为什么我的pdf被重命名?

时间:2015-01-29 19:45:46

标签: php pdf upload

我有一个网站,客户可以使用产品信息上传pdf ..出于某种原因,pdf正在重命名为' Office'因为有许多pdf被上传,所以不会有效。如何保留上传的pdf名称?任何建议将不胜感激。

这是我的代码。

    session_start();
include('../config.php');
error_reporting(0);

// SESSION CHECK SET OR NOT
if(!isset($_SESSION['admin']))
{
    header('location:index.php');
}


if(isset($_POST['submit']))
{


    //When no image is selected
    if($_FILES['image']['name']=='')
    {
        $query      = "INSERT INTO `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,Category=?";
        $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$_POST['Category']);

    }else{

        $allowed_filetypes = array('jpg','jpeg','png','gif','pjpeg');
        $ext = end((explode(".", $_FILES['image']['name'])));
        $imageName  = $_POST['Office'].'.'.$ext;
        $path = "../".$path.$imageName;
        $tmp =  $_FILES['image']['tmp_name'];



        if(!in_array($ext,$allowed_filetypes))
        {

            $error  = 'danger';
            $errormsg = "You uploaded wrong image format";

        }else
        {
                $moved = move_uploaded_file($tmp,$path);

                //Resize the uploaded avatar
                resize($path , '150', '150', $ext);
                $query      = "INSERT INTO `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,image=?,Category=?";
                $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$_POST['Category']);

        }

    }





            //    PDF UPLOAD
            $allowed_filetypes_pdf = array('pdf');
            $ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
            $pdfName  = $_POST['Office'].'.'.$ext_pdf;


             $path = "../".$path_pdf.$_POST['Office']."/";
            //$path_pdf = "../".$path_pdf.$pdfName;
            $pdf=$path_pdf.$pdfName;


            $tmp_pdf =  $_FILES['pdf']['tmp_name'];

            if(!in_array($ext_pdf,$allowed_filetypes_pdf))
            {

                $error      = 'danger';
                $errormsg   = "You uploaded wrong image format";


            }else
            {
                $moved1 = move_uploaded_file($tmp_pdf, $path_pdf);

                $query      = "INSERT INTO `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,image=?,PDF_Path=?,Category=?";
                $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);

            }

        $statement  = $db->prepare($query);
        $statement->execute($parameters);

        $error  = 'success';
        $errormsg = "New User added successfully";

}

 $query = "select DISTINCT(Office) from userinfo ";
 $statement = $db->prepare($query);
 $statement->execute();


?>

HTML

<!DOCTYPE html>
<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js"> <!--<![endif]-->
<head>

    <title>Add Product</title>
    <?php include "include/head.php" ?>
    <link rel="stylesheet" href="../assets/plugins/fileupload/bootstrap-fileupload.css" type="text/css" />
    <link rel="stylesheet" href="../assets/css/custom.css" type="text/css" /> 


</head>

<body>
<div id="wrapper">

    <?php include 'include/header.php'; ?>
    <?php include 'include/topMenu.php'; ?>
    <?php include 'include/sidebar.php'; ?>

    <div id="content">
        <div id="content-header">
            <h1>Add New Product</h1>
        </div> <!-- #content-header -->
        <div id="content-container">
            <?php
            if($errormsg){
                echo "<div class='alert alert-$error'  style='padding-left: 5px;'>$errormsg</div>";
            }?>
            <div class="row">
                <div class="col-sm-6">
                    <div class="portlet">
                        <div class="portlet-header">
                            <h3><i class="fa fa-plus-square"></i>
                                Add Product
                            </h3>
                        </div> <!-- /.portlet-header -->
                        <div class="portlet-content">
                            <div id="error"></div>
                            <form id="validate-basic" action="" data-validate="parsley" method="post" class="form parsley-form ajax_form" enctype="multipart/form-data">
                                <div class="form-group">
                                    <label for="name">Office</label>
                                    <select class="form-control" name="Office">
                                        <?php
                                        while($row = $statement->fetch(PDO::FETCH_ASSOC))
                                        {
                                            echo  "<option value='{$row['Office']}'>{$row['Office']}</option>";
                                        }?>
                                    </select>

                                </div>

                                <div class="input-group">
                                        <h5 style="font-weight: 700; font-size: 13px;">Please select PDF</h5>
                                    <div class="input-group-btn">

                                            <input type="file" name="pdf"/>

                                    </div>
                                </div>

                                <div class="form-group" id="images">
                                    <label for="avatar">Product Image</label>
                                    <div class="fileupload fileupload-new" data-provides="fileupload">
                                        <div class="fileupload-new thumbnail" style="width: 180px; height: 150px;"><img src="../images/avatar/noimage.gif" alt="Product Avatar" /></div>
                                        <div class="fileupload-preview fileupload-exists thumbnail" style="max-width: 150px; max-height: 200px; line-height: 20px;"></div>
                                        <div>
                                          <span class="btn btn-default btn-file"><span class="fileupload-new">Select image</span><span class="fileupload-exists">Change</span>

