Home > Mobile >  How to make filename of file uploaded with getClientOriginalName make safe?
How to make filename of file uploaded with getClientOriginalName make safe?

Time:09-06

In https://laravel.com/docs/9.x/filesystem#file-uploads I read as file custom file uploading :

However, keep in mind that the getClientOriginalName and getClientOriginalExtension methods are considered unsafe, 
as the file name and extension may be tampered with by a malicious user. For this reason, you should typically prefer the 
hashName and extension methods to get a name and an extension for the given file upload:

I do not like using of hashName I would prefer original name, making it safe. I wonder what how file name can be unsafe ? I know that say login/username can be used to bypass login procedure. But File name ? If it can be unsafe, how to modify ot to make safe ?

Thanks in advance!

CodePudding user response:

A few things i had to implement to kinda avoid this security hole since nothing is safe nowadays.

1- Use a custom approach to name files, you can add a GUID for instance to the client file name.

2-Add right after <form method="POST "enctype=”multipart/form-data"

3-for the validation you can add

'image' =>  'file|mimes:jpg,jpeg,png,gif|max:1024',

Page link:https//www.codepudding.com/Mobile/534902.html

Prev:php artisan migarate:fresh -seed keep getting error
Next:Appropriate HTTP Error Code for PUT Requests
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding