我正在编写一个PHP脚本,该脚本从表单中获取输入,包括上传,并使用Magento的邮件客户端通过电子邮件将其发送给管理员。我认为我已经很好地介绍了基础知识,但我确定我错过了一些潜在的漏洞,因为我不是安全专家。
有人能指出我可能会忽略的一些事情吗?
<?php
$maxfilesize = 1000;
$maxStringLength = 50;
if(isset($_POST['submit'])){
$drivers_license = $_FILES['drivers-license'];
$cfi_cert = $_FILES['cfi-cert'];
$cfi_multiple = false;
if(count($_FILES['cfi-cert']['name']) > 1){
if(count($_FILES['cfi-cert']['name']) > 2){
die('Invalid input')
}
$cfi_multiple = true;
$cfi_cert1['name'] = $_FILES['cfi-cert']['name'][0];
$cfi_cert1['type'] = $_FILES['cfi-cert']['type'][0];
$cfi_cert1['tmp_name'] = $_FILES['cfi-cert']['tmp_name'][0];
$cfi_cert1['error'] = $_FILES['cfi-cert']['error'][0];
$cfi_cert1['size'] = $_FILES['cfi-cert']['size'][0];
$cfi_cert2['name'] = $_FILES['cfi-cert']['name'][1];
$cfi_cert2['type'] = $_FILES['cfi-cert']['type'][1];
$cfi_cert2['tmp_name'] = $_FILES['cfi-cert']['tmp_name'][1];
$cfi_cert2['error'] = $_FILES['cfi-cert']['error'][1];
$cfi_cert2['size'] = $_FILES['cfi-cert']['size'][1];
}
//Remove special characters from text inputs
$ftn = htmlspecialchars($_POST['ftn']);
$phone = htmlspecialchars($_POST['phone']);
$email = htmlspecialchars($_POST['email']);
if(strlen($email) > $maxStringLength || strlen($phone) > $maxStringLength || strlen($ftn) > $maxStringLength){
die('Invalid input');
}
//Build attachments array, calling image validation function for each
$attachments = array();
imageValidationErrorCheck($drivers_license, $maxfilesize);
$attachments[] = $drivers_license;
if($cfi_multiple){
imageValidationErrorCheck($cfi_cert1, $maxfilesize);
$attachments[] = $cfi_cert1;
imageValidationErrorCheck($cfi_cert2, $maxfilesize);
$attachments[] = $cfi_cert2;
} else {
imageValidationErrorCheck($cfi_cert, $maxfilesize);
$attachments[] = $cfi_cert;
}
//Use Magento's email client
$mageFilename = '../app/Mage.php';
require_once($mageFilename);
Mage::app();
$mailTemplate = Mage::getModel('core/email_template');
$mailTemplate->setSenderName('Test Sender');
$mailTemplate->setSenderEmail('testsender12345@test.com');
$mailTemplate->setTemplateSubject('Processing');
$output .= "Email Address:<br>";
$output .= $email . "<br><br>";
$output .= "Phone Number:<br>";
$output .= $phone . "<br><br>";
$output .= "FTN:<br>";
$output .= $ftn . "<br><br>";
$mailTemplate->setTemplateText($output);
foreach($attachments as $attachment){
$mailTemplate->getMail()->createAttachment(
file_get_contents($attachment['tmp_name']),
Zend_Mime::TYPE_OCTETSTREAM,
Zend_Mime::DISPOSITION_ATTACHMENT,
Zend_Mime::ENCODING_BASE64,
$attachment['name']
);
}
$mailTemplate->send('testrecipient@test.com');
}
//Validate images
function imageValidationErrorCheck($file, $maxSizeKb){
$error = '';
$baseName = basename($file['name']);
$type = substr($baseName, strrpos($baseName, '.') + 1);
$sizeInKb = $file['size'] / 1024;
//Limit size to max file size
if($sizeInKb > $maxSizeKb){
die('Invalid input');
}
//Check file extension
$allowedExtensions = array("jpg", "jpeg", "gif", "bmp", "png", "tiff", "pdf", "doc", "docx");
if(!in_array(strtolower($type), $allowedExtensions)){
die('Invalid input');
}
}
?>