                                          <input type="file" name='image' /></span>
                                            <a href="#" class="btn btn-default fileupload-exists" data-dismiss="fileupload">Remove</a>
                                        </div>
                                    </div>
                                </div>

                                <div class="form-group">
                                    <label for="name">Description</label>
                                    <input type="text" id="Description" name="Description" class="form-control" value="<?php echo $row_user['Description'] ?>">
                                </div>

                                <div class="form-group">
                                    <label for="name">Unit</label>
                                    <input type="text" id="Unit" name="Unit" class="form-control" value="<?php echo $_POST['Unit'] ?>">
                                </div>
                                <div class="form-group">
                                    <label for="select-input">Category</label>
                                    <select id="select-input" name="Category" class="form-control">
                                        <option value="G">Generic</option>
                                        <option value="S">Stationary</option>
                                        <option value="E">Envelopes</option>
                                        <option value="M">Megazine Reprint</option>
                                        <option value="T">Tabs</option>
                                    </select>
                                </div>

                                <div class="form-group">
                                    <label for="select-input">Generic</label>
                                    <select id="select-input" name="Generic" class="form-control">
                                        <option value="1">Yes</option>
                                        <option value="0">No</option>
                                    </select>
                                </div>

                                <div class="form-group">
                                    <button type="submit"  name="submit" class="btn btn-primary"><i class="fa fa-check-square-o"></i> Submit</button>
                                </div>
                            </form>
                        </div>
                        <!--END PORTLET-CONTENT -->
                    </div>
                    <!-- END PORTLET -->
                </div>
                <!-- END COL -->
            </div>
            <!--END ROW -->
        </div>
        <!-- END CONTENT-CONATINER -->
    </div>
    <!--END CONTENT -->
</div>
<!--END WRAPPER -->

&#39;

//    EDIT PRODUCT 
    $allowed_filetypes_pdf = array('pdf');
    $ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
    $pdfName  = $_POST['Office'].'.'.$ext_pdf;


    $pdf = ($_FILES['pdf']['name'])?$path_pdf.$pdfName:$_SESSION['oldpdf'];
   // $path = "../".$path_pdf.$_POST['Office']."/";

    $path_pdf = "../".$path_pdf.$pdfName;
    //            chmod($path_pdf, 0777);

        $tmp_pdf =  $_FILES['pdf']['tmp_name'];


        $moved1 = move_uploaded_file($tmp_pdf, $path_pdf);

        $query      = "UPDATE  `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,image=?,PDF_Path=?,Category=? WHERE ID=?";
        $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category'],$_POST['ID']);

2 个答案:

答案 0 :(得分:0)

尝试 ....

       //    PDF UPLOAD
    $allowed_filetypes_pdf = array('pdf');
    $ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
    $pdfName  = basename( $_FILES["pdf"]["name"]);


     $path = "../".$path_pdf.$_POST['Office']."/";
    //$path_pdf = "../".$path_pdf.$pdfName;
    $pdf=$path_pdf.$pdfName;


    $tmp_pdf =  $_FILES['pdf']['tmp_name'];

    if(!in_array($ext_pdf,$allowed_filetypes_pdf))
    {

        $error      = 'danger';
        $errormsg   = "You uploaded wrong image format";


    }else
    {
        $moved1 = move_uploaded_file($tmp_pdf, $path_pdf);

        $query      = "INSERT INTO `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,image=?,PDF_Path=?,Category=?";
        $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$pdf,$_POST['Category']);

    }

答案 1 :(得分:0)

试试这个:

我为您修复了2个漏洞

文件扩展名检查是不够的。如果将.pdf重命名为.php,则将其传递,上传以及.pdf。如果你检查mime类型的文件,它就不会再发生了。

在pdf名称中,您发送Office变量,如果攻击者跳回到文件夹中,则会再次受到攻击,并将其上传到其他位置。例如,如果Office的值是../../Someoffice

//$allowed_filetypes_pdf = array('pdf');
//$ext_pdf = end((explode(".", $_FILES['pdf']['name'])));
//$pdfName  = $_POST['Office'].'.'.$ext_pdf;

$name = $_FILES["pdf"]["name"];
$pdfName = substr($name, strrpos($name, "/"));

$dirName = str_replace(["../", "\0"], "", $_POST["Office"]);

$pdfName = $dirName."-".$pdfName; 

//$path = "../".$path_pdf.$_POST['Office']."/";
//$path_pdf = "../".$path_pdf.$pdfName;
//$pdf=$path_pdf.$pdfName;

$path_pdf = "../{$dirName}/{$name}";

$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($tmp_pdf);

if( $type != "application/pdf" )
{
    $error      = 'danger';
    $errormsg   = "You uploaded wrong image format";
}
else
{
    move_uploaded_file($tmp_pdf, $path_pdf);

    $query      = "INSERT INTO `products` SET Office  = ?,Description = ?,Unit  = ?,Generic  = ?,image=?,PDF_Path=?,Category=?";
    $parameters = array($_POST['Office'],$_POST['Description'],$_POST['Unit'],$_POST['Generic'],$imageName,$path_pdf,$_POST['Category']);
}