来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 爱爱医某分站任意文件上传,对上传文件类型限制不严谨.?phperror_reporting(E_ALL);/*require_once #39;./include/common.inc.php#39;;if(!in_array($groupid,array(1,2,40,44,36,33,45,30,27,3))) { sho......
|
爱爱医某分站任意文件上传,对上传文件类型限制不严谨.
<?php
error_reporting(E_ALL);
/*
require_once './include/common.inc.php';
if(!in_array($groupid,array(1,2,40,44,36,33,45,30,27,3))) {
showmessage('group_nopermission', NULL, 'NOPERM');
}
*/
set_time_limit(0);
function genPassword($min = 5, $max = 8)
{
$validchars= "abcdefghijklmnopqrstuvwxyz123456789";
$max_char = strlen($validchars)-1;
$length = mt_rand($min,$max);
$password = "";
for($i=0;$i<$length;$i++)
{
$password.=$validchars[mt_rand(0,$max_char)];
}
return $password;
}
?>
<html>
<head>
<title>论坛调用图片FLASH专用通道</title>
<meta HTTP-EQUIV=Content-Type content="text/html; charset=gb2312">
<style>body {margin-right:40%}</style>
</head>
<br>
<br>
<br>
<br>
<a href="http://w2tools.iiyibbs.com/bbs/uploadimg/" target="_blank">图片FLASH浏览</a>
<?php
if(!empty($_GET['action']) && $_GET['action'] == 'upfile')
{
$name= $_POST['name'];
$ext = substr($_FILES['photo']['name'],-4);
if(preg_match('/jpeg/i', $ext)){
$ext=substr($_FILES['photo']['name'],-5);
}
$target_path = 'uploadimg/z'.time().genPassword().$ext;
//copy($_FILES['photo']['tmp_name'], $target_path);
move_uploaded_file($_FILES['photo']['tmp_name'], $target_path);
if(file_exists($target_path)) {
echo $name.'<font color="green">上传成功</font><a href=upimg.php>继续上传</a><br>';
?>
<script>
function oCopy(obj){
obj.select();
js=obj.createTextRange();
js.execCommand("Copy")
}
</script>
点击即可复制 <input class="input" onclick="oCopy(this)" value="http://w2tools.iiyibbs.com/bbs/<?echo $target_path?>" size="70"><br /><br /><br />
<img src="http://w2tools.iiyibbs.com/bbs/<?echo $target_path ?>">
<?php
}else{
echo '<font color="red">上传失败</font>';
}
exit;
}
?>
<form action="upimg.php?action=upfile" method="post" name="UForm" enctype="multipart/form-data">
<fieldset>
<legend>文件上传(仅支持FLASH和图片以及音频视频格式不大于16M)</legend>
<ul>
<li>图片或者FLASH<input type="file" name="photo"></li>
<li>说明<input type="text" name="name"></li>
<li><button type="submit">上传</button> </li>
</ul>
</fieldset>
</form>
</body>
</html>
我想问一下 上面写的只允许传FLASH类型文件是写着玩的么亲?
     修复方案:
就不告诉你.
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
