Paranormal Phenomena with PHP and uploader script

vargadanis · 10-09-2007, 02:45 PM

Hi all

I wanted to write a script that uploads and then resizes a picture into 2 different sizes. The script works but not in all cases and I can't find a common thing between the cases. Here is the script:

PHP Code:



    function upload($imgName, $imgTemp){                        
        $img = $imgName;                        
        $dest = strtolower("../uploads/".$imgName);                                                                                
        $stem = strtolower(substr($imgName, 0, strrpos($imgName, ".")));                
        move_uploaded_file($imgTemp, $dest);
        $sql_path = strtolower("uploads/".$imgName);
        $ret = array($dest, $sql_path, $stem);        
        return $ret;        
    }

I call this function by:
uploade($_FILES['pic']['name'], $_FILES['pic']['tmp_name'];
In most cases the script works and uploads the file but sometimes it just quit working. It does the thing repeatedly with a file called: 1.jpg
Edit:
the thing that i just noticed is that there is not tmp_name for $_FILES['pic']. Was the upload unsuccessful<
Any thoughts?

graemef · 10-09-2007, 03:50 PM

I believe that the $_FILES global variable holds information about any upload error.
Also there is a size limit to upload set in the php.ini

Ome_Roel · 10-09-2007, 04:16 PM

It does the thing repeatedly with a file called: 1.jpg

$stem = strtolower(substr($imgName, 0, strrpos($imgName, ".")))

Is it true that var $stem becomes "1", maybe $stem became a boolean.

Offcourse not shore if this will cause any problems:-(

Yours kindly Ome_Roel

Guttorm · 10-10-2007, 07:32 AM

Hi

PHP Code:



<?php
$imgName = "1.jpg";
$stem = strtolower(substr($imgName, 0, strrpos($imgName, ".")));
var_dump($stem);
?>

Result:

Quote:

string(1) "1"

So if it's changed into a boolean, at least that's not in the section you posted. Maybe later when you put it in the database?

But another more important thing: It looks to me like you are not filtering input before you use it. What if I upload a picture called "../../../somefile"? Any web user could place files all over your server and overwrite any file the Apache web user can overwrite. Even if you cant upload files with such a filename in most browsers, it doesn't mean it's impossible.

A simple
$imgName = BaseName($imgName);
would fix it.

Another approach would be to not use the filenames the user specifies in the filesystem at all, but use an ID or something instead. You can then simply store the filename in the database if you need it, and if you just need the filename in the filesystem, it will be something like "../upload/$id".

It's a bit safer that way. Don't trust users to provide an extension like ".jpg" to filenames (not all do), and if they do provide an extension, it could be very wrong. And some people use weird unicode characters or questions marks and such in filenames, so you could end up with very strange filenames in the filesystem.