peehaa Posted April 1, 2007 Report Share Posted April 1, 2007 kādu funkciju nepieciešams pielietot, lai noteiktu konkrētā faila tipu? Link to comment Share on other sites More sharing options...
martins256 Posted April 1, 2007 Report Share Posted April 1, 2007 (edited) Ja fails ir augšuplādēts, tad: $contentType = $_FILES['myFile']['type']; bet ja vnk gribi zināt, tad: http://lv.php.net/manual/en/function.mime-content-type.php Edited April 1, 2007 by martins256 Link to comment Share on other sites More sharing options...
andrisp Posted April 1, 2007 Report Share Posted April 1, 2007 $_FILES['myFile']['type'] šo var ļoti viegli viltot, tāpēc uzmanīgi. Un mime_content_type labāk lietot http://lv.php.net/manual/en/ref.fileinfo.php, ja ir iespēja. Link to comment Share on other sites More sharing options...
tiy Posted April 1, 2007 Report Share Posted April 1, 2007 Vari vairak pastastit ka var viegli viltot $_FILES['myFile']['type'] , respektivi padot php failu ka bildi? Link to comment Share on other sites More sharing options...
andrisp Posted April 1, 2007 Report Share Posted April 1, 2007 Nē, vienkārši šo type vērtību padod browseris kopā ar HTTP POST pieprasījumu. Link to comment Share on other sites More sharing options...
martins256 Posted April 1, 2007 Report Share Posted April 1, 2007 jpg var pievienot php kodu, bet tas ne noteikti tiks izpildīts uz servera, jo serveri izpilda *.php failus, nevis *.jpg ;) Bet ir arī gadījumi, kad izpilda visu. Link to comment Share on other sites More sharing options...
andrisp Posted April 1, 2007 Report Share Posted April 1, 2007 martins256, kāds tam īsti sakars ar šo postu ? Link to comment Share on other sites More sharing options...
martins256 Posted April 1, 2007 Report Share Posted April 1, 2007 (edited) respektivi padot php failu ka bildi? martins256, kāds tam īsti sakars ar šo postu ? Content-Type: image/jpeg Tiek padots caur post, bet var jau pārbaudīt arī faila content type Edited April 1, 2007 by martins256 Link to comment Share on other sites More sharing options...
andrisp Posted April 1, 2007 Report Share Posted April 1, 2007 martins256, nesaprotu īsti, ko gribi pateikt. Link to comment Share on other sites More sharing options...
martins256 Posted April 1, 2007 Report Share Posted April 1, 2007 Laikam pa pusmiegam nevaru kārtīgi domāt :/ andrisp taisnība, viltot var vienkārši padodot šķībus datus serverim. Aptuveni šāds kods tiek padots serveri, kad augšuplādē failu. Content-Type: `application/x-httpd-php` samaini uz `image/jpeg` un drošība apieta :( http://localhost/uploader.php POST /uploader.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: xxx Content-Type: multipart/form-data; boundary=---------------------------275194524102 Content-Length: 377 -----------------------------275194524102 Content-Disposition: form-data; name="MAX_FILE_SIZE" 100000 -----------------------------275194524102 Content-Disposition: form-data; name="uploadedfile"; filename="index.php" Content-Type: application/x-httpd-php <?php php faila saturs ?> -----------------------------275194524102-- Link to comment Share on other sites More sharing options...
Grey_Wolf Posted April 2, 2007 Report Share Posted April 2, 2007 ja tev vajag parliecinaaties ka taas ir bildes tad vari parbaudiit to izmeru Px. ;) getimagesize() + taads ka vareesi parliecinaaties vai ta bilde nav paaraak maza/liela.... ------------ Vel papeeti: exif_imagetype() ---------------- Link to comment Share on other sites More sharing options...
Delfins Posted April 2, 2007 Report Share Posted April 2, 2007 Aptuveni šāds kods tiek padots serveri, kad augšuplādē failu. Content-Type: `application/x-httpd-php` samaini uz `image/jpeg` un drošība apieta :( Kurš tev ir teicis, ka tas ir domāts drošībai !? tas Content-Type tāds pats kā `file extension`... Ja bildes, - getimagesize(), vai cita lib-a Ja teksts, - konvertējam uz htmlspecialchars Ja cits, - tad ar COM-iem vai lib-iem mēģinam atvērt (pārsvarā tie visi atgriež kļūdas kodu ja tiek padots nepareizs datu fails) Link to comment Share on other sites More sharing options...
Recommended Posts