is_uploaded_file specifics

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

How exactly does the PHP function "is_uploaded_file" work ?

The reason I'm wondering is I have an existing script that accepts file uploads, that I would like to modify to accept a URL instead of something from $_FILES as well.
If I could simply have cURL/file_get_contents/etc fetch the URL, dump it in the "upload_tmp_dir" or similar, and setup the $_FILES entry myself the modification would be as simple as adding an IF statement above the existing upload code with this patch.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Having looked at the source, it appears a hashtable entry is set when PHP gets the request that I can't touch.
I was hopeing it simply checked an uploads folder.

Probably going to be easier just turning the section of code that works with the upload into a function and going from there.

Makes it harder to patch existing installations of the script, but it will work as expected. :D
  • webdummy
  • Born
  • Born
  • User avatar
  • Posts: 4

Post 3+ Months Ago

joebert wrote:
Having looked at the source, it appears a hashtable entry is set when PHP gets the request that I can't touch.
I was hopeing it simply checked an uploads folder.

Probably going to be easier just turning the section of code that works with the upload into a function and going from there.

Makes it harder to patch existing installations of the script, but it will work as expected. :D



Check this out 8) http://www.trap17.com/index.php/php-ftp ... 55649.html
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I don't think that's quite what I'm looking for, though it does look usefull. :D

Here's an outlook of what I'd like to be able to do.

Code: [ Select ]
$url = clean($_GET['url']);
$utd = ini_get('upload_tmp_dir');
$str = file_get_contents($url);
pile_put_contents("$utd/" . md5($url));
$_FILES['ulpoad']['tmp_name'] = "$urd/" . md5($url);
 
// This is where the existing script begins
if( ... && is_uploaded_file($_FILES['upload']['tmp_name']))
{
   // do
}
  1. $url = clean($_GET['url']);
  2. $utd = ini_get('upload_tmp_dir');
  3. $str = file_get_contents($url);
  4. pile_put_contents("$utd/" . md5($url));
  5. $_FILES['ulpoad']['tmp_name'] = "$urd/" . md5($url);
  6.  
  7. // This is where the existing script begins
  8. if( ... && is_uploaded_file($_FILES['upload']['tmp_name']))
  9. {
  10.    // do
  11. }
  • Truce
  • Guru
  • Guru
  • Truce
  • Posts: 1477
  • Loc: Washington DC

Post 3+ Months Ago

Putting the tmp_name variable in the $_FILES superglobal won't populate the other relevant fields. You don't need the $_FILES superglobal at all if you're doing transloading (downloading a file to your server via sending an HTTP request at the request of a third-party). Just get the external URL, grab the file with CURL (not file_get_contents...if you're not sure why, feel free to ask), and proceed to processing the file as you'd like.

The is_uploaded_file function is just another thing for a crafty hacker to have to deal with. It helps keep you from running over your own toes, so to speak. You don't have to use it to be safe...you just have to pay more attention without it.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Yeah yeah yeah, I know all about it.
I'm just being lazy and trying to keep from needing to do more work than I have to because there's existing installations of the script out there which people are going to want to update in most cases. The smaller the edit to make is for anyone who customized the script, the easier it will be to update. :D

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: ScottG and 87 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.