thenewperson Posted December 5, 2009 Share Posted December 5, 2009 Curious on how many secuirty problems there is to do with uploading besides packetsniffing and uploading bad scripts or is that all there is? Link to comment https://forums.phpfreaks.com/topic/184052-upload-secruity-problems/ Share on other sites More sharing options...
oni-kun Posted December 5, 2009 Share Posted December 5, 2009 Well really as long as you check mimetypes, place the file in a random secure location (watching for collision and make 100% sure your headers force download and not running on anything on the download area, than it should be okay. If you wish to allow multiple files to be uploaded, you should make 100% sure the loops are solid, as a slight error could mean anything from injection to multi-stream attacks. <?php $allowedExtensions = array("txt","csv","htm","html","xml", "css","doc","xls","rtf","ppt","pdf","swf","flv","avi", "wmv","mov","jpg","jpeg","gif","png"); foreach ($_FILES as $file) { if ($file['tmp_name'] > '') { if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { die($file['name'].' is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '<< Go Back</a>'); } } } ?> Link to comment https://forums.phpfreaks.com/topic/184052-upload-secruity-problems/#findComment-971718 Share on other sites More sharing options...
mrMarcus Posted December 5, 2009 Share Posted December 5, 2009 Well really as long as you check mimetypes, place the file in a random secure location (watching for collision and make 100% sure your headers force download and not running on anything on the download area, than it should be okay. If you wish to allow multiple files to be uploaded, you should make 100% sure the loops are solid, as a slight error could mean anything from injection to multi-stream attacks. <?php $allowedExtensions = array("txt","csv","htm","html","xml", "css","doc","xls","rtf","ppt","pdf","swf","flv","avi", "wmv","mov","jpg","jpeg","gif","png"); foreach ($_FILES as $file) { if ($file['tmp_name'] > '') { if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { die($file['name'].' is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '<< Go Back</a>'); } } } ?> this code does not actually check for MIME type (assuming that was your intention). the extension of the file does not by any means guarantee the file type. a file can be uploaded with a .jpg extension, and later renamed back to .exe and executed on the server. try: <?php $file = '/path/to/file.jpg'; $check = getimagesize ($file); echo $check['mime']; //will print image/jpeg; ?> change the extension on that same .jpg to .exe for example, and you will still get image/jpeg as your MIME type. there is also a PECL extension you can install called fileinfo. Link to comment https://forums.phpfreaks.com/topic/184052-upload-secruity-problems/#findComment-971721 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.