代码:
- <?php
- if(($_FILES[“file”][“type”]==“image/gif”)||($_FILES[“file”][“type”] == “image/jpeg”)|| ($_FILES[“file”][“type”] == “image/pjpeg”)&&($_FILES[“file”][“size”] < 200000)){
- $type=".jpg";
- if($_FILES[“file”][“type”]==“image/gif”){
- $type=".gif";
- }else{
- $type=".jpg";
- }
- $name=$_FILES[“file”][“name”];
- //echo “##name:” . $name . “<br>”;
- if(strpos($name,";")){
- die();
- }
- //echo “##wait:” . $wait . “<br />”;
- $wait=explode(".",$name);
- $okname=$wait[0];
- echo “##name[0]:” . $wait[0] . “<br />”;
- $okname=$okname . $type;
- mkdir("./upload");
- echo “##type:” . $type . “<br />”;
- echo “##okname:” . $okname . “<br />”;
- echo “Upload: " . $_FILES[“file”][“name”] . “<br />”;
- echo “Type: " . $_FILES[“file”][“type”] . “<br />”;
- echo “Size: " . ($_FILES[“file”][“size”] / 1024) . " Kb<br />”;
- echo “Stored in: " . $_FILES[“file”][“tmp_name”];
- move_uploaded_file($_FILES[“file”][“tmp_name”],”./upload/” . $okname);
- }
- ?>
- <form action=”" method=“post” enctype=“multipart/form-data”>
- <input type=“file” name=“file”><input type=“submit”>
- </form>
使用的方法是将整个文件的扩展名改成JPG或GIF。
其中if(strpos($name,";")){ die(); } 是为了防止IIS6的解析漏洞,IIS6在解析文件时如果遇到hello.php;112233.jpg这样的文件,会默认解析为hello.php
为什么不直接在整个文件后面加上一个扩展名,像hello.php.rar.mp4.jpg ? Apache服务器解析时会将如hello.php.avi.jpg这样的文件取第一个“.”,解析成hello.php,所以上面使用了explode方法