PHP中的安全用户图像上传功能 [英] Secure User Image Upload Capabilities in PHP
问题描述
1)首先白名单在PHP允许的文件扩展名只允许PNG,PNG,JPG,JPG和JPEG。通过如下函数检索用户文件的扩展名:
return end(explode(。,$ filename));
这应该有助于禁止用户上传类似于.png.php的恶意内容。如果通过,转到步骤2.
2)在TMP文件上运行php函数getimageize()。通过类似的东西:
getimagesize($ _ FILES ['userfile'] ['tmp_name']);
如果这不返回false,请继续。 3)确保一个.htaccess文件放在uploads目录中,这样这个目录下的任何文件都不能解析PHP文件:
php_admin_value引擎关闭
4)将用户文件重命名为预定义的文件。 I.E。
$ filename ='some_pre_determined_unique_value'。 $ the_file_extension;
这也有助于防止SQL注入,因为文件名将是任何查询中唯一的用户确定的变量使用。
如果我执行上述操作,我仍然有多么容易受到攻击?在接受文件之前,我应该希望1)只允许jpgs和png,2)验证PHP说它是一个有效的图像,3)禁用图像所在的目录执行.php文件,4)将用户文件重命名为独特的。
感谢,
如果你想完全确定内容是干净的,可以考虑使用GD或ImageMagick来复制传入的图像1:1变成一个新的,空的。
这会使图像质量稍微降低,因为内容会被压缩两次,但会删除原始图像中存在的任何EXIF信息。用户往往不知道有多少信息被放入JPG文件的元数据部分!相机信息,位置,时间,使用的软件...这是一个很好的政策,网站的主机图像删除用户信息。
此外,复制图像可能会摆脱大多数使用错误图像数据的漏洞,导致查看器软件溢出,并注入恶意代码。这样的操纵图像可能只是GD的不可读。
I'm implementing a user-based image uploading tool for my website. The system should allow any users to upload JPEG and PNG files only. I'm, of course, worried about security and so I'm wondering how the many smarter people than myself feel about the following checks for allowing uploads:
1) First white list the allowable file extensions in PHP to allow only PNG, png, jpg, JPG and JPEG. Retrieve the user's file's extension via a function such as:
return end(explode(".", $filename));
This should help disallow the user from uploading something malicious like .png.php. If this passes, move to step 2.
2) Run the php function getimageize() on the TMP file. Via something like:
getimagesize($_FILES['userfile']['tmp_name']);
If this does not return false, proceed.
3) Ensure a .htaccess file is placed within the uploads directory so that any files within this directory cannot parse PHP files:
php_admin_value engine Off
4) Rename the user's file to something pre-determined. I.E.
$filename = 'some_pre_determined_unique_value' . $the_file_extension;
This will also help prevent SQL injection as the filename will be the only user-determined variable in any queries used.
If I perform the above, how vulnerable for attack am I still? Before accepting a file I should hopefully have 1) only allowed jpgs and pngs, 2) Verified that PHP says it's a valid image, 3) disabled the directory the images are in from executing .php files and 4) renamed the users file to something unique.
Thanks,
Regarding file names, random names are definitely a good idea and take away a lot of headaches.
If you want to make totally sure the content is clean, consider using GD or ImageMagick to copy the incoming image 1:1 into a new, empty one.
That will slightly diminish image quality because content gets compressed twice, but it will remove any EXIF information present in the original image. Users are often not even aware how much info gets put into the Metadata section of JPG files! Camera info, position, times, software used... It's good policy for sites that host images to remove that info for the user.
Also, copying the image will probably get rid of most exploits that use faulty image data to cause overflows in the viewer software, and inject malicious code. Such manipulated images will probably simply turn out unreadable for GD.
这篇关于PHP中的安全用户图像上传功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
