PHP图片上传的安全方法 [英] PHP image upload security approach

问题描述

我开发了一个php脚本来取代目前的脚本，这将会对各个市场/国家有很大的影响。
其他人之间的脚本提供了照片上传功能。

经过大量的关于这个问题的阅读之后，我遵循了下面描述的方法。
我将非常感谢您对其安全性的评论。
$ b

1. 照片上传到web根目录之外的私人777文件夹中。 / li>
   
2. 执行白名单扩展名的检查（只允许jpgs，gifs，pngs）删除其他所有内容。
   
3. 使用getimagesize检查min
   
4. 检查mimetype和文件扩展名的匹配情况。


5. 将上传的照片调整到标准尺寸（使用imagecopyresampled）。


6. 将创建的文件保存为jpg。


7. 删除原始文件。不是随机的名字）即img51244.jpg


8. 根据不可预测的算法将新照片移动到公用文件夹的变量子目录（777权限）。也就是说， img10000.jpg 将被存储在 photos / a / f / 0 / img10000.jpg ，而 img10001.jpg 将存储在 photos / 0/9/3 / img10001.jpg 中。这是由于其他原因（使用静态内容服务子域或使用CDN）。


脚本将运行在linux专用服务器。


解决方案

1. 根据定义，具有chmod 0777的目录公开给其他用户登录到您的服务器，而不是私人的。正确的权限是700，被 apache （或者你的web服务器运行的任何用户）拥有。我不知道为什么你不会在这里使用php的默认临时目录，因为它往往不在web根目录。


2. 白名单是一个好主意。注意要有正确的实施。例如，正则表达式 /。png / 实际上匹配 apng.php 。

<李>这一步是一个好主意。它基本上检查文件的魔法。

3. 不是绝对必要的。在前两个步骤中，我们确定扩展和文件格式是正确的。如果您需要客户端指定正确的MIME类型，则还应检查给定的MIME类型和上面确定的MIME类型是否相同。


$ b $第5步到第8步不是安全相关的。第2步：我假设你的网站允许每个人看到每一张照片。如果不是这种情况，你应该有一个URL方案，具有相当长的URL（比如图像的哈希）。


I develop a php script to replace a current one, that will have a lot of exposure to various markets/countries. This script between others offers an photo upload functionality .

After a lot of reading about the issue, I followed the approach described below. I would deeply appreciate your comments on its security.

1. The photo is uploaded in a private 777 folder outside web root.
2. A check for white listed extensions is performed (allow only jpgs, gifs, pngs) everything else is deleted.
3. Use of getimagesize to check of min-max dimensions and photo validity.
4. Check of mimetype and file extension match.
5. Resizing of uploaded photo to std dimensions (using imagecopyresampled).
6. Saving the created files as jpg.
7. Removal of original file.
8. Save photos with a new (not random name) ie img51244.jpg.
9. Move the new photos to variable subdirectories of a public folder (777 permissions) according to a non predictable algorithm. I.e., img10000.jpg will be stored at photos/a/f/0/img10000.jpg while img10001.jpg will be stored at photos/0/9/3/img10001.jpg. This is done for other reasons (use of subdomains for static content serve or use of a CDN).

The script will run on a linux dedicated server.

解决方案

1. A directory with chmod 0777 is, by definition, public to other users logged into your server, not private. The correct permissions would be 700 and being owned by apache (or whatever user your webserver runs at). I'm not sure why you wouldn't use php's default temporary directory here, since it tends to be outside of the web root too.
2. A white-list is a good idea. Be careful to have a correct implementation. For example, the regexp /.png/ actually matches apng.php.
3. This step is a great idea. It basically checks the file magic.
4. Is not strictly necessary. In the two previous steps, we have determined that extension and file format are correct. If you require a correct MIME type to be specified by the client, you should also check that the given MIME type and the one determined above are equivalent.

Steps 5 to 8 are not security-related.

Step 9: I'm assuming that your site allows everyone to see every photo. If that isn't the case, you should have a URL scheme with substantially longer URLs (say, the hashsum of the image).

这篇关于PHP图片上传的安全方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！