PHP 中的安全用户图像上传功能 [英] Secure User Image Upload Capabilities in PHP
问题描述
我正在为我的网站实施基于用户的图片上传工具.系统应允许任何用户仅上传 JPEG 和 PNG 文件.当然,我很担心安全性,所以我想知道许多比我更聪明的人对以下允许上传的检查有什么看法:
I'm implementing a user-based image uploading tool for my website. The system should allow any users to upload JPEG and PNG files only. I'm, of course, worried about security and so I'm wondering how the many smarter people than myself feel about the following checks for allowing uploads:
1) 首先将 PHP 中允许的文件扩展名列入白名单,只允许 PNG、png、jpg、JPG 和 JPEG.通过如下函数检索用户文件的扩展名:
1) First white list the allowable file extensions in PHP to allow only PNG, png, jpg, JPG and JPEG. Retrieve the user's file's extension via a function such as:
return end(explode(".", $filename));
这应该有助于禁止用户上传诸如 .png.php 之类的恶意内容.如果通过,请转到第 2 步.
This should help disallow the user from uploading something malicious like .png.php. If this passes, move to step 2.
2) 在 TMP 文件上运行 php 函数 getimageize().通过类似的东西:
2) Run the php function getimageize() on the TMP file. Via something like:
getimagesize($_FILES['userfile']['tmp_name']);
如果这没有返回 false,则继续.
If this does not return false, proceed.
3) 确保将 .htaccess 文件放置在 uploads 目录中,以便该目录中的任何文件都无法解析 PHP 文件:
3) Ensure a .htaccess file is placed within the uploads directory so that any files within this directory cannot parse PHP files:
php_admin_value engine Off
4) 将用户的文件重命名为预先确定的名称.即
4) Rename the user's file to something pre-determined. I.E.
$filename = 'some_pre_determined_unique_value' . $the_file_extension;
这也有助于防止 SQL 注入,因为文件名将是任何使用的查询中唯一由用户确定的变量.
This will also help prevent SQL injection as the filename will be the only user-determined variable in any queries used.
如果我执行上述操作,我仍然容易受到攻击吗?在接受文件之前,我应该有希望 1) 只允许 jpgs 和 pngs,2) 验证 PHP 说它是一个有效的图像,3) 禁用图像所在的目录执行 .php 文件和 4) 将用户文件重命名为某些内容独一无二.
If I perform the above, how vulnerable for attack am I still? Before accepting a file I should hopefully have 1) only allowed jpgs and pngs, 2) Verified that PHP says it's a valid image, 3) disabled the directory the images are in from executing .php files and 4) renamed the users file to something unique.
谢谢,
推荐答案
关于文件名,随机命名绝对是个好主意,可以解决很多麻烦.
Regarding file names, random names are definitely a good idea and take away a lot of headaches.
如果您想完全确保内容干净,请考虑使用 GD 或 ImageMagick 将传入的图像 1:1 复制到新的空图像中.
If you want to make totally sure the content is clean, consider using GD or ImageMagick to copy the incoming image 1:1 into a new, empty one.
这会稍微降低图像质量,因为内容会被压缩两次,但它会删除原始图像中存在的任何 EXIF 信息.用户通常甚至不知道有多少信息被放入 JPG 文件的元数据部分!相机信息、位置、时间、使用的软件......对于托管图像的网站来说,为用户删除这些信息是很好的政策.
That will slightly diminish image quality because content gets compressed twice, but it will remove any EXIF information present in the original image. Users are often not even aware how much info gets put into the Metadata section of JPG files! Camera info, position, times, software used... It's good policy for sites that host images to remove that info for the user.
此外,复制图像可能会摆脱大多数使用错误图像数据导致查看器软件溢出并注入恶意代码的漏洞.这样处理过的图像很可能对 GD 来说是不可读的.
Also, copying the image will probably get rid of most exploits that use faulty image data to cause overflows in the viewer software, and inject malicious code. Such manipulated images will probably simply turn out unreadable for GD.
这篇关于PHP 中的安全用户图像上传功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
