn't tried to
   trick the script into working on files upon which it should not be
   working--for instance, /etc/passwd.

   This sort of check is especially important if there is any chance that
   anything done with uploaded files could reveal their contents to the
   user, or even to other users on the same system.

   is_uploaded_file() is available only in versions of PHP 3 after PHP
   3.0.16, and in versions of PHP 4 after 4.0.2. If you are stuck using
   an earlier version, you can use the following function to help protect
   yourself:

     Note: The following example will not work in versions of PHP 4
     after 4.0.2. It depends on internal functionality of PHP which
     changed after that version.

   <?php
   /* Userland test for uploaded file. */
   function is_uploaded_file($filename) {
       if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
           $tmp_file = dirname(tempnam('', ''));
       }
       $tmp_file .= '/' . basename($filename);
       /* User might have trailing slash in php.ini... */
       return (ereg_replace('/+', '/', $tmp_file) == $filename);
   }
   /* This is how to use it, since you also don't have
   * move_uploaded_file() in these older versions: */
   if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
       copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");
   } else {
       echo "Possible file upload attack: filename
   '$HTTP_POST_FILES[userfile]'.";
   }
   ?>

   See also move_uploaded_file(), and the section Handling file uploads
   for a simple usage example.
   ______________________________________________________________________

   Prev        Home        Next
   is_readable  Up  is_writable
