Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## send command
- curl -i -X POST -H "Content-Type: multipart/form-data" -F "uploaded-file=@FILE_TO_UPLOAD" ADDRESS_OF_SERVER_SIDE_PHP_PAGE
- ## Server Side PHP page
- <?php
- header('Content-Type: text/plain; charset=utf-8');
- $maxFileSize = 10000000;
- $allowedFileExtensions = array
- (
- 'jpg' => 'image/jpeg',
- 'png' => 'image/png',
- 'gif' => 'image/gif',
- );
- $allowAllExtensions = true;
- $uploadPath = "/test/";
- try
- {
- // Undefined | Multiple Files | $_FILES Corruption Attack
- // If this request falls under any of them, treat it invalid.
- if (!isset($_FILES['uploaded-file']['error']) || is_array($_FILES['uploaded-file']['error']))
- {
- throw new RuntimeException('Invalid parameters.');
- }
- // Check $_FILES['uploaded-file']['error'] value.
- switch ($_FILES['uploaded-file']['error'])
- {
- case UPLOAD_ERR_OK:
- break;
- case UPLOAD_ERR_NO_FILE:
- throw new RuntimeException('Blank or no file sent');
- case UPLOAD_ERR_INI_SIZE:
- case UPLOAD_ERR_FORM_SIZE:
- throw new RuntimeException('File size limit exceeded');
- default:
- throw new RuntimeException('Something');
- }
- // Don't rely on PHP config to correctly enforce file sizes - we all know php's reputation
- if ($_FILES['uploaded-file']['size'] > $maxFileSize)
- {
- throw new RuntimeException('File size limit exceeded');
- }
- // DO NOT TRUST $_FILES['uploaded-file']['mime'] VALUE !!
- // Check MIME Type by yourself.
- $finfo = new finfo(FILEINFO_MIME_TYPE);
- $extension = array_search( $finfo->file($_FILES['uploaded-file']['tmp_name']),$allowedFileExtensions, true );
- // if (false === $extension || $allowAllExtensions == false)
- // {
- // throw new RuntimeException('File extension not allowed');
- //}
- // You should name it uniquely.
- $fullPath = $uploadPath . $_SERVER['REMOTE_ADDR'] . "/";
- $fileName = $_FILES['uploaded-file']['name'];
- preg_replace("/..\//", "", $fileName);
- mkdir($fullPath, 0666, true);
- $date = date_create();
- $newFileName = $fullPath . date_format($date, 'Y-m-d H:i:s') . $fileName;
- $fileMoveWorked = move_uploaded_file($_FILES['uploaded-file']['tmp_name'], $newFileName);
- if ($fileMoveWorked == false)
- {
- throw new RuntimeException("Couldn't save the file");
- }
- echo 'HURRAY THE FILE SAVED';
- } catch (RuntimeException $e) {
- echo "Exception thrown: " . $e->getMessage();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement