I am trying to make a hack here, which requires inserting something into $_FILES array even though it was not really posted. Of course, is_uploaded_file gives me false and the script does not work. Here it is:
PHP Code:
$handle = @fopen($url, 'rb');
$contents = "";
while (!feof($handle))
{
$contents .= fread($handle, 8192);
}
fclose($handle);
$tmp_name = 'vbupload' . substr(TIMENOW, -4);
$filesize = strlen($contents);
// write file to temporary directory...
if ($vboptions['safeupload'])
{
// ... in safe mode
$filename = $vboptions['tmppath'] . "/$tmp_name";
$filenum = @fopen($filename, 'wb');
@fwrite($filenum, $contents);
@fclose($filenum);
}
else
{
// ... in normal mode
$filename = tempnam(ini_get('upload_tmp_dir'), 'vbupload');
$fp = @fopen($filename, 'wb');
@fwrite($fp, $contents);
@fclose($fp);
}
$_FILES["attachment$key"]['name'] = preg_replace('/http:\/\/(.*)\//si', '', $url);
$_FILES["attachment$key"]['type'] = '';
$_FILES["attachment$key"]['size'] = $filesize;
$_FILES["attachment$key"]['tmp_name'] = $filename;
$_FILES["attachment$key"]['error'] = 0;
Yeah... So is there any way to go around is_uploaded_file and make the system think it was uploaded, am I doing something wrong or what?
04-25-2005, 06:33 PM
Help with is_uploaded_file
Hybrid Mode
