I am currently working on a project where the users can upload images and GPX files. No problem in validating the images but I simply can't find a secure way to make sure that the gpx files are not some malicious file instead. Any hints are very much appreciated! Thanks in advance!
Edit: Can anyone please point out why this code is not working? By not working I mean that it does not reject PDF files.
$xml = new XMLReader();
if (!$xml->xml($_FILES["gps"]["tmp_name"], NULL, LIBXML_DTDVALID)) {
echo '<script>alert("Not valid!");</script>';
exit();
}
$xmlcontents = XMLReader::open($_FILES["gps"]["tmp_name"]);
$xmlcontents->setParserProperty(XMLReader::VALIDATE, true);
if($xmlcontents->isValid() and ($xml->xml($_FILES["gps"]["tmp_name"], NULL, LIBXML_DTDVALID))) {
}
else {
echo 'Not a valid GPS file!")';
exit();
}
note here you check the file validity as xml , and it's extention try this