为什么我的 pdf 被重命名了?
Why are my pdf's being renamed?
我有一个网站,客户可以上传包含产品信息的 pdf 文件。出于某种原因,pdf 文件正在重命名为 'Office',这将无法正常工作,因为有许多 pdf 文件正在上传。如何保留正在上传的 pdf 的名称?如有任何建议,我们将不胜感激。
这是我的代码。
session_start();
include('../config.php');
error_reporting(0);
// SESSION CHECK SET OR NOT
if(!isset($_SESSION['admin']))
{
header('location:index.php');
}
if(isset($_POST['submit']))
{
//When no image is selected
if($_FILES['image']['name']=='')
{
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$_POST['Category']);
}else{
$allowed_filetypes = array('jpg','jpeg','png','gif','pjpeg');
$ext = end((explode(".", $_FILES['image']['name'])));
$imageName = $_POST['Office'].'.'.$ext;
$path = "../".$path.$imageName;
$tmp = $_FILES['image']['tmp_name'];
if(!in_array($ext,$allowed_filetypes))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved = move_uploaded_file($tmp,$path);
//Resize the uploaded avatar
resize($path , '150', '150', $ext);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$_POST['Category']);
}
}
// PDF UPLOAD
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = $_POST['Office'].'.'.$ext_pdf;
$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
$pdf=$path_pdf.$pdfName;
$tmp_pdf = $_FILES['pdf']['tmp_name'];
if(!in_array($ext_pdf,$allowed_filetypes_pdf))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);
}
$statement = $db->prepare($query);
$statement->execute($parameters);
$error = 'success';
$errormsg = "New User added successfully";
}
$query = "select DISTINCT(Office) from userinfo ";
$statement = $db->prepare($query);
$statement->execute();
?>
HTML
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js"> <!--<![endif]-->
<head>
<title>Add Product</title>
<?php include "include/head.php" ?>
<link rel="stylesheet" href="../assets/plugins/fileupload/bootstrap-fileupload.css" type="text/css" />
<link rel="stylesheet" href="../assets/css/custom.css" type="text/css" />
</head>
<body>
<div id="wrapper">
<?php include 'include/header.php'; ?>
<?php include 'include/topMenu.php'; ?>
<?php include 'include/sidebar.php'; ?>
<div id="content">
<div id="content-header">
<h1>Add New Product</h1>
</div> <!-- #content-header -->
<div id="content-container">
<?php
if($errormsg){
echo "<div class='alert alert-$error' style='padding-left: 5px;'>$errormsg</div>";
}?>
<div class="row">
<div class="col-sm-6">
<div class="portlet">
<div class="portlet-header">
<h3><i class="fa fa-plus-square"></i>
Add Product
</h3>
</div> <!-- /.portlet-header -->
<div class="portlet-content">
<div id="error"></div>
<form id="validate-basic" action="" data-validate="parsley" method="post" class="form parsley-form ajax_form" enctype="multipart/form-data">
<div class="form-group">
<label for="name">Office</label>
<select class="form-control" name="Office">
<?php
while($row = $statement->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='{$row['Office']}'>{$row['Office']}</option>";
}?>
</select>
</div>
<div class="input-group">
<h5 style="font-weight: 700; font-size: 13px;">Please select PDF</h5>
<div class="input-group-btn">
<input type="file" name="pdf"/>
</div>
</div>
<div class="form-group" id="images">
<label for="avatar">Product Image</label>
<div class="fileupload fileupload-new" data-provides="fileupload">
<div class="fileupload-new thumbnail" style="width: 180px; height: 150px;"><img src="../images/avatar/noimage.gif" alt="Product Avatar" /></div>
<div class="fileupload-preview fileupload-exists thumbnail" style="max-width: 150px; max-height: 200px; line-height: 20px;"></div>
<div>
<span class="btn btn-default btn-file"><span class="fileupload-new">Select image</span><span class="fileupload-exists">Change</span>
<input type="file" name='image' /></span>
<a href="#" class="btn btn-default fileupload-exists" data-dismiss="fileupload">Remove</a>
</div>
</div>
</div>
<div class="form-group">
<label for="name">Description</label>
<input type="text" id="Description" name="Description" class="form-control" value="<?php echo $row_user['Description'] ?>">
</div>
<div class="form-group">
<label for="name">Unit</label>
<input type="text" id="Unit" name="Unit" class="form-control" value="<?php echo $_POST['Unit'] ?>">
</div>
<div class="form-group">
<label for="select-input">Category</label>
<select id="select-input" name="Category" class="form-control">
<option value="G">Generic</option>
<option value="S">Stationary</option>
<option value="E">Envelopes</option>
<option value="M">Megazine Reprint</option>
<option value="T">Tabs</option>
</select>
</div>
<div class="form-group">
<label for="select-input">Generic</label>
<select id="select-input" name="Generic" class="form-control">
<option value="1">Yes</option>
<option value="0">No</option>
</select>
</div>
<div class="form-group">
<button type="submit" name="submit" class="btn btn-primary"><i class="fa fa-check-square-o"></i> Submit</button>
</div>
</form>
</div>
<!--END PORTLET-CONTENT -->
</div>
<!-- END PORTLET -->
</div>
<!-- END COL -->
</div>
<!--END ROW -->
</div>
<!-- END CONTENT-CONATINER -->
</div>
<!--END CONTENT -->
</div>
<!--END WRAPPER -->
'
// EDIT PRODUCT
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = $_POST['Office'].'.'.$ext_pdf;
$pdf = ($_FILES['pdf']['name'])?$path_pdf.$pdfName:$_SESSION['oldpdf'];
// $path = "../".$path_pdf.$_POST['Office']."/";
$path_pdf = "../".$path_pdf.$pdfName;
// chmod($path_pdf, 0777);
$tmp_pdf = $_FILES['pdf']['tmp_name'];
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "UPDATE `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=? WHERE ID=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category'],$_POST['ID']);
试试看
....
