1.2.452. File Uploads¶
This code makes usage of file upload features of PHP.
Upload file feature is detected through the usage of specific functions :
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo 'File is valid, and was successfully uploaded.'.PHP_EOL;
} else {
echo 'Possible file upload attack!'.PHP_EOL;
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print '</pre>';
?>
See also Handling file uploads.
1.2.452.1. Specs¶
Short name |
Structures/FileUploadUsage |
Rulesets |
|
Exakat since |
0.8.4 |
PHP Version |
All |
Severity |
|
Time To Fix |
|
Precision |
Very high |
Features |
file-upload |
Available in |