Claro que pueden ver el código, la clase es open source
Link:
http://www.verot.net/php_class_upload.htm
La parte que permite mime types es:
Código PHP:
$this->forbidden = array();
$this->allowed = array("application/rar",
"application/x-rar-compressed",
"application/arj",
"application/excel",
"application/gnutar",
"application/octet-stream",
"application/pdf",
"application/powerpoint",
"application/postscript",
"application/plain",
"application/rtf",
"application/vocaltec-media-file",
"application/wordperfect",
"application/x-bzip",
"application/x-bzip2",
"application/x-compressed",
"application/x-excel",
"application/x-gzip",
"application/x-latex",
"application/x-midi",
"application/x-msexcel",
"application/x-rtf",
"application/x-sit",
"application/x-stuffit",
"application/x-shockwave-flash",
"application/x-troff-msvideo",
"application/x-zip-compressed",
"application/xml",
"application/zip",
"application/msword",
"application/mspowerpoint",
"application/vnd.ms-excel",
"application/vnd.ms-powerpoint",
"application/vnd.ms-word",
"application/vnd.ms-word.document.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"application/vnd.ms-word.template.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.wordprocessingml.template",
"application/vnd.ms-powerpoint.template.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.presentationml.template",
"application/vnd.ms-powerpoint.addin.macroEnabled.12",
"application/vnd.ms-powerpoint.slideshow.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.presentationml.slideshow",
"application/vnd.ms-powerpoint.presentation.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.presentationml.presentation",
"application/vnd.ms-excel.addin.macroEnabled.12",
"application/vnd.ms-excel.sheet.binary.macroEnabled.12",
"application/vnd.ms-excel.sheet.macroEnabled.12",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"application/vnd.ms-excel.template.macroEnabled.12",
"application/xls",
"application/x-ms-excel",
"application/vnd.openxmlformats-officedocument.spreadsheetml.template",
"audio/*",
"image/*",
"video/*",
"multipart/x-zip",
"multipart/x-gzip",
"text/richtext",
"text/plain",
"text/xml");
}
y donde las valida en:
Código PHP:
// checks file size and mine type
if ($this->uploaded) {
if ($this->file_src_size > $this->file_max_size ) {
$this->processed = false;
$this->error = $this->translate('file_too_big');
} else {
$this->log .= '- file size OK<br />';
}
// turn dangerous scripts into text files
if ($this->no_script) {
if (((substr($this->file_src_mime, 0, 5) == 'text/' || strpos($this->file_src_mime, 'javascript') !== false) && (substr($this->file_src_name, -4) != '.borrar'))
|| preg_match('/\.(php|pl|py|cgi|asp)$/i', $this->file_src_name) || empty($this->file_src_name_ext)) {
$this->file_src_mime = 'text/plain';
$this->log .= '- script ' . $this->file_src_name . ' renamed as ' . $this->file_src_name . '.borrar!<br />';
$this->file_src_name_ext .= (empty($this->file_src_name_ext) ? 'txt' : '.borrar');
}
}
Tonses, toy pegado.
Por ahora le puse que los marcara como .borrar, pero es lejos lo que sería ideal.
Aparte que de seguro me webean por ese "parche"
Cualquier ayudita me sirve
Gracias de antemano.