// PDF UPLOAD
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = basename( $_FILES["pdf"]["name"]);
$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
$pdf=$path_pdf.$pdfName;
$tmp_pdf = $_FILES['pdf']['tmp_name'];
if(!in_array($ext_pdf,$allowed_filetypes_pdf))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);
}
试试这个:
我为您修复了 2 个漏洞
文件扩展名检查不够。如果您将 .pdf 重命名为 .php,那么它会像 .pdf 一样通过并上传。如果你检查 mime 类型的文件,它不会再发生。
在 pdf 名称中,您发送 Office 变量,如果攻击者跳回到文件夹并将其上传到其他地方,这又很容易受到攻击。例如,如果 Office 的值为 ../../Someoffice
//$allowed_filetypes_pdf = array('pdf');
//$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
//$pdfName = $_POST['Office'].'.'.$ext_pdf;
$name = $_FILES["pdf"]["name"];
$pdfName = substr($name, strrpos($name, "/"));
$dirName = str_replace(["../", "[=10=]"], "", $_POST["Office"]);
$pdfName = $dirName."-".$pdfName;
//$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
//$pdf=$path_pdf.$pdfName;
$path_pdf = "../{$dirName}/{$name}";
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($tmp_pdf);
if( $type != "application/pdf" )
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}
else
{
move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$path_pdf,$_POST['Category']);
}
我有一个网站,客户可以上传包含产品信息的 pdf 文件。出于某种原因,pdf 文件正在重命名为 'Office',这将无法正常工作,因为有许多 pdf 文件正在上传。如何保留正在上传的 pdf 的名称?如有任何建议,我们将不胜感激。
这是我的代码。
session_start();
include('../config.php');
error_reporting(0);
// SESSION CHECK SET OR NOT
if(!isset($_SESSION['admin']))
{
header('location:index.php');
}
if(isset($_POST['submit']))
{
//When no image is selected
if($_FILES['image']['name']=='')
{
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$_POST['Category']);
}else{
$allowed_filetypes = array('jpg','jpeg','png','gif','pjpeg');
$ext = end((explode(".", $_FILES['image']['name'])));
$imageName = $_POST['Office'].'.'.$ext;
$path = "../".$path.$imageName;
$tmp = $_FILES['image']['tmp_name'];
if(!in_array($ext,$allowed_filetypes))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved = move_uploaded_file($tmp,$path);
//Resize the uploaded avatar
resize($path , '150', '150', $ext);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$_POST['Category']);
}
}
// PDF UPLOAD
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = $_POST['Office'].'.'.$ext_pdf;
$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
$pdf=$path_pdf.$pdfName;
$tmp_pdf = $_FILES['pdf']['tmp_name'];
if(!in_array($ext_pdf,$allowed_filetypes_pdf))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);
}
$statement = $db->prepare($query);
$statement->execute($parameters);
$error = 'success';
$errormsg = "New User added successfully";
}
$query = "select DISTINCT(Office) from userinfo ";
$statement = $db->prepare($query);
$statement->execute();
?>
HTML
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js"> <!--<![endif]-->
<head>
<title>Add Product</title>
<?php include "include/head.php" ?>
<link rel="stylesheet" href="../assets/plugins/fileupload/bootstrap-fileupload.css" type="text/css" />
<link rel="stylesheet" href="../assets/css/custom.css" type="text/css" />
</head>
<body>
<div id="wrapper">
<?php include 'include/header.php'; ?>
<?php include 'include/topMenu.php'; ?>
<?php include 'include/sidebar.php'; ?>
<div id="content">
<div id="content-header">
<h1>Add New Product</h1>
</div> <!-- #content-header -->
<div id="content-container">
<?php
if($errormsg){
echo "<div class='alert alert-$error' style='padding-left: 5px;'>$errormsg</div>";
}?>
<div class="row">
<div class="col-sm-6">
<div class="portlet">
<div class="portlet-header">
<h3><i class="fa fa-plus-square"></i>
Add Product
</h3>
</div> <!-- /.portlet-header -->
<div class="portlet-content">
<div id="error"></div>
<form id="validate-basic" action="" data-validate="parsley" method="post" class="form parsley-form ajax_form" enctype="multipart/form-data">
<div class="form-group">
<label for="name">Office</label>
<select class="form-control" name="Office">
<?php
while($row = $statement->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='{$row['Office']}'>{$row['Office']}</option>";
}?>
</select>
</div>
<div class="input-group">
