sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 08:58:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated sample for "/usr/tmp/../../etc/passwd" issue.

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@31988 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Ron Chmara 2000-09-05 01:36:06 +00:00
parent e5755875e4
commit 6653dfa96f
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
features/file-upload.xml
View file

@ -80,10 +80,20 @@ Send this file: <INPUT NAME="userfile" TYPE="file">
<title>Validating file uploads.</title>
<programlisting>
&lt?
$validtmpdir = get_cfg_var("upload_tmp_dir");
/* make sure you're using an uploaded file */
if (strstr ("$validtmpdir", "$userfile") != 0){
copy ("$userfile" "/place/to/put/uploaded/file");
$validtmpdir = get_cfg_var("upload_tmp_dir");
// get the path
$uploaded_path_array = spilt("/","$userfile");
//split the upload name into its components
$inverted_path = array_reverse ($uploaded_path_array);
// reverse the array, so any ending pathname will now be first
$accurate_pathname = "$validtmpdir" . "$inverted_path[0]";
if (file_exists($accurate_pathname )){
//still look for proper temp name
copy ("$accurate_pathname", "/place/to/put/uploaded/file");
} else {
echo "Not an uploaded file!";
exit;