Secure uploading file
I have file uploaded system in my php project.
What I make at uploading:
1) Check file extension and file mime type.
2) If extension and mime type are allowed types, I save file outside of public_html
directory and then, I give the opportunity to users, download file so:
if (file_exists($file_path)) {
header('Content-Description: File Transfer');
header('Content-Type: some mime type');
header('Content-Disposition: attachment; filename=somefilename');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file_path));
readfile($file_path);
}
Question: this steps for uploading file, are secure or not? If not, what can make additional, for improve secure at uploading file?
Thanks.
Also try reading this article, it will give you some helpful information that you might not have tough before.
链接地址: http://www.djcxy.com/p/45672.html上一篇: 文件上传某些MIME类型
下一篇: 安全上传文件