dongshengli6384 2012-03-21 13:35
浏览 104
已采纳

使用带有0字节(空)的`file_put_contents`上传图像?

I've downloaded an image using file_get_contents from URL then uploaded it to my website using file_put_contents, the image appears in the specified directory, however it has the size of zero. I've changed the permissions to 777 in this directory and the parent directories, but nothing happened.

I already tried the same code in the localhost, and it worked perfectly.

By the way, I'm using a joomla website and a component called RSform Pro, it is used for creating forms and gives an area where you can edit the POST data before saving it in the database. Here's the code.

$content = file_get_contents($_POST['image_url']);

$date = date ('d-m-Y_h-m-i');   $random = rand(0,1000);
$name = 'mysite_'.$date.$random.'.png';

$filename = '/home/mysite/images/'.$name;

file_put_contents($filename, $content);
  • 写回答

1条回答 默认 最新

  • ds3422222 2012-03-21 18:05
    关注

    Where I start, there is so much wrong this code...

    1. You have to check the return value of file_get_contents and ensure your host allows retriving remote data (allow_url_fopen set to On in php.ini)
    2. After that, everything else is awfully wrong and punches a security hole in your application.The result you store in the $content variable must be written to an unique temporary file, whose only correct way of generation is using the tempnam() function.
    3. After issing file_put_contents to the filename generated by tempnam() and checking return values of the operation, you have to verify if the file is really a png image using php's fileinfo functions.
    4. If the previous step succeeds then use rename() to move the file to permanent storage, using a name that is very unlikely to be repeated ever. for that use $filename = hash('sha256', openssl_random_pseudo_bytes(16)) . 'png'. then store the resulting filename so it can be used to construct the links your application will show to users.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥15 帮我写一个c++工程
  • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
  • ¥15 关于smbclient 库的使用
  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?