| stryka |
08-06-2006 07:28 AM |
Custom File Uploader - Security prob?
Hey guys... i picked up this old upload script that I use in a custom VBULLETIN page.... Lemme know your opinions on whether its still good or if it poses any security risks....
PHP Code:
<?
/////////////////////////////////////////////////////////////////////
// File/Image Uploader by tnguy3n @ http://all4actions.net //
// Doc -> http://www.all4actions.net/forums/showthread.php?t=3389 //
/////////////////////////////////////////////////////////////////////
chdir($DOCUMENT_ROOT . "/forum");
// integrate into vbb
error_reporting(E_ALL & ~E_NOTICE);
require_once("$DOCUMENT_ROOT/forum/global.php");
// set usergroup can access this script
//if (!in_array($bbuserinfo['usergroupid'], array(2,5,6,7,8,9,11)))
//{ print_no_permission(); }
// uploader settings
//$dir = "C:/Inetpub/wwwroot"; // absolute path/dir where images are to be uploaded or /home/user/public_html/uploads for *nix
$dir = "/home/xxxC/public_html/dir/images/";
$ext = array(".gif", ".jpg", ".jpeg", ".png"); //allowed file extensions. To add more ext, use comma to seperate them
$filesize = "200"; // max filesize allowed to upload (in KB)
$url = "http://www.xxxC.com/dir/images/"; // Full URL to your upload dir
$maxwidth = 400; // for images only ... set this if you don't ppl to upload large images, breaking table cell of your forum.
$maxheight = 180; // for images only
// initialize & vars declaration
$title = "xxxCUploader © xxxC.com";
$header = "<font size=+1 color=darkgreen><b>Image Uploader</b></font>";
$msg = ""; // initialize
$imgurl = $url . $_FILES['img']['name'];
$imgname = $_FILES['img']['name'];
$dimension = @ getimagesize($_FILES['img']['tmp_name']);
$width = $dimension[0];
$height = $dimension[1];
if ($do == 'upload') {
if ($_FILES['img']['name'] == "") {
$msg = "<center><font color=\"red\">Please select a file to upload!</font></center>";
}
elseif (file_exists("$dir/".$_FILES['img']['name'])) {
$msg = "<center><font color=\"red\">Filename "."<b>". $_FILES['img']['name']."</b>" . " already exists. Please rename or upload a different file.</font></center>";
}
elseif (!in_array(strrchr($_FILES['img']['name'],'.'),$ext)) {
$msg = "<center><font color=\"red\">That file type is not allowed!</font></center>";
}
elseif (($_FILES['img']['size']/1020) > $filesize) {
$msg = "<center><font color=\"red\">The file you try to upload is too big, <b>" . round($_FILES['img']['size']/1020) . " KB</b>. Resize or upload different file!</font></center>";
}
elseif (strrchr($_FILES['img']['name'],' ')) {
$msg = "<center><font color=\"red\">Filename must not contain whitespace!</font></center>";
}
elseif($width > $maxwidth || $height > $maxheight) {
$msg = "<center><font color=\"red\">The image you try to upload is too large, " . $dimension[0] . " x " . $dimension[1] . ". Max width x height: " . $maxwidth . " x " . $maxheight . "</font></center>";
}
else {
@copy($_FILES['img'][tmp_name], "$dir/".$_FILES['img']['name']) or die("Couldn't Upload File. Check chmod of your upload dir, it must be writable.");
// wrap it up and print result
$msg = "<font color=red>Image <b>" . $_FILES['img']['name'] . "</b> has sucessfully uploaded!</font>";
eval('print_output("' . fetch_template('uploader_result') . '");');
exit;
}
}
eval('print_output("' . fetch_template('uploader') . '");');
?>
|
More Information