RE: Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

[code]
<?php

	// Variable-ize all of the attributes of the file object
		$binFile = $_FILES['binFile'];
		$binFile_name = $_FILES['binFile']['name'];
		$binFile_size = $_FILES['binFile']['size'];
		$binFile_type = $_FILES['binFile']['type'];
		$binFile_tmp = $_FILES['binFile']['tmp_name'];
	// Get sender information
		$author = "test";
		$recipient = "test";
	// Tracking information on the file
		$date_submitted = date('Y-m-d H:i:s');
		$txtDescription = "test";
		$binFile_unique =
md5($author.$txtDescription.$binFile_name);
		$email_id = "test";
		
		$data = file_get_contents($binFile_tmp);
		$bytes_in_data = strlen($data);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" enctype="multipart/form-data" method="post" action="">
  <p>
    <input name="binFile" type="file" size="50">
</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
</p>
</form>

<?php echo $bytes_in_data; ?>

</body>
</html>
[/code]

Here is a proof of concept.. I loaded up the nVidia drivers to my default
tmp directory, then echoed out the strlen of the file when opened in
file_get_contents function.  It gave out the correct size.

>From here, I'm just going to see if it encrypts and spits out a different
(or no) number.

-----Original Message-----
From: Marek Kilimajer [mailto:lists@xxxxxxxxxxxxx] 
Sent: Friday, March 18, 2005 4:26 AM
To: webphp@xxxxxxxxxxxxxxxx
Cc: php-general@xxxxxxxxxxxxx
Subject: Re:  Files upload - Encrypt into a variable - Do not
injectinto db (PHP/Apache/MySQL)

Steven Altsman wrote:
> Yes, the link is http://www.radinks.com/upload/config.php
> 
> file_uploads = On
> upload_max_filesize = 40M
> max_input_time = 9000 (seconds)
> memory_limit (not limited, per handload config, from source)
> max_execution_time = 9000 (seconds)
> post_max_size = 40M
> 
> also, hidden INPUT tag MAX_FILE_SIZE with value="40000", which I'm
guessing
> needs it in kilobytes.

It's in bytes.

Check apache's config, namely LimitRequestBody directive.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux