Browse field

Hi,

Can you explore more about browse, what are you facing problems? Although if you are giving upload file facility to a normal user. You can assure following  points.

There are six steps to protecting a website from file-upload attacks.

1. The application should use a whitelist of allowed file types. This list determines the types of files that can be uploaded, and rejects all files that do not match approved types.
2. The application should use client- or server-side input validation to ensure evasion techniques have not been used to bypass the whitelist filter. These evasion techniques could include appending a second file type to the file name (e.g. image.jpg.php) or using trailing space or dots in the file name.
3. The application should set a maximum length for the file name, and a maximum size for the file itself.
4. The directory to which files are uploaded should be outside of the website root.
5. All uploaded files should be scanned by antivirus software before they are opened.
6. The application should not use the file name supplied by the user. Instead, the uploaded file should be renamed according to a predetermined convention.

How we scanned by antivirus software before they are opened. using php program

I found a thread on stackoverflow https://stackoverflow.com/questions/10660260/what-are-my-options-to-check-for-viruses-on-a-php-upload

And also see this link how to implement it: https://www.howtoforge.com/scan_viruses_with_php_clamavlib_p2