V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
This topic created in 4002 days ago, the information mentioned may be changed or developed.
因为有时候拉图片拉的不完整,所以判断下MD5
<?php
$target = $_GET['url'];
$filename = basename($target);
$tupian = './cache/'.$filename;
$kzm = explode(".",$filename);
$tupian_md5 = $tupian.'.txt';
if (file_exists($tupian_md5) ) {
if (count(file($tupian_md5)) == '1')
{
$md5file = md5_file($tupian);
file_put_contents($tupian_md5,PHP_EOL.$md5file,FILE_APPEND);
$content = file_get_contents($tupian);
}
else if (count(file($tupian_md5)) == '2' && substr_count(file_get_contents($tupian_md5),mb_substr(file_get_contents($tupian_md5),0,32)) == 2)
{
$content = file_get_contents($tupian);
}
else if (count(file($tupian_md5)) == '2' && substr_count(file_get_contents($tupian_md5),mb_substr(file_get_contents($tupian_md5),0,32)) != 2)
{
@unlink($tupian);
@unlink($tupian_md5);
$content = file_get_contents($target);
}
else
{
$content = file_get_contents($tupian);
}
}
else {
$md5file_t = md5_file($target);
file_put_contents($tupian_md5,$md5file_t);
$content = file_get_contents($target);
$fp = fopen($tupian, 'w+');
fwrite($fp, $content);
fclose($fp);
}
header('Content-Type: image/'.end($kzm).'');
echo $content;
?>
<?php
$target = $_GET['url'];
$filename = basename($target);
$tupian = './cache/'.$filename;
$kzm = explode(".",$filename);
$tupian_md5 = $tupian.'.txt';
if (file_exists($tupian_md5) ) {
if (count(file($tupian_md5)) == '1')
{
$md5file = md5_file($tupian);
file_put_contents($tupian_md5,PHP_EOL.$md5file,FILE_APPEND);
$content = file_get_contents($tupian);
}
else if (count(file($tupian_md5)) == '2' && substr_count(file_get_contents($tupian_md5),mb_substr(file_get_contents($tupian_md5),0,32)) == 2)
{
$content = file_get_contents($tupian);
}
else if (count(file($tupian_md5)) == '2' && substr_count(file_get_contents($tupian_md5),mb_substr(file_get_contents($tupian_md5),0,32)) != 2)
{
@unlink($tupian);
@unlink($tupian_md5);
$content = file_get_contents($target);
}
else
{
$content = file_get_contents($tupian);
}
}
else {
$md5file_t = md5_file($target);
file_put_contents($tupian_md5,$md5file_t);
$content = file_get_contents($target);
$fp = fopen($tupian, 'w+');
fwrite($fp, $content);
fclose($fp);
}
header('Content-Type: image/'.end($kzm).'');
echo $content;
?>
 |
1
800126 May 15, 2015
你加一句“PHP才是最好的语言”,立马就有人回复你了。
|
 |
2
ichou May 15, 2015
代码贴到 gist 上再发上来会比较好
|
 |
3
RIcter May 15, 2015
会有任意文件读取吧?
|
 |
4
p1n3 May 15, 2015
xx.php?url=file:///etc/passwd
|
 |
5
extreme May 15, 2015
用正则表达式对$_GET['url']以及$filename匹配下比较好,例如不允许有'../'之类的。
例如:preg_match('/^[a-zA-Z0-9\-]+\.(jpg|png|gif)$/', $_GET['url']) 就只允许文件名有字母,数字和'-',且扩展名仅能为jpg或png或gif。 对这个php文件设置openbasedir,甚至是chroot,更安全。 |
 |
6
phithon May 15, 2015
代码不加高亮我就不仔细看了,感觉会出任意文件读取、文件删除漏洞。4楼真相。
建议: 参数是url的话,正则判断 |^https?://.*\.(jpg|png|gif)$|is是否非法。 本地文件名的话,用$name = basename($name);处理一遍,再判断一遍后缀是否是图片就差不多了。 |
 |
7
denghongcai May 15, 2015
4楼的并没有任意文件读取,basename也不是个这种情况都照顾不到的函数的
|
 |
8
ryd994 May 17, 2015 via Android
chroot 卍解
|
Select Language