Created
May 12, 2023 07:21
-
-
Save tuckbloor/0fdb8662515d6a928515a83372a118e4 to your computer and use it in GitHub Desktop.
php file upload protect against phat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) { | |
// Handle upload error | |
} | |
$filePath = $_FILES['file']['tmp_name']; | |
$signature = file_get_contents('phar://' . $filePath . '/.signature'); | |
if ($signature !== 'GBMB') { | |
// Invalid PHAR file | |
} | |
// Move the uploaded file to a permanent location | |
$uploadDir = '/path/to/upload/directory/'; | |
$fileName = $_FILES['file']['name']; | |
$filePath = $uploadDir . $fileName; | |
if (!move_uploaded_file($_FILES['file']['tmp_name'], $filePath)) { | |
// Handle file move error | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment