PHP表单处理脚本中的漏洞
我正在编写一个PHP脚本,它从表单中获取输入,包括上传,并使用Magento的邮件客户端将它们发送给管理员。我认为我已经很好地涵盖了基本知识,但我肯定我遗漏了一些潜在的漏洞,因为我不是安全专家 有人能指出一些我可能忽略的事情吗PHP表单处理脚本中的漏洞,php,security,magento,upload,Php,Security,Magento,Upload,我正在编写一个PHP脚本,它从表单中获取输入,包括上传,并使用Magento的邮件客户端将它们发送给管理员。我认为我已经很好地涵盖了基本知识,但我肯定我遗漏了一些潜在的漏洞,因为我不是安全专家 有人能指出一些我可能忽略的事情吗 <?php $maxfilesize = 1000; $maxStringLength = 50; if(isset($_POST['submit'])){ $drivers_license = $_FILES['drivers-license'];
<?php
$maxfilesize = 1000;
$maxStringLength = 50;
if(isset($_POST['submit'])){
$drivers_license = $_FILES['drivers-license'];
$cfi_cert = $_FILES['cfi-cert'];
$cfi_multiple = false;
if(count($_FILES['cfi-cert']['name']) > 1){
if(count($_FILES['cfi-cert']['name']) > 2){
die('Invalid input')
}
$cfi_multiple = true;
$cfi_cert1['name'] = $_FILES['cfi-cert']['name'][0];
$cfi_cert1['type'] = $_FILES['cfi-cert']['type'][0];
$cfi_cert1['tmp_name'] = $_FILES['cfi-cert']['tmp_name'][0];
$cfi_cert1['error'] = $_FILES['cfi-cert']['error'][0];
$cfi_cert1['size'] = $_FILES['cfi-cert']['size'][0];
$cfi_cert2['name'] = $_FILES['cfi-cert']['name'][1];
$cfi_cert2['type'] = $_FILES['cfi-cert']['type'][1];
$cfi_cert2['tmp_name'] = $_FILES['cfi-cert']['tmp_name'][1];
$cfi_cert2['error'] = $_FILES['cfi-cert']['error'][1];
$cfi_cert2['size'] = $_FILES['cfi-cert']['size'][1];
}
//Remove special characters from text inputs
$ftn = htmlspecialchars($_POST['ftn']);
$phone = htmlspecialchars($_POST['phone']);
$email = htmlspecialchars($_POST['email']);
if(strlen($email) > $maxStringLength || strlen($phone) > $maxStringLength || strlen($ftn) > $maxStringLength){
die('Invalid input');
}
//Build attachments array, calling image validation function for each
$attachments = array();
imageValidationErrorCheck($drivers_license, $maxfilesize);
$attachments[] = $drivers_license;
if($cfi_multiple){
imageValidationErrorCheck($cfi_cert1, $maxfilesize);
$attachments[] = $cfi_cert1;
imageValidationErrorCheck($cfi_cert2, $maxfilesize);
$attachments[] = $cfi_cert2;
} else {
imageValidationErrorCheck($cfi_cert, $maxfilesize);
$attachments[] = $cfi_cert;
}
//Use Magento's email client
$mageFilename = '../app/Mage.php';
require_once($mageFilename);
Mage::app();
$mailTemplate = Mage::getModel('core/email_template');
$mailTemplate->setSenderName('Test Sender');
$mailTemplate->setSenderEmail('testsender12345@test.com');
$mailTemplate->setTemplateSubject('Processing');
$output .= "Email Address:<br>";
$output .= $email . "<br><br>";
$output .= "Phone Number:<br>";
$output .= $phone . "<br><br>";
$output .= "FTN:<br>";
$output .= $ftn . "<br><br>";
$mailTemplate->setTemplateText($output);
foreach($attachments as $attachment){
$mailTemplate->getMail()->createAttachment(
file_get_contents($attachment['tmp_name']),
Zend_Mime::TYPE_OCTETSTREAM,
Zend_Mime::DISPOSITION_ATTACHMENT,
Zend_Mime::ENCODING_BASE64,
$attachment['name']
);
}
$mailTemplate->send('testrecipient@test.com');
}
//Validate images
function imageValidationErrorCheck($file, $maxSizeKb){
$error = '';
$baseName = basename($file['name']);
$type = substr($baseName, strrpos($baseName, '.') + 1);
$sizeInKb = $file['size'] / 1024;
//Limit size to max file size
if($sizeInKb > $maxSizeKb){
die('Invalid input');
}
//Check file extension
$allowedExtensions = array("jpg", "jpeg", "gif", "bmp", "png", "tiff", "pdf", "doc", "docx");
if(!in_array(strtolower($type), $allowedExtensions)){
die('Invalid input');
}
}
?>
我觉得这很好-您在用户输入字段上使用了htmlspecialchars
,并且没有插入任何数据库,从而消除了SQL注入。但是,在发送电子邮件时,您只需检查MIME
类型。我建议在文件实际上载时也检查它:)这可能更适合于我看来相当不错的情况-您在用户输入字段上使用htmlspecialchars
,而不插入任何数据库,从而消除了SQL注入。但是,在发送电子邮件时,您只需检查MIME
类型。我建议在文件实际上传时也检查它:)这可能更适合