daily pastebin goal
84%
SHARE
TWEET

upload binary to php via curl

osteth Mar 6th, 2016 (edited) 88 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ## send command
  2.  curl -i -X POST -H "Content-Type: multipart/form-data" -F "uploaded-file=@FILE_TO_UPLOAD" ADDRESS_OF_SERVER_SIDE_PHP_PAGE
  3.  
  4.  
  5. ## Server Side PHP page
  6.  
  7. <?php
  8. header('Content-Type: text/plain; charset=utf-8');
  9. $maxFileSize = 10000000;
  10.  
  11. $allowedFileExtensions = array
  12. (
  13.     'jpg' => 'image/jpeg',
  14.     'png' => 'image/png',
  15.     'gif' => 'image/gif',
  16. );
  17.  
  18. $allowAllExtensions = true;
  19.  
  20. $uploadPath = "/test/";
  21.  
  22. try
  23. {
  24.    
  25.     // Undefined | Multiple Files | $_FILES Corruption Attack
  26.     // If this request falls under any of them, treat it invalid.
  27.     if (!isset($_FILES['uploaded-file']['error']) || is_array($_FILES['uploaded-file']['error']))
  28.     {
  29.         throw new RuntimeException('Invalid parameters.');
  30.     }
  31.  
  32.     // Check $_FILES['uploaded-file']['error'] value.
  33.     switch ($_FILES['uploaded-file']['error'])
  34.     {
  35.         case UPLOAD_ERR_OK:
  36.             break;
  37.         case UPLOAD_ERR_NO_FILE:
  38.             throw new RuntimeException('Blank or no file sent');
  39.         case UPLOAD_ERR_INI_SIZE:
  40.         case UPLOAD_ERR_FORM_SIZE:
  41.             throw new RuntimeException('File size limit exceeded');
  42.         default:
  43.             throw new RuntimeException('Something');
  44.     }
  45.  
  46.     // Don't rely on PHP config to correctly enforce file sizes - we all know php's reputation
  47.     if ($_FILES['uploaded-file']['size'] > $maxFileSize)
  48.     {
  49.         throw new RuntimeException('File size limit exceeded');
  50.     }
  51.  
  52.     // DO NOT TRUST $_FILES['uploaded-file']['mime'] VALUE !!
  53.     // Check MIME Type by yourself.
  54.     $finfo = new finfo(FILEINFO_MIME_TYPE);
  55.     $extension = array_search( $finfo->file($_FILES['uploaded-file']['tmp_name']),$allowedFileExtensions, true );
  56.  //    if (false === $extension || $allowAllExtensions == false)
  57.    // {
  58.      //   throw new RuntimeException('File extension not allowed');
  59.     //}
  60.  
  61.     // You should name it uniquely.
  62.     $fullPath = $uploadPath . $_SERVER['REMOTE_ADDR'] . "/";
  63.     $fileName = $_FILES['uploaded-file']['name'];
  64.     preg_replace("/..\//", "", $fileName);
  65.    
  66.     mkdir($fullPath, 0666, true);
  67.     $date = date_create();
  68.     $newFileName = $fullPath . date_format($date, 'Y-m-d H:i:s') . $fileName;
  69.     $fileMoveWorked = move_uploaded_file($_FILES['uploaded-file']['tmp_name'], $newFileName);
  70.    
  71.     if ($fileMoveWorked == false)
  72.     {
  73.         throw new RuntimeException("Couldn't save the file");
  74.     }
  75.  
  76.     echo 'HURRAY THE FILE SAVED';
  77.  
  78. } catch (RuntimeException $e) {
  79.  
  80.     echo "Exception thrown: " . $e->getMessage();
  81.  
  82. }
  83.  
  84. ?>
RAW Paste Data
Top