I have a problem with file uploading
I have a upload files content type where user upload image,doc,pdf files.
I know that it doesn't allow .exe file if file extension are .exe.

The problem is that when i rename .exe file extension as .jpg .
It is not showing any error simply it is uplopading the file.
It is a big security issue of my site.
How to check within file and send error message not to upload such files.


quicksketch’s picture

Category: bug » support
Priority: Critical » Normal
Status: Active » Fixed

Install http://drupal.org/project/mimedetect to add content-detection to ensure the file contents match the file extension.

Generally speaking this isn't a large problem for the web because Drupal will use the file extension to determine how to display the given file. Even if a .exe file is renamed to a .jpg, it won't be executed on a user's computer unless they rename the file back to .exe. While it sounds as though renaming files and uploading them could be dangerous, it won't cause have any security problems unless you can trick the web server into delivering the file as an .exe.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

sahithi’s picture

i have problem while uploading mimedetect module.please help me out for drupal7

Fileinfo could not load the magic file. It could be corrupted. Try reinstalling the magic file distributed with the MimeDetect module. (Currently using Mime type detection PHP Fileinfo Extension)".

This was the error