php - secure way to upload text and image in php
问题描述
Just want to check how vulnerable are my scripts and projects. From the research of expert's blog and answer, I found possible attack and injection is based on
- file types
- sql statements
- access to image folder in root,
- session
I heard about Anti-CSRF token to prevent session hijacking. How can I pass CSRF token value from ajax form data.
I am not sure how much I am secure. Please guide me what I have to add in following scripts to improve security?
<?php
if(!empty($_POST['heading']) && !empty($_POST['content']) && !empty($_POST['keytag']) && !empty($_POST['date'])){
$query = '';
if(!empty($_FILES['file']['name'])){
$target_dir = "../images/news/";
$img = basename($_FILES['file']['name']);
$verifyimg = getimagesize($_FILES['file']['tmp_name']);
$imageFileType = strtolower(pathinfo($img,PATHINFO_EXTENSION));
$img_ext = end((explode('.', $img)));
if($_FILES['file']['size'] > 200000){
echo "File is too large";
exit();
}
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
echo "Only jpg/png/gif image !";
exit();
}
if($verifyimg['mime'] != 'image/png' && $verifyimg['mime'] != 'image/jpg' && $verifyimg['mime'] != 'image/jpeg' && $verifyimg['mime'] != 'image/gif') {
echo "Image is not valid";
exit;
}
else{
$new_img = substr(md5(time()), 0, 10) . '.' . $img_ext;
$target_file = $target_dir .$new_img;
move_uploaded_file($_FILES["file"]["tmp_name"], $target_file);
$query = $con->prepare('INSERT into news(heading, content, keytag, date, img) VALUES(:heading, :content, :keytag, :date, :new_img)');
$query->bindParam(':new_img',$new_img);
}
}
if(empty($_FILES['file']['name'])){
$query = $con->prepare('INSERT into news(heading, content, keytag, date) VALUES(:heading, :content, :keytag, :date)');
}
$query->bindParam(':heading', $_POST['heading']);
$query->bindParam(':content', $_POST['content']);
$query->bindParam(':keytag', $_POST['keytag']);
$query->bindParam(':date', $_POST['date']);
if($query->execute()){
echo "Successfully Inserted";
};
}
?>
.htaccess
To block direct access
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www\.your-domain\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.your-domain\.com$ [NC]
RewriteRule .*\.(wav|swf|jpg|jpeg|gif|png|bmp|js|css)$ - [F,NC,L]
My main question is how to pass CSRF Token from ajax ?
html
<input type="hidden" name="_token" value="<?php echo $_SESSION['_token']; ?>" />
<input type="submit" value="Upload" />
Ajax
<script>
$(document).on('submit', '#form', function(e){
e.preventDefault();
$.ajax({
type: 'POST',
url: 'upload.php',
data: new FormData(this),
contentType: false,
cache: false,
processData:false,
success: function(data){
alert(data);
}
});
});
$("#file").change(function(){
var file = this.files[0];
var imagefile = file.type;
var match= ["image/jpeg","image/png","image/jpg"];
if(!((imagefile==match[0]) || (imagefile==match[1]) || (imagefile==match[2]))){
alert('Please select a valid image file (JPEG/JPG/PNG).');
$("#file").val('');
return false;
}
});
</script>
解决方案
推荐阅读
- c++ - 搜索链表
- php - 使用 php 变量修改 p 标签
- cmd - 使用 Robocopy 从多个来源复制到一个目的地
- python-3.x - python3 的 BufferedProtocol 是 TCP 的抽象吗?还是它太低级以至于我也必须实现 TCP 的东西?
- c++ - 我可以在 sfml/c++ 中制作记分牌吗?
- python - 找到第 n 个循环素数
- python - 如何在 raspberry / raspian 上观看自动启动 python 脚本?
- r - 如何通过因子计算列的平均值 - R
- heroku - 访问 sendgrid.com 被拒绝
- javascript - 指出当前在 JS 中使用的 DOM 类?