Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
Dawg
RavenNuke(tm) Development Team


Joined: Nov 07, 2003
Posts: 910

PostPosted: Thu Nov 11, 2010 5:21 am Reply with quote

I am trying to wrap my head around image uplaods and doing it correctly.

Man what a task!

So I have a form...this form allows you to upload an image.

First I am checking my MD5 session token...then running everthing through the mysql_real_escape_string
Code:
      if(isset($_POST['token']))

         {
            if($_POST['token'] != $_SESSION['token'])
               {
                  die('So Sorry...');
               }
      foreach ($_POST as $key => $value)
         {
            $_POST[$key] = mysql_real_escape_string($value);
         }


If it clears al that....

I process the image.
Coming out the other side...the orginal iamge is not saved...just the 2 images that I have resized.

The code works as expected but I still want to make sure that I am not leaving myself open to attack.

Code:
      $img_one  = addslashes(check_html($_POST['img_one'], 'nohtml' ));

      $RN1 = rand();
      $img_one = $_FILES['img_one']['tmp_name'];
      if( !empty($img_one) )
         {
         
            $src1 = imagecreatefromjpeg($img_one);
            list($width1, $height1) = getimagesize($img_one);
            $newwidth1 = 600;
            $newheight1 = ($height1/$width1)*$newwidth1;
            $newwidth1_2 = 400;
            $newheight1_2 = ($height1/$width1)*$newwidth1_2;
            $tmp1 = imagecreatetruecolor($newwidth1, $newheight1);
            imagecopyresampled($tmp1,$src1,0,0,0,0,$newwidth1,$newheight1,$width1,$height1);       
            $tmp1_2 = imagecreatetruecolor($newwidth1_2,$newheight1_2);
            imagecopyresampled($tmp1_2,$src1,0,0,0,0,$newwidth1_2,$newheight1_2,$width1,$height1);
            $newpath1= "modules/path/images/profiles/".$RN1."_1.jpg";
            $newpath1_tn= "modules/path/images/profiles/".$RN1."_1_tn.jpg";
            imagejpeg($tmp1,$newpath1,600);
            imagejpeg($tmp1_2,$newpath1_tn,400);
            $img_one=$newpath1;
            $img_one_tn=$newpath1_tn;
         }


I am reading though this... Only registered users can see links on this board! Get registered or login!

Some of this applys but some of it does not. What do you think? Have I coverad all the bases?

Thank You for your time!

Dawg
 
View user's profile Send private message
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Thu Nov 11, 2010 10:30 am Reply with quote

why do you use addslashes() ???
 
View user's profile Send private message Visit poster's website
Dawg
PostPosted: Thu Nov 11, 2010 10:43 am Reply with quote

djmaze,

I am adding the file name to the database once the uplaod is complete. So I addslashes to all the $var before inserting.

I did not figure it would hurt...and it worked as expected.

Thank You for your time!!

Dawg
 
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Thu Nov 11, 2010 11:08 am Reply with quote

Dawg, there is no point for the
Code:
     $img_one  = addslashes(check_html($_POST['img_one'], 'nohtml' ));
especailly since you are just overwriting it two lines later with
Code:
$img_one = $_FILES['img_one']['tmp_name'];

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
djmaze
PostPosted: Thu Nov 11, 2010 3:42 pm Reply with quote

Dawg wrote:
djmaze,

I am adding the file name to the database once the upload is complete. So I addslashes to all the $var before inserting.

That is bad behavior. Use the DB layer real_escape_string().
Since nuke only supports mysql (not mysqli) use mysql_real_escape_string() UNTIL something gets fixed!
 
Dawg
PostPosted: Thu Nov 11, 2010 5:10 pm Reply with quote

Only registered users can see links on this board! Get registered or login!

A very interesting artcle on all this...

So to recap...
Kill addslashes for my image code...

For all the rest of my $vars change add slashes to mysql_real_escape_string

Is that correct?

Pablin, DJMaze, I learn so much from ya'll....THANK YOU VERY MUCH FOR YOUR TIME!

DAwg
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©