I figured i would post my solution to the problem that i found somewhere. It
had nothing to do with anything i was doing. Its a bug in some versions of
PHP.
here is the function i had to use to fix this
function fix_php_upload_bug($tmp){
$infile=fopen($tmp,"r"); // Open the file for the copy
$outfile=fopen("$tmp.new","w"); // create a new temp file
$header=fgets($infile,255); //get the 1st line (netscape sometimes doesn't
add a Content-type line)
//if its more than just a \r\n sequence then
if (strlen($header)>2) $header=fgets($infile,255); //get next line also
while(!feof($infile)) { // Loop through the remaining file
$temp=fread($infile,128);
fwrite($outfile,$temp,strlen($temp)); //copying contents to new temp file
}
fclose($outfile);
fclose($infile);
copy("$tmp.new","$tmp"); //replace the original with our new bug fixed file
unlink("$tmp.new"); //and delete the new file
return $tmp;
}
Ryan
"Andrey Hristov" <[EMAIL PROTECTED]> wrote in message
0b4501c177eb$8b02c900$0b01a8c0@ANDreY">news:0b4501c177eb$8b02c900$0b01a8c0@ANDreY...
> As I showed by this :
> <FORM ACTION="http://your.domain.com/your.script.php"; Method="Post"
ENCTYPE="multipart/form-data" >
> <Input Type="text" Name="ImageFile_name" value="../../../../etc/passwd">
> <Input Type="Submit" Name="Submit">
> </FORM>
> I can write this in a simple html, press the submit button and instead of
file you will receive $ImageFile_name as a text variable.
> I can write in it everything but you rely on that PHP made it. No PHP
didn't. Also in such form $ImageFile_tmpname can be supplied
> and if someone does this :
> <?php
> echo (implode('',file($ImageFile_tmpname)));
> ?>
> The /etc/passwd file can be shown easily.
> My suggestion : rely on $HTTP_POST_FILES . Yes it is long to type but it's
secured. Also as I said. Since the new PHP 4.1.0 there
> will
> be $_FILES array, equivalent of $HTTP_POST_FILES(which will exists also).
>
> The GD extension is used for dynamic construction of jpg,png,gif(up to
some 1.x version). The constructed image can be saved to file
> or sent to the
> browser. GetImageSize() is one of the many functions provided by GD.
http://www.php.net/manual/en/ref.image.php
>
>
> Best regards,
> Andrey Hristov
>
> ----- Original Message -----
> From: "Ryan Stephens (Hotmail)" <[EMAIL PROTECTED]>
> To: "Andrey Hristov" <[EMAIL PROTECTED]>
> Sent: Wednesday, November 28, 2001 10:51 AM
> Subject: Re: [PHP] Image Uploads beeing corupted
>
>
> > this means nothing to me... sorry, i've only been working with PHP for a
> > couple weeks..... and a few month of web learning..... the site im
working
> > on is hosted by some other guy, so i dont have access to it if i had to
> > change anything there.
> >
> > Why is $ImageFile a possible security hole?
> > What is GD extension?
> >
> > I dont need to find the type... i just used that as a test to see if
that
> > might have anything to do with my corrupted file problem. And i found
that
> > all the information beeing entered into the database re: its name and
size
> > is fine... but it wont return a type... Im thinking if it cant return a
type
> > (but still uploads the file) there must be a connection to it beeing
> > corrupt.
> >
> > Ryan
> >
> >
> > ----- Original Message -----
> > From: "Andrey Hristov" <[EMAIL PROTECTED]>
> > To: "Ryan Stephens" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, November 28, 2001 12:46 AM
> > Subject: Re: [PHP] Image Uploads beeing corupted
> >
> >
> > > If you have GD extension build in your PHP use it to find the type(if
you
> > are limited ot jpeg/gif/png files).
> > > I want to say again that the using of $ImageFile* is a possible
security
> > hole.
> > >
> > > Regards,
> > > Andrey Hristov
> > > ----- Original Message -----
> > > From: "Ryan Stephens" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, November 28, 2001 10:39 AM
> > > Subject: Re: [PHP] Image Uploads beeing corupted
> > >
> > >
> > > > the funny thing is this....
> > > >
> > > > the information is beeing inserted into the database... the file is
> > beeing
> > > > uploaded (as i can see it in the directory). I can get results from
> > > > $ImageFile
> > > > $ImageFile_name
> > > > $ImageFile_size
> > > >
> > > > but i cant get a result for $ImageFile_type.... this comes up
blank....
> > > > there is obviously some connection, but just not sure what.
> > > >
> > > > Ryan
> > > >
> > > >
> > > > "Andrey Hristov" <[EMAIL PROTECTED]> wrote in message
> > > > 0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
> > > > > The problem is in that you do global only for $ImageFile, but not
for
> > > > $ImageFile_name.
> > > > > Big flaw is that if someone make a form
> > > > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post"
> > > > > ENCTYPE="multipart/form-data" >
> > > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000">
> > > > >
> > > > > <Input Type="text" Name="ImageFile__name"
> > value="../../../../etc/passwd">
> > > > > <Input Type="Submit" Name="Submit">
> > > > > </FORM>
> > > > >
> > > > > may be can make a big shot. Depends on under which user Apache is
> > running.
> > > > > The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0
there
> > will
> > > > be new name
> > > > > for it => $_FILES .This array will be global, so there is no need
to
> > write
> > > > > global $_FILES . The same is done for $_GET, $_POST, $_COOKIE.
> > $_REQUEST
> > > > is
> > > > > merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from
> > php.ini).
> > > > >
> > > > > Regards,
> > > > > Andrey Hristov
> > > > > IcyGEN Corporation
> > > > > http://www.icygen.com
> > > > > BALANCED SOLUTIONS
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Ryan Stephens" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Wednesday, November 28, 2001 10:12 AM
> > > > > Subject: [PHP] Image Uploads beeing corupted
> > > > >
> > > > >
> > > > > > Hey guys,
> > > > > >
> > > > > > I got my uploads to work thanks to some peoples help here in
> > this
> > > > > > newsgroup.... but now im having a problem with the files beeing
> > > > corrupted
> > > > > > upon upload..... not sure why.... any help would be greatly
> > apreciated.
> > > > > >
> > > > > > I have included my code again if it helps any.
> > > > > >
> > > > > > <---------------------------------------->
> > > > > > function UploadImage(){
> > > > > > global $HTTP_POST_FILES;
> > > > > > global $ImageFile;
> > > > > > reset($HTTP_POST_FILES);
> > > > > > $pic_file = $HTTP_POST_FILES['ImageFile'];
> > > > > > copy ($pic_file['tmp_name'], "../images/$ImageFile_name");
> > > > > > }
> > > > > >
> > > > > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post"
> > > > > > ENCTYPE="multipart/form-data" >
> > > > > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000">
> > > > > >
> > > > > > <Input Type="File" Name="ImageFile">
> > > > > > <Input Type="Submit" Name="Submit">
> > > > > > </FORM>
> > > > > > <---------------------------------------->
> > > > > >
> > > > > > I've found that just doing this seems to do the same
> > > > > >
> > > > > > function UploadImage(){
> > > > > > global $ImageFile;
> > > > > > copy ($ImageFile, "../images/$ImageFile_name");
> > > > > > }
> > > > > >
> > > > > >
> > > > > > Thanks
> > > > > > Ryan Stephens
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > PHP General Mailing List (http://www.php.net/)
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
