0

誰でもこのコードで問題を見つけることができますか? 「無効なファイル拡張子_」を返し続けるPHPバージョン5.3.13

<?php
Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762);
$POST_MAX_SIZE = ini_get('post_max_size');
$unit = strtoupper(substr($POST_MAX_SIZE, -1));
$multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));

if ((int)$_SERVER['CONTENT_LENGTH'] $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) 
HandleError('POST exceeded maximum allowed size.');

// Settings
$save_path = getcwd() . '/uploads/';
// The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
$upload_name = 'file';
// change this accordingly
$max_file_size_in_bytes = 2147483647;
// 2GB in bytes
$whitelist = array('.jpg', '.png', '.gif', '.jpeg');
// Allowed file extensions
$backlist = array('.php', '.php3', '.php4', '.phtml','.exe');
// Restrict file extensions
$valid_chars_regex = 'A-Za-z0-9_-\s ';
// Characters allowed in the file name (in a Regular Expression format)

// Other variables      
$MAX_FILENAME_LENGTH = 260;
$file_name = '';
$file_extension = '';
    $uploadErrors = array(
    0=>'There is no error, the file uploaded with success',
    1=>'The uploaded file exceeds the upload_max_filesize directive in php.ini',
    2=>'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
    3=>'The uploaded file was only partially uploaded',
    4=>'No file was uploaded',
    6=>'Missing a temporary folder'
);

// Validate the upload
if (!isset($_FILES[$upload_name])) 
    HandleError('No upload found in \$_FILES for ' . $upload_name);
else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0) 
    HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
else if (!isset($_FILES[$upload_name]['tmp_name']) ||!@is_uploaded_file($_FILES[$upload_name]['tmp_name'])) 
    HandleError('Upload failed is_uploaded_file test.');
else if (!isset($_FILES[$upload_name]['name']))
    HandleError('File has no name.');

// Validate the file size (Warning: the largest files supported by this code is 2GB)
$file_size = @filesize($_FILES[$upload_name]['tmp_name']);
if (!$file_size || $file_size $max_file_size_in_bytes)
    HandleError('File exceeds the maximum allowed size');

if ($file_size <= 0)
    HandleError('File size outside allowed lower bound');
// Validate its a MIME Images (Take note that not all MIME is the same across different browser, especially when its zip file) 
if(!eregi('image/', $_FILES[$upload_name]['type'])) 
    HandleError('Please upload a valid file!');

// Validate that it is an image
$imageinfo = getimagesize($_FILES[$upload_name]['tmp_name']);
if($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg' && $imageinfo['mime'] != 'image/png' && isset($imageinfo))
    HandleError('Sorry, we only accept GIF and JPEG images');

// Validate file name (for our purposes we'll just remove invalid characters)
$file_name = preg_replace('/[^'.$valid_chars_regex.']|\.+$/i', '', strtolower(basename($_FILES[$upload_name]['name'])));
if (strlen($file_name) == 0 || strlen($file_name) $MAX_FILENAME_LENGTH)
    HandleError('Invalid file name');

// Validate that we won't over-write an existing file
if (file_exists($save_path . $file_name))
    HandleError('File with this name already exists');

// Validate file extension
if(!in_array(end(explode('.', $_FILES['file']['name'])), $whitelist))
    {HandleError('Invalid file extension_');}
if(in_array(end(explode('.', $_FILES['file']['name'])), $backlist))
    {HandleError('Invalid file extension');}

// Rename the file to be saved
$file_name = md5($file_name. time());

// Verify! Upload the file
if (!@move_uploaded_file($_FILES[$upload_name]['tmp_name'], $save_path.$file_name)) {
    HandleError('File could not be saved.');
}
exit(0);

/* Handles the error output. */
function HandleError($message) {
    echo $message;
    exit(0);
}



// Validate file extension
if(!in_array(end(explode('.', $_FILES['file']['name'])), $whitelist))
{HandleError('Invalid file extension_');}
if(in_array(end(explode('.', $_FILES['file']['name'])), $backlist))
{HandleError('Invalid file extension');}

?>
4

0 に答える 0