当前位置：网站首页>Pass-19,20

Pass-19,20

2022-07-26 17:10:00 【m0_ sixty-two million ninety-four thousand eight hundred and fo】

Pass-19

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");

        $file_name = $_POST['save_name'];
        $file_ext = pathinfo($file_name,PATHINFO_EXTENSION);

        if(!in_array($file_ext,$deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH . '/' .$file_name;
            if (move_uploaded_file($temp_file, $img_path)) { 
                $is_upload = true;
            }else{
                $msg = ' Upload error ！';
            }
        }else{
            $msg = ' Do not save as this type of file ！';
        }

    } else {
        $msg = UPLOAD_PATH . ' Folder does not exist , Please create... By hand ！';
    }
}

Directly in php Back plus /.

php/. It's not equal to php, Bypass inspection

When saving files, the system will /. Delete , The file becomes php preservation

Pass-20

$is_upload = false;
$msg = null;
if(!empty($_FILES['upload_file'])){
    // Check MIME
    $allow_type = array('image/jpeg','image/png','image/gif');
    if(!in_array($_FILES['upload_file']['type'],$allow_type)){
        $msg = " Do not upload this type of file !";
    }else{
        // check filenames 
        $file = empty($_POST['save_name']) ? $_FILES['upload_file']['name'] : $_POST['save_name'];
        if (!is_array($file)) {
            $file = explode('.', strtolower($file));
        }

        $ext = end($file);
        $allow_suffix = array('jpg','png','gif');
        if (!in_array($ext, $allow_suffix)) {
            $msg = " Do not upload this suffix file !";
        }else{
            $file_name = reset($file) . '.' . $file[count($file) - 1];
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH . '/' .$file_name;
            if (move_uploaded_file($temp_file, $img_path)) {
                $msg = " File upload succeeded ！";
                $is_upload = true;
            } else {
                $msg = " File upload failed ！";
            }
        }
    }
}else{
    $msg = " Please select the file to upload ！";
}

This question is a white list

First, match image/jpeg,image/png,image/gif

Then the suffix should have jpg.png,gif

Follow the idea of the above question , The file name is split into an array