PDA

View Full Version : Custom File Uploader - Security prob?

stryka
08-06-2006, 07:28 AM
Hey guys... i picked up this old upload script that I use in a custom VBULLETIN page.... Lemme know your opinions on whether its still good or if it poses any security risks....


<?

/////////////////////////////////////////////////////////////////////
// File/Image Uploader by tnguy3n @ http://all4actions.net //
// Doc -> http://www.all4actions.net/forums/showthread.php?t=3389 //
/////////////////////////////////////////////////////////////////////
chdir($DOCUMENT_ROOT . "/forum");
// integrate into vbb
error_reporting(E_ALL & ~E_NOTICE);
require_once("$DOCUMENT_ROOT/forum/global.php");

// set usergroup can access this script
//if (!in_array($bbuserinfo['usergroupid'], array(2,5,6,7,8,9,11)))
//{ print_no_permission(); }

// uploader settings
//$dir = "C:/Inetpub/wwwroot"; // absolute path/dir where images are to be uploaded or /home/user/public_html/uploads for *nix
$dir = "/home/xxxC/public_html/dir/images/";
$ext = array(".gif", ".jpg", ".jpeg", ".png"); //allowed file extensions. To add more ext, use comma to seperate them
$filesize = "200"; // max filesize allowed to upload (in KB)
$url = "http://www.xxxC.com/dir/images/"; // Full URL to your upload dir
$maxwidth = 400; // for images only ... set this if you don't ppl to upload large images, breaking table cell of your forum.
$maxheight = 180; // for images only

// initialize & vars declaration
$title = "xxxCUploader &copy; xxxC.com";
$header = "<font size=+1 color=darkgreen><b>Image Uploader</b></font>";
$msg = ""; // initialize
$imgurl = $url . $_FILES['img']['name'];
$imgname = $_FILES['img']['name'];
$dimension = @ getimagesize($_FILES['img']['tmp_name']);
$width = $dimension[0];
$height = $dimension[1];

if ($do == 'upload') {

if ($_FILES['img']['name'] == "") {
$msg = "<center><font color=\"red\">Please select a file to upload!</font></center>";
}

elseif (file_exists("$dir/".$_FILES['img']['name'])) {
$msg = "<center><font color=\"red\">Filename "."<b>". $_FILES['img']['name']."</b>" . " already exists. Please rename or upload a different file.</font></center>";
}

elseif (!in_array(strrchr($_FILES['img']['name'],'.'),$ext)) {
$msg = "<center><font color=\"red\">That file type is not allowed!</font></center>";
}

elseif (($_FILES['img']['size']/1020) > $filesize) {
$msg = "<center><font color=\"red\">The file you try to upload is too big, <b>" . round($_FILES['img']['size']/1020) . " KB</b>. Resize or upload different file!</font></center>";
}

elseif (strrchr($_FILES['img']['name'],' ')) {
$msg = "<center><font color=\"red\">Filename must not contain whitespace!</font></center>";
}

elseif($width > $maxwidth || $height > $maxheight) {
$msg = "<center><font color=\"red\">The image you try to upload is too large, " . $dimension[0] . " x " . $dimension[1] . ". Max width x height: " . $maxwidth . " x " . $maxheight . "</font></center>";
}

else {
@copy($_FILES['img'][tmp_name], "$dir/".$_FILES['img']['name']) or die("Couldn't Upload File. Check chmod of your upload dir, it must be writable.");

// wrap it up and print result
$msg = "<font color=red>Image <b>" . $_FILES['img']['name'] . "</b> has sucessfully uploaded!</font>";
eval('print_output("' . fetch_template('uploader_result') . '");');
exit;
}
}

eval('print_output("' . fetch_template('uploader') . '");');

?>