简体繁体 English

php文件上传到服务器

[英]php file upload to the server

原文 2013-11-04 11:24:28 6 1 php/ security/ file-upload

Writing a secure file upload PHP Script from the bottom sounds like hell to me. 从底部开始编写一个安全的文件上传PHP脚本，对我来说听起来像地狱。

The basic rules to uploading a file in no particular order: 不按特定顺序上传文件的基本规则：

1) Create a new file, something random, and give the new uploaded file that name 1）创建一个随机的新文件，并为新上传的文件指定名称

2) Check the extension 2）检查扩展名

3) Check for the exif trick 3）检查exif技巧

4) Store all uploaded files off the web root, and give that directory no permissions to execute files. 4）将所有上载的文件存储在Web根目录之外，并且不授予该目录执行文件的权限。

5) make sure that the file upload function is PHP does not execute the code while uploading the file 5）确保文件上传功能是PHP，在上传文件时不执行代码

6) Check the file size 6）检查文件大小

7) Do some malware scan 7）做一些恶意软件扫描

8) limit filesize 8）限制文件大小

So i am thinking thats a lot :) 所以我在想很多

I havent even begun writing a script for all this, because i have 3 basic questions. 我什至没有开始为所有这些编写脚本，因为我有3个基本问题。

1) Is my list complete, if something are missing please state which 1）我的清单是否完整，如果缺少什么，请说明

2) is there some sort of framework that can do all this for me? 2）是否有某种可以为我做所有这些事情的框架？ Something simple, not a big huge one that can do multible other things. 简单的东西，不是可以做很多其他事情的大东西。

3) Is this a guide good? 3）这对指导有用吗？ http://www.sitepoint.com/file-uploads-with-php/ http://www.sitepoint.com/file-uploads-with-php/

I would love to post code, but since this subject is big, i feel its better to ask larger. 我很想发布代码，但是由于这个主题很大，因此我觉得最好提出更大的建议。

Thanks in advance. 提前致谢。

1 个解决方案

The “exif trick” and other measures in that article to sniff file contents are of little use in themselves. 该文章中的“ exif技巧”和其他用于嗅探文件内容的措施本身很少使用。 (OK, it's worth checking uploaded images are of the expected pixel size, but that's application-specific rather than a security problem.) （好的，值得检查上传的图像是否具有预期的像素大小，但这是特定于应用程序的，而不是安全问题。）

The article doesn't say what the threat model is that it's trying to address with filetype sniffing, but what this is commonly trying to do is prevent cross-site scripting attacks, where the attacker includes some active content in the file. 这篇文章没有说威胁模型试图用文件类型嗅探来解决，但是通常试图做的是防止跨站点脚本攻击，攻击者在文件中包含一些活动内容。 Usually this is with HTML in files, which browsers (especially IE) sniff and decide to interpret as HTML even though that's not how the file is being served. 通常，这与文件中的HTML一起使用，浏览器（尤其是IE）会嗅探并决定将其解释为HTML，即使这不是文件的提供方式。 Unfortunately, checking that a file begins with a PDF header, or represents a valid GIF image does not help you here because it's possible to make “chameleon” files that can be interpreted as different filetypes simultaneously. 不幸的是，检查文件是否以PDF标头开头或表示有效的GIF图像在这里无济于事，因为可以制作“变色龙”文件，这些文件可以同时解释为不同的文件类型。

This attack can be blocked in modern browsers by serving the files with a specific non-HTML Content-Type and an X-Content-Type: nosniff header. 通过为文件提供特定的非HTML Content-Type和X-Content-Type: nosniff标头，可以在现代浏览器中阻止此攻击。 However there are more obscure attacks involving getting content into Flash or Java plugins that are not affected by this header, and it's not watertight against older browsers. 但是，还有更多晦涩的攻击，涉及使内容进入不受此标头影响的Flash或Java插件中，并且与较旧的浏览器也不是水密的。

The really-safe way to stop XSS attacks on uploaded files is simply to serve them from a different hostname (ideally, a different domain name and IP address, but a simple subdomain is at least mostly-effective). 阻止对已上传文件的XSS攻击的真正安全方法只是从不同的主机名提供服务（理想情况下，使用不同的域名和IP地址，但简单的子域至少最有效）。 Then you can let an attacker XSS the user-uploads-hosting site as much as they like without it having a negative effect on your main site. 然后，您可以让攻击者XSS尽可能多地向用户上传托管站点，而不会对您的主站点造成负面影响。

Virus scanning is unlikely to prove useful for general-purpose file upload functions. 病毒扫描不太可能证明对通用文件上传功能有用。 If you are expecting people to use the site to exchange Windows executables then it can be worth scanning those for traditional malware, but for the general case you're typically concerned about attacks against the website itself—server exploitation, XSS, browser exploits—and those kind of attacks are not detected by AV scanners. 如果您期望人们使用该站点交换Windows可执行文件，那么值得对它们进行扫描以查找传统恶意软件，但是对于一般情况，您通常会担心针对网站本身的攻击-服务器利用，XSS，浏览器利用- AV扫描程序无法检测到此类攻击。

Your step (1) of creating a new random filename is a much better approach than “sanitising” user-supplied filenames as the linked article tries to do. 您创建新的随机文件名的步骤（1）是一种比链接文章尝试的“清理”用户提供的文件名更好的方法。 Its “safe filename” function is not directly vulnerable to directory traversal, but it does still allow oddnesses like .. (on its own), the empty string, .htaccess , and filenames that would confuse a Windows server, like trailing dots, reserved names and over-long names. 它的“安全文件名”功能不易受到目录遍历的影响，但仍允许诸如.. （单独使用），空字符串， .htaccess和会混淆Windows服务器的文件名之类的奇怪字符（如尾随点），保留名称和超长名称。

You are right that secure file upload is much trickier than it initially seems, and unfortunately most tutorial code out there (especially for PHP) is pretty disastrous. 没错，安全文件上传比最初看起来要难得多，并且不幸的是，那里的大多数教程代码（尤其是PHP）都是灾难性的。