File extension won't validate on upload.

I've been trying to validate the extension on a file to be uploaded and it doesn't seem to work. I've tried several variations to no avail.

The file will upload if the validation is set to include a blank value.

The upload script:
<?php
// WA_UploadResult1 Params Start
$WA_UploadResult1_Params = array();
// WA_UploadResult1_1 Start
$WA_UploadResult1_Params["WA_UploadResult1_1"] = array(
'UploadFolder' => "vendorlogos/",
'FileName' => "[FileName]",
'DefaultFileName' => "NoImage.png",
'ResizeType' => "1",
'ResizeWidth' => "350",
'ResizeHeight' => "350",
'ResizeFillColor' => "#FFFFFF" );
// WA_UploadResult1_1 End
// WA_UploadResult1 Params End
?>
<?php
WA_DFP_SetupUploadStatusStruct("WA_UploadResult1");
if(isset($_POST["SubmitButton"]) || isset($_POST["SubmitButton_x"])){
WA_DFP_UploadFiles("WA_UploadResult1", "vendorLogo", "0", "", "false", $WA_UploadResult1_Params);
}
?>

The validation script:
<?php
if (isset($_POST["SubmitButton"]) || isset($_POST["SubmitButton_x"])) {
$WAFV_Redirect = "error.html";
$_SESSION['WAVT_vendorhome_467_Errors'] = "";
if ($WAFV_Redirect == "") {
$WAFV_Redirect = $_SERVER["PHP_SELF"];
}
$WAFV_Errors = "";
$WAFV_Errors .= WAValidateFE(($WA_DFP_UploadStatus["WA_UploadResult1"]["fileExtension"]) . "",".gif, .jpg, .jpeg, .png",true,2);

if ($WAFV_Errors != "") {
PostResult($WAFV_Redirect,$WAFV_Errors,"vendorhome_467");
}
}
?>

Is the validation code above the file upload code? UploadResult values can't be validated before the file upload has processed. Try validating with the form element value from the form directly instead of the file extension from the processed upload.

Thank you for your quick response.

The validation scripts are before the upload scripts. I chose Validation as File Extension. The variable is vendorLogo Extension. When choosing the variable the value is: <?php echo (((isset($_FILES["vendorLogo"]))? preg_replace('/^.*\./', '', $_FILES["vendorLogo"]["name"]) :"")); ?>
It still doesn't work.

I've attached two pics of the screens with the choices I made.

That looks like it would work. Can I get a copy of the page? I'll put it on my localhost and do some testing.

Here it is. I added a gutted version that had just the upload and validate code.

It is a little confusing, but you need to validate the first value (the full file name) not just the extension... so the code should be:

$WAFV_Errors .= WAValidateFE(((isset($_FILES["vendorLogo"]))?$_FILES["vendorLogo"]["name"]:"") . "",".gif, .jpg, .jpeg, .png",true,2);

When you choose just the extension, then it removes the "." in front, and that won't validate properly. The File Extension validation will automatically strip the file name and validate just the extension part.

Thank you.

That seemed to work. I do have one other question about security. Can someone upload an executable file like hackme.jpg.php? Is this pretty secure or do I need to add something to increase the security.

Thanks again.

It only would allow .jpg and not .jpg.php files.

Thanks.