pete_zahut
March 3rd, 2006, 03:11 AM
Hi,
In another thread we were discussing if the following code is secure for uploading files. But there wasn't much response so I put it here! :stunned:
<?PHP
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['Filedata']['name']);
if(move_uploaded_file($_FILES['Filedata']['tmp_name'], $target_path))
{
echo "The file ". basename( $_FILES['Filedata']['name']). " has been uploaded";
}
else
{
echo "There was an error uploading the file, please try again!";
}
?>
It is called in the AS like so:
listener.onSelect = function(selectedFile:FileReference):Void {
statusArea.text = "Attempting to upload " + selectedFile.name;
selectedFile.upload("uploadFile.php");
};
So can other people abuse you(r script/server)?
Can you limit it in file size?
Can you specify dimensions for the image? (It only uploads images for me)
...?
:} Pete!
In another thread we were discussing if the following code is secure for uploading files. But there wasn't much response so I put it here! :stunned:
<?PHP
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['Filedata']['name']);
if(move_uploaded_file($_FILES['Filedata']['tmp_name'], $target_path))
{
echo "The file ". basename( $_FILES['Filedata']['name']). " has been uploaded";
}
else
{
echo "There was an error uploading the file, please try again!";
}
?>
It is called in the AS like so:
listener.onSelect = function(selectedFile:FileReference):Void {
statusArea.text = "Attempting to upload " + selectedFile.name;
selectedFile.upload("uploadFile.php");
};
So can other people abuse you(r script/server)?
Can you limit it in file size?
Can you specify dimensions for the image? (It only uploads images for me)
...?
:} Pete!