[PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Image Uploads beeing corupted
The problem is in that you do global only for $ImageFile, but not for $ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will be new name
for it = $_FILES .This array will be global, so there is no need to write
global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST is
merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini).
Regards,
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
BALANCED SOLUTIONS
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:12 AM
Subject: [PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Image Uploads beeing corupted
the funny thing is this
the information is beeing inserted into the database... the file is beeing
uploaded (as i can see it in the directory). I can get results from
$ImageFile
$ImageFile_name
$ImageFile_size
but i cant get a result for $ImageFile_type this comes up blank
there is obviously some connection, but just not sure what.
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
The problem is in that you do global only for $ImageFile, but not for
$ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will
be new name
for it = $_FILES .This array will be global, so there is no need to write
global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST
is
merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini).
Regards,
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
BALANCED SOLUTIONS
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:12 AM
Subject: [PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing
corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Image Uploads beeing corupted
If you have GD extension build in your PHP use it to find the type(if you are limited
ot jpeg/gif/png files).
I want to say again that the using of $ImageFile* is a possible security hole.
Regards,
Andrey Hristov
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:39 AM
Subject: Re: [PHP] Image Uploads beeing corupted
the funny thing is this
the information is beeing inserted into the database... the file is beeing
uploaded (as i can see it in the directory). I can get results from
$ImageFile
$ImageFile_name
$ImageFile_size
but i cant get a result for $ImageFile_type this comes up blank
there is obviously some connection, but just not sure what.
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
The problem is in that you do global only for $ImageFile, but not for
$ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will
be new name
for it = $_FILES .This array will be global, so there is no need to write
global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST
is
merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini).
Regards,
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
BALANCED SOLUTIONS
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:12 AM
Subject: [PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing
corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Image Uploads beeing corupted
As I showed by this :
FORM ACTION=http://your.domain.com/your.script.php; Method=Post
ENCTYPE=multipart/form-data
Input Type=text Name=ImageFile_name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
I can write this in a simple html, press the submit button and instead of file you
will receive $ImageFile_name as a text variable.
I can write in it everything but you rely on that PHP made it. No PHP didn't. Also in
such form $ImageFile_tmpname can be supplied
and if someone does this :
?php
echo (implode('',file($ImageFile_tmpname)));
?
The /etc/passwd file can be shown easily.
My suggestion : rely on $HTTP_POST_FILES . Yes it is long to type but it's secured.
Also as I said. Since the new PHP 4.1.0 there
will
be $_FILES array, equivalent of $HTTP_POST_FILES(which will exists also).
The GD extension is used for dynamic construction of jpg,png,gif(up to some 1.x
version). The constructed image can be saved to file
or sent to the
browser. GetImageSize() is one of the many functions provided by GD.
http://www.php.net/manual/en/ref.image.php
Best regards,
Andrey Hristov
- Original Message -
From: Ryan Stephens (Hotmail) [EMAIL PROTECTED]
To: Andrey Hristov [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:51 AM
Subject: Re: [PHP] Image Uploads beeing corupted
this means nothing to me... sorry, i've only been working with PHP for a
couple weeks. and a few month of web learning. the site im working
on is hosted by some other guy, so i dont have access to it if i had to
change anything there.
Why is $ImageFile a possible security hole?
What is GD extension?
I dont need to find the type... i just used that as a test to see if that
might have anything to do with my corrupted file problem. And i found that
all the information beeing entered into the database re: its name and size
is fine... but it wont return a type... Im thinking if it cant return a type
(but still uploads the file) there must be a connection to it beeing
corrupt.
Ryan
- Original Message -
From: Andrey Hristov [EMAIL PROTECTED]
To: Ryan Stephens [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 12:46 AM
Subject: Re: [PHP] Image Uploads beeing corupted
If you have GD extension build in your PHP use it to find the type(if you
are limited ot jpeg/gif/png files).
I want to say again that the using of $ImageFile* is a possible security
hole.
Regards,
Andrey Hristov
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:39 AM
Subject: Re: [PHP] Image Uploads beeing corupted
the funny thing is this
the information is beeing inserted into the database... the file is
beeing
uploaded (as i can see it in the directory). I can get results from
$ImageFile
$ImageFile_name
$ImageFile_size
but i cant get a result for $ImageFile_type this comes up blank
there is obviously some connection, but just not sure what.
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
The problem is in that you do global only for $ImageFile, but not for
$ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name
value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is
running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there
will
be new name
for it = $_FILES .This array will be global, so there is no need to
write
global $_FILES . The same is done for $_GET, $_POST, $_COOKIE.
$_REQUEST
is
merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from
php.ini).
Regards,
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
BALANCED SOLUTIONS
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:12 AM
Subject: [PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in
this
newsgroup but now im having a problem with the files beeing
corrupted
upon upload. not sure why any help would be greatly
apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACT
