Good evening, everyone! My little brother just touched PHP, while reading some of the textbook when there is a paragraph saying:
By using the Is_uploaded_file () function, the uploaded file can be judged to ensure that a malicious user cannot spoof the script to access a file that it cannot access, such as/etc/password
Younger brother's question came: if really did not use Is_uploaded_file () to detect, then "malicious user" how to cheat script to access the content that could not be accessed? Puzzled... Daniel can explain a little easier to understand, thank you!
Reply to discussion (solution)
operation of the uploaded file, generally using the Move_uploaded_file function, it will also be called inside Is_uploaded_ File
Of course can not rule out that you want to use the copy function, so the is_uploaded_file
obviously if it is
copy ('/etc/password ', './ps ')
then you can copy the system's password file.
Of course, your code is not written like this, you may write
copy ($file _tmp, $target)
If the value of $file _tmp is/etc/password, you can still copy the system's password file over the
To do a is_uploaded_file check on this $file _tmp
Then you would say $file _tmp is a variable in the program, how can someone assign a value?
The problem is with the automatic registration switch on PHP
when register_globals = ON,
incoming data becomes a global variable, for example, File_tmp=xxxx will have a $file _tmp variable, the value is xxxx br> the upload control named file also produces a $file _tmp
to which you have seen that you can cheat PHP by URL parameters
because of this
PHP 5.3 default register_globals = off, It is not recommended to open the
PHP 5.4 and later register_globals switch has been canceled
For php5.4 and later, this function has no meaning.
Operation of the uploaded file, generally using the Move_uploaded_file function, it will also call the internal is_uploaded_file
Of course, you can not rule out that you want to use the copy function, so there is is_uploaded_file
Obviously, if it was
Copy ('/etc/password ', './ps ')
Then you can copy the system's password file.
Of course, your code is not written like this, you may write
Copy ($file _tmp, $target)
If the value of the $file _tmp is/etc/password, the system's password file can still be copied over
So we have to do a is_uploaded_file check on this $file _tmp.
So you would say $file _tmp is a variable in the program, how can someone assign a value?
The problem is on the PHP automatic registration switch.
When register_globals = On
The incoming data will become global variables, such as the file_tmp=xxxx will have a $file _tmp variable, the value is xxxx
The upload control named file also produces a $file _tmp
Here, you've seen that you can cheat PHP with URL parameters
Because of this.
PHP 5.3 Default register_globals = off, it is not recommended to open
PHP 5.4 and later register_globals switch has been canceled
Thank you ~ now understand ~
Silent Collection
Know what's going on and study