PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Image Upload Validation

  1. ezoehunt
    Member

    It is possible to upload a file to the Image field that does not match filetype gif, jpg, or png. For instance, I just uploaded a php file with .gif extension through the Image field. Isn't this problematic? Can you add a filetype check to the image upload field?

    Also able to upload a php file with .pdf extension to the File field.

    These don't seem to be checking mime type. Do you expect users to manage that on their own? Or is there something I'm missing in my Gravity Forms configuration?

    Posted 9 years ago on Tuesday August 14, 2012 | Permalink
  2. You're not missing any configuration options. Most users don't misname their files intentionally. A malicious user could try to get around upload restrictions by giving a PHP file an image extension, and uploading that, but then what happens?

    We have discussed this in the past:
    http://www.gravityhelp.com/forums/topic/file-upload-security-1

    Posted 9 years ago on Saturday August 25, 2012 | Permalink