PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Image Upload Validation

Gravity Support Forums » Plugin Support » Gravity Forms

  1. ezoehunt
    Member

    It is possible to upload a file to the Image field that does not match filetype gif, jpg, or png. For instance, I just uploaded a php file with .gif extension through the Image field. Isn't this problematic? Can you add a filetype check to the image upload field?

    Also able to upload a php file with .pdf extension to the File field.

    These don't seem to be checking mime type. Do you expect users to manage that on their own? Or is there something I'm missing in my Gravity Forms configuration?

    Posted 11 years ago on Tuesday August 14, 2012 | Permalink

  2. Chris Hajer
    Key Master

    You're not missing any configuration options. Most users don't misname their files intentionally. A malicious user could try to get around upload restrictions by giving a PHP file an image extension, and uploading that, but then what happens?

    We have discussed this in the past:
    http://www.gravityhelp.com/forums/topic/file-upload-security-1

    Posted 11 years ago on Saturday August 25, 2012 | Permalink