Upload security issue

Question

Upload security issue

Navigation

#1 by (-2 votes)

2

I have an application built with CodeIgniter that uploads image files to a directory on the server. Running on localhost, works perfectly. When on the official server, an error is returned while trying to download the file. Suspecting the lack of permission in the folder, I asked the person who takes care of the server to release the directory access. This person said there would be a security risk and asked me to find an alternative upload.

The question is: how to upload files without having to open all defenses on the server? Below is the code for the view.

HTML:

 <table width="100%" cellspacing="0" cellpadding="0" border="0" id="Table11">
   <tbody>
      <tr>
        <td>               
           <br />
           <div id="resposta" style="width: 120px; height: 60px; border: thin dashed #555;">

           </div>
           <br />
           <form name="formUpload" id="formUpload" method="post">
                <span class="label" id="Label14">Banner:</span>
                <label><input type="file" name="arquivo" id="arquivo" size="45" style="font-size: 11px; " /></label>
                 <br />
                 <progress value="0" max="100"></progress><span id="porcentagem">0%</span>
                 <br />
                 <input type = "button" value="Enviar Banner" onclick="enviarBanner()" style="margin: 5px; border: 1px solid #555; cursor: pointer; font-size: 12px;" />
              </form>
            </td>
         </tr>
     </tbody>
 </table>

JavaScript:

 <script type="text/javascript">
 function enviarBanner(){
            if($.trim($('#descBanner').val()) === ""){
                alert("Campo DesciÃ§ao Ã© Obrigatorio");
                $('#descBanner').focus();
                return;
            }
            arquiv = $('#arquivo').val();
            $('#formUpload').ajaxForm({     
                uploadProgress: function(event, position, total, percentComplete) {
                    $('progress').attr('value',percentComplete);
                    $('#porcentagem').html(percentComplete+'%');
                },  
                success: function(data) {
                    $('progress').attr('value','100');
                    $('#porcentagem').html('100%'); 
                    if(data.sucesso === true){
                        enviado = true;
                        $('#resposta').html('<img src="<?php echo base_url()?>'+ data.msg +'" width="120" height="60" />'); 
                    }
                    else{
                        $('#resposta').html(data.msg);
                    }                
                },
                error : function(){
                    $('#resposta').html('Erro ao enviar requisiÃ§Ã£o!');
                },
                dataType: 'json',
                url: '<?php echo base_url()?>areaRestrita/banners/imgUpload',
                resetForm: true
            }).submit();
            enviado = true;
        }
</script>

Below is the upload function:

function imgUpload(){

           $arquivo = $_FILES['arquivo'];

           $tipos = array('jpg', 'png', 'gif', 'psd', 'bmp');

           $enviar = $this->uploadFile($arquivo, 'Imagens/banners/', $tipos);

       }

function uploadFile($arquivo, $pasta, $tipos, $nome = null){
$nomeOriginal = "";
    if(isset($arquivo)){
        $infos = explode(".", $arquivo["name"]);
        if(!$nome){
            for($i = 0; $i < count($infos) - 1; $i++){
                $nomeOriginal = $nomeOriginal . $infos[$i] . ".";
            }
        }
        else{
            $nomeOriginal = $nome . ".";
        }
        $tipoArquivo = $infos[count($infos) - 1];
        $tipoPermitido = false;
        foreach($tipos as $tipo){
            if(strtolower($tipoArquivo) == strtolower($tipo)){
                $tipoPermitido = true;
            }
        }
        if(!$tipoPermitido){
            $retorno["erro"] = "Tipo nÃ£o permitido";

        }
        else{
            if(move_uploaded_file($arquivo['tmp_name'], $pasta . $nomeOriginal . $tipoArquivo)){

                $retorno["caminho"] = $pasta . $nomeOriginal . $tipoArquivo;
            }
            else{

                $retorno["erro"] = "Erro ao fazer upload";

            }
        }
    }
    else{
        $retorno["erro"] = "Arquivo nao setado";

    }

    return $retorno;
}

php upload

asked by anonymous 13.01.2015 / 11:50

1 answer

Export HTML form to PDF with input field initialized by js does not appear in Pdf document Every time I download files I get a large amount of errors [closed]

score -2 · Answer 1

Good afternoon, this question is very relative, but what can be done is: give permission for "directory owners" (it may be you) where it will only contain the images (this you see with the staff that takes care of the server) and also add a ".htaccess" file to not allow access to the folder root (type showing the name of all the files in the browser).

It is common to have a directory for images only and therefore does not need to break server security.

Security Tip: Save your images with encrypted names on the server (in the database you can save the original name along with the encryption of the file) and when pulling the images from this directory, watch out for "Directory Transversal ", which instead of the image would look something like this:

link