ID: 48344
Comment by: carsten_sttgt at gmx dot de
Reported By: danymoussa at gmail dot com
Status: Open
Bug Type: *General Issues
Operating System: Centos 5
PHP Version: 5.2.9
New Comment:
I guess a bug tracker is the wrong place for such questions. e.g. the
user mailing list a better place.
(hint: mimetype functions)
Regards,
Carsten
Previous Comments:
[2009-05-20 11:37:48] danymoussa at gmail dot com
Thank you, how can i insure no one is uploading shell files to my
website? i mean what's the best way to secure it?
[2009-05-20 11:33:43] carsten_sttgt at gmx dot de
The Content-Type is set by your browser (or what ever UA you are using
for the POST request).
That's the reason for:
Don't trust the type in $_FILES. (An UA can set this to every value
it want.)
In addition:
If no Content-Type is set by the UA, the default is
application/octet-stream.
Regards,
Carsten
[2009-05-20 11:24:49] danymoussa at gmail dot com
Submission error, flip actual result with expected result
[2009-05-20 11:20:19] danymoussa at gmail dot com
Description:
This is a very serious problem that i never faced in php earlier
version. However i tried to hack into my jpg-upload-image script and was
able to do that by inserting a renamed shell script: pic1.php.jpg
Reproduce code:
---
form action=upload.php method=post
enctype=multipart/form-data
input type=file name=file
input type=submit value=Upload
/form
print_r($_FILES);
Expected result:
[file] =gt; Array
(
[name] =gt; pic.php.jpg
[type] =gt; image/jpeg
[tmp_name] =gt; /tmp/php96MEPH
[error] =gt; 0
[size] =gt; 23052
)
Actual result:
--
[file] =gt; Array
(
[name] =gt; pic.php.jpg
[type] =gt; application/octet-stream
[tmp_name] =gt; /tmp/php96MEPH
[error] =gt; 0
[size] =gt; 23052
)
--
Edit this bug report at http://bugs.php.net/?id=48344edit=1