php fileUploadErrorAttack文件被非法上载,这可能是一个攻击

de90aj5v  于 2023-01-29  发布在  PHP
关注(0)|答案(1)|浏览(131)

我在多个图像上传工作,我得到的问题,第一个图像上传正确,第二个图像,它显示出文件上传错误攻击,你能帮我找出问题吗

    • 主计长**
public function mimageAction()
    {
         $form = new MultipleImageForm();
         $form->get('submit')->setValue('Submit');
         $request = $this->getRequest();
         if($request->isPost())
         {
            $nonFile = $request->getPost()->toArray();
            $File    = $this->params()->fromFiles('file');
            $data = array_merge_recursive($request->getPost()->toArray(), $request->getFiles()->toArray());
            //print_r($data); die;
            $form->setData($data);
            if ($form->isValid()) 
            {
                $count = count($data['varad']);
//                $dataNew=array(               
//                                'test'=>trim($data['test']),
//                                'file'=>trim($data['file']['name']),
//                                'image'=>trim($data['image']['name'])
//                            );
                $request = new Request();
                $files   = $request->getFiles();        
                for($i=0;$i<$count;$i++)
                {
                    $adapter = new \Zend\File\Transfer\Adapter\Http();
                    $adapter->setDestination('public/img/upload/'); // Returns all known internal file information
                    //$adapter->addFilter('File\Rename', array('target' =>"public/img/upload" . DIRECTORY_SEPARATOR .$data['varad'][$i]['name'] , 'overwrite' => true));
                    $filter = new \Zend\Filter\File\RenameUpload("public/img/upload/");
                    $filter->filter($files['varad'][$i]['name']);  
                    $filter->setUseUploadName(true);
                    $filter->filter($files['varad'][$i]['name']);
                    if(!$adapter->receive()) 
                    { 
                        $messages = $adapter->getMessages(); 
                        print_r($messages);
                    } 
                    else             
                    {
                        echo "Image Uploaded";
                    }
                }
//                $adapter = new \Zend\File\Transfer\Adapter\Http();
//                $adapter->setDestination('public/img/upload/'); // Returns all known internal file information
//                $adapter->addFilter('File\Rename', array('target' =>"public/img/upload" . DIRECTORY_SEPARATOR .$image2, 'overwrite' => true));
//                
//                if(!$adapter->receive()) 
//                { 
//                    $messages = $adapter->getMessages(); 
//                    print_r($messages);
//                } 
//                else             
//                {
//                    echo "Image Uploaded";
//                }
            }
         }
         return array('form' => $form);
    }
    • 表格**
public function __construct($name = null)
{
    parent::__construct('stall');
    $this->setAttribute("method","post");
    $this->setAttribute("enctype","multipart/form-data");

    $this->add(array(
        'name' => 'varad',
        'attributes' => array(
            'type'  => 'file',
            'multiple'=>'multiple',
        ),
        'options' => array(
            'label' => 'First Image',
        ),
         'validators' => array(
        'Size'  => array('max' => 10*1024*1024),

        )
    )); 

    $this->add(array(
        'name' => 'test',
        'attributes' => array(
            'type'  => 'text',
        ),
        'options' => array(
            'label' => 'Text Box',
        ),
    )); 

    $this->add(array(
        'name' => 'varad',
        'attributes' => array(
            'type'  => 'file',
            'multiple'=>'multiple',
        ),
        'options' => array(
            'label' => 'Second Image',
        ),
    )); 
      $this->add(array(
       'name' => 'submit',
        'type' => 'submit',
    )); 
}

在这里,我还尝试获得不同的名称的图像以及不同的程序的图像

iqxoj9l9

iqxoj9l91#

我觉得你不能用

$request->getFiles();

请尝试使用$adapter->getFileInfo()它正在从const _FILES获取文件。我给u给予个例子:

$adapter = new Zend_File_Transfer_Adapter_Http();
        $newInfoData = [];
        $path = $this->getBannerDirByBannerId($banner->getId());

        foreach ($adapter->getFileInfo() as $key => $fileInfo) {
            if (!$fileInfo['name']) {
                continue;
            }

            if (!$adapter->isValid($key)) {
                return $this->getPartialErrorResult($adapter->getErrors(), $key);
            }

            $fileExtension = pathinfo($fileInfo['name'], PATHINFO_EXTENSION);

            $newFileName = $key . '.' . $fileExtension;

            if (!is_dir($path)) {
                @mkdir($path, 0755, true);
            }

            $adapter->addFilter('Rename', array(
                'target'    => $path . $newFileName,
                'overwrite' => true
            ));
            $isReceive = $adapter->receive($key);

            if ($isReceive) {
                $newInfoData[$key] = $newFileName;
            }
        }

        if (!empty($newInfoData)) {
            $newInfoData['id'] = $banner->getId();
            return BannerModel::getInstance()->updateBanner($newInfoData);
        } else {
            return new Model_Result();
        }

相关问题