我在Centos 7专用机器上运行xampp 5.6.8.
我开发了Simple脚本,通过机器上的 PHP将任何文件上传到服务器,PHP代码:
我开发了Simple脚本,通过机器上的 PHP将任何文件上传到服务器,PHP代码:
<?PHP if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) { echo "File ". $_FILES['uploadfile']['name'].'-'.$_FILES['uploadfile']["tmp_name"]." - uploaded successfully.<br>"; echo disk_free_space('/'); } ?> <html> <head> <title>test</title> </head> <body> <div style="text-align:center;"> <form action="" method="post" enctype="multipart/form-data"> <input name="uploadfile" type="file"> <input name="sendfile" value="upload" type="submit"> </form> </div> </body> </html>
File sample.txt – /opt/lampp/temp/PHPD58n0L – uploaded successfully.
一些信息和事实:
>当我通过守护程序用户运行xampp时
> / opt / lampp / temp /目录属于daemon:daemon by chown命令
> / opt / lampp / temp /设置为770权限
> PHP.ini设置为允许文件最大为128mb,上传目录为/ opt / lampp / temp /
解决方法
使用is_uploaded_file()只检查它是否是上传的文件.它不会从/ temp /目录移动它.您可能想查看
manual on POST uploads.示例:
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) {
echo "File is valid,and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
也就是说,您应该使用move_uploaded_file()将上传移动到它所属的位置.否则,请参阅手册,解释为什么在/ temp /目录中找不到文件:
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.
功能is_uploaded_file()是对文件来源的安全检查,这就是它所做的一切.您可以将它与move_uploaded_file()一起使用,例如:
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$destination_file)) {
// Was moved
}
else {
// Wasn't moved
}
else {
// Wasn't valid
}
这可能是常规文件上传和移动的冗余,我在手册的注释中注意到,move_uploaded_file()在任何情况下都会进行检查.
