As I showed by this : <FORM ACTION="http://your.domain.com/your.script.php"; Method="Post" ENCTYPE="multipart/form-data" > <Input Type="text" Name="ImageFile_name" value="../../../../etc/passwd"> <Input Type="Submit" Name="Submit"> </FORM> I can write this in a simple html, press the submit button and instead of file you will receive $ImageFile_name as a text variable. I can write in it everything but you rely on that PHP made it. No PHP didn't. Also in such form $ImageFile_tmpname can be supplied and if someone does this : <?php echo (implode('',file($ImageFile_tmpname))); ?> The /etc/passwd file can be shown easily. My suggestion : rely on $HTTP_POST_FILES . Yes it is long to type but it's secured. Also as I said. Since the new PHP 4.1.0 there will be $_FILES array, equivalent of $HTTP_POST_FILES(which will exists also).
The GD extension is used for dynamic construction of jpg,png,gif(up to some 1.x version). The constructed image can be saved to file or sent to the browser. GetImageSize() is one of the many functions provided by GD. http://www.php.net/manual/en/ref.image.php Best regards, Andrey Hristov ----- Original Message ----- From: "Ryan Stephens (Hotmail)" <[EMAIL PROTECTED]> To: "Andrey Hristov" <[EMAIL PROTECTED]> Sent: Wednesday, November 28, 2001 10:51 AM Subject: Re: [PHP] Image Uploads beeing corupted > this means nothing to me... sorry, i've only been working with PHP for a > couple weeks..... and a few month of web learning..... the site im working > on is hosted by some other guy, so i dont have access to it if i had to > change anything there. > > Why is $ImageFile a possible security hole? > What is GD extension? > > I dont need to find the type... i just used that as a test to see if that > might have anything to do with my corrupted file problem. And i found that > all the information beeing entered into the database re: its name and size > is fine... but it wont return a type... Im thinking if it cant return a type > (but still uploads the file) there must be a connection to it beeing > corrupt. > > Ryan > > > ----- Original Message ----- > From: "Andrey Hristov" <[EMAIL PROTECTED]> > To: "Ryan Stephens" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, November 28, 2001 12:46 AM > Subject: Re: [PHP] Image Uploads beeing corupted > > > > If you have GD extension build in your PHP use it to find the type(if you > are limited ot jpeg/gif/png files). > > I want to say again that the using of $ImageFile* is a possible security > hole. > > > > Regards, > > Andrey Hristov > > ----- Original Message ----- > > From: "Ryan Stephens" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, November 28, 2001 10:39 AM > > Subject: Re: [PHP] Image Uploads beeing corupted > > > > > > > the funny thing is this.... > > > > > > the information is beeing inserted into the database... the file is > beeing > > > uploaded (as i can see it in the directory). I can get results from > > > $ImageFile > > > $ImageFile_name > > > $ImageFile_size > > > > > > but i cant get a result for $ImageFile_type.... this comes up blank.... > > > there is obviously some connection, but just not sure what. > > > > > > Ryan > > > > > > > > > "Andrey Hristov" <[EMAIL PROTECTED]> wrote in message > > > 0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY... > > > > The problem is in that you do global only for $ImageFile, but not for > > > $ImageFile_name. > > > > Big flaw is that if someone make a form > > > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" > > > > ENCTYPE="multipart/form-data" > > > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000"> > > > > > > > > <Input Type="text" Name="ImageFile__name" > value="../../../../etc/passwd"> > > > > <Input Type="Submit" Name="Submit"> > > > > </FORM> > > > > > > > > may be can make a big shot. Depends on under which user Apache is > running. > > > > The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there > will > > > be new name > > > > for it => $_FILES .This array will be global, so there is no need to > write > > > > global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. > $_REQUEST > > > is > > > > merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from > php.ini). > > > > > > > > Regards, > > > > Andrey Hristov > > > > IcyGEN Corporation > > > > http://www.icygen.com > > > > BALANCED SOLUTIONS > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Ryan Stephens" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, November 28, 2001 10:12 AM > > > > Subject: [PHP] Image Uploads beeing corupted > > > > > > > > > > > > > Hey guys, > > > > > > > > > > I got my uploads to work thanks to some peoples help here in > this > > > > > newsgroup.... but now im having a problem with the files beeing > > > corrupted > > > > > upon upload..... not sure why.... any help would be greatly > apreciated. > > > > > > > > > > I have included my code again if it helps any. > > > > > > > > > > <----------------------------------------> > > > > > function UploadImage(){ > > > > > global $HTTP_POST_FILES; > > > > > global $ImageFile; > > > > > reset($HTTP_POST_FILES); > > > > > $pic_file = $HTTP_POST_FILES['ImageFile']; > > > > > copy ($pic_file['tmp_name'], "../images/$ImageFile_name"); > > > > > } > > > > > > > > > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" > > > > > ENCTYPE="multipart/form-data" > > > > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000"> > > > > > > > > > > <Input Type="File" Name="ImageFile"> > > > > > <Input Type="Submit" Name="Submit"> > > > > > </FORM> > > > > > <----------------------------------------> > > > > > > > > > > I've found that just doing this seems to do the same > > > > > > > > > > function UploadImage(){ > > > > > global $ImageFile; > > > > > copy ($ImageFile, "../images/$ImageFile_name"); > > > > > } > > > > > > > > > > > > > > > Thanks > > > > > Ryan Stephens > > > > > > > > > > > > > > > > > > > > -- > > > > > PHP General Mailing List (http://www.php.net/) > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > To contact the list administrators, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
