- Php
- Features
- Autoload
- Class Reflection
- Magic Methods
- Exceptions
- Late Static Binding
- Type Hinting
- SPL
- PHPUNIT
- PHAR
- Composer
- Guzzle
- Carbon
- Faker
- Math
- Requests
- Design Patterns
- Singleton Pattern
- Observer Pattern
- Strategy Pattern
- Registry
- Symfony
- Routes
- Annotations
- Flex
- Controllers
- Doctrine
- Templating
- Versions
- Php7.4
- Php8.0
- Security
- Filter Input
- Remote Code Injection
- Sql Injection
- Session Fixation
- File Uploads ♣
- Cross Site Scripting
- Spoofed Forms
- CSRF
- Session Hijacking
- Modern Php
- Composer
- Slim Framework
- Autoloader
- Package
- Releases
- Generators
- Dependency Injection
- Middleware
- Create Framework
- App
- Http Foundation
- Front Controller
- Routing
- Render Controller
- Resolver
- SoC
- Frameworks
- Symfony V5
- Laravel V8
- Laminas V3
- Codeigniter V4
Uploads
Check that information is being referred from your website. Check file extensions and allow only certain mime-types. Files should be renamed after upload. Change the permissions on the upload folder (not executable). Login and moderate users and posts.
<form enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
File to upload: <input name="uploaded_file" type="file" />
<input type="submit" value="Upload" />
</form>
# Check that we have a file
if (!empty($_FILES['uploaded_file']) &&
$_FILES['uploaded_file']['error'] == 0) {
# Check if the file is a type permited
$filename = basename($_FILES['uploaded_file']['name']);
$pathinfo = pathinfo($filename);
$extension = $pathinfo['extension'];
if (!in_array($extension,
array('jpg', 'jpeg', 'gif', 'bmp'))) {
echo 'File type not permitted';
}
# Rename file
$filename = basename($_FILES['uploaded_file']['name']);
echo $new_filename = uniqid() . "_" . $filename;
// 502913f491ac3_Chrysanthemum
}
Last update: 34 days ago