<h5 style="font-weight: 700; font-size: 13px;">Please select PDF</h5>
<div class="input-group-btn">
<input type="file" name="pdf"/>
</div>
</div>
<div class="form-group" id="images">
<label for="avatar">Product Image</label>
<div class="fileupload fileupload-new" data-provides="fileupload">
<div class="fileupload-new thumbnail" style="width: 180px; height: 150px;"><img src="../images/avatar/noimage.gif" alt="Product Avatar" /></div>
<div class="fileupload-preview fileupload-exists thumbnail" style="max-width: 150px; max-height: 200px; line-height: 20px;"></div>
<div>
<span class="btn btn-default btn-file"><span class="fileupload-new">Select image</span><span class="fileupload-exists">Change</span>
<input type="file" name='image' /></span>
<a href="#" class="btn btn-default fileupload-exists" data-dismiss="fileupload">Remove</a>
</div>
</div>
</div>
<div class="form-group">
<label for="name">Description</label>
<input type="text" id="Description" name="Description" class="form-control" value="<?php echo $row_user['Description'] ?>">
</div>
<div class="form-group">
<label for="name">Unit</label>
<input type="text" id="Unit" name="Unit" class="form-control" value="<?php echo $_POST['Unit'] ?>">
</div>
<div class="form-group">
<label for="select-input">Category</label>
<select id="select-input" name="Category" class="form-control">
<option value="G">Generic</option>
<option value="S">Stationary</option>
<option value="E">Envelopes</option>
<option value="M">Megazine Reprint</option>
<option value="T">Tabs</option>
</select>
</div>
<div class="form-group">
<label for="select-input">Generic</label>
<select id="select-input" name="Generic" class="form-control">
<option value="1">Yes</option>
<option value="0">No</option>
</select>
</div>
<div class="form-group">
<button type="submit" name="submit" class="btn btn-primary"><i class="fa fa-check-square-o"></i> Submit</button>
</div>
</form>
</div>
<!--END PORTLET-CONTENT -->
</div>
<!-- END PORTLET -->
</div>
<!-- END COL -->
</div>
<!--END ROW -->
</div>
<!-- END CONTENT-CONATINER -->
</div>
<!--END CONTENT -->
</div>
<!--END WRAPPER -->
'
// EDIT PRODUCT
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = $_POST['Office'].'.'.$ext_pdf;
$pdf = ($_FILES['pdf']['name'])?$path_pdf.$pdfName:$_SESSION['oldpdf'];
// $path = "../".$path_pdf.$_POST['Office']."/";
$path_pdf = "../".$path_pdf.$pdfName;
// chmod($path_pdf, 0777);
$tmp_pdf = $_FILES['pdf']['tmp_name'];
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "UPDATE `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=? WHERE ID=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category'],$_POST['ID']);
试试看 ....
// PDF UPLOAD
$allowed_filetypes_pdf = array('pdf');
$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
$pdfName = basename( $_FILES["pdf"]["name"]);
$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
$pdf=$path_pdf.$pdfName;
$tmp_pdf = $_FILES['pdf']['tmp_name'];
if(!in_array($ext_pdf,$allowed_filetypes_pdf))
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}else
{
$moved1 = move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);
}
试试这个:
我为您修复了 2 个漏洞
文件扩展名检查不够。如果您将 .pdf 重命名为 .php,那么它会像 .pdf 一样通过并上传。如果你检查 mime 类型的文件,它不会再发生。
在 pdf 名称中,您发送 Office 变量,如果攻击者跳回到文件夹并将其上传到其他地方,这又很容易受到攻击。例如,如果 Office 的值为 ../../Someoffice
//$allowed_filetypes_pdf = array('pdf');
//$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
//$pdfName = $_POST['Office'].'.'.$ext_pdf;
$name = $_FILES["pdf"]["name"];
$pdfName = substr($name, strrpos($name, "/"));
$dirName = str_replace(["../", "[=10=]"], "", $_POST["Office"]);
$pdfName = $dirName."-".$pdfName;
//$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
//$pdf=$path_pdf.$pdfName;
$path_pdf = "../{$dirName}/{$name}";
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($tmp_pdf);
if( $type != "application/pdf" )
{
$error = 'danger';
$errormsg = "You uploaded wrong image format";
}
else
{
move_uploaded_file($tmp_pdf, $path_pdf);
$query = "INSERT INTO `products` SET Office = ?,Description = ?,Unit = ?,Generic = ?,image=?,PDF_Path=?,Category=?";
$parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$path_pdf,$_POST['Category']);
}