2
\$\begingroup\$

I am creating a social network and I want to know if this is a secure way of uploading pics/gifs and videos.

if(isset($_POST['post'])) {

    $uploadOk = 1;
    $imageName = $_FILES['postToUpload']['name'];
    $errorMessage = "";
    $picdate = date('Y-m-d_H-i-s');

    if($imageName != "") {
        $targetDir = "assets/images/posts/";
        $imageName = $targetDir . uniqid() . basename($imageName);
        $imageFileType = pathinfo($imageName, PATHINFO_EXTENSION);
        
        if($_FILES['postToUpload']['size'] > 10971520) {
            $errorMessage = "Your file is to large";
            $uploadOk = 0;
        }

        if (strtolower($imageFileType) != "jpeg" && strtolower($imageFileType) != "png" &&
            strtolower($imageFileType) != "jpg" && strtolower($imageFileType) != "gif"
            && strtolower($imageFileType) != "mp4"&& strtolower($imageFileType) != "Ogg"
            && strtolower($imageFileType) != "WebM"){

            $errorMessage = "File type not allowed.";
            $uploadOk = 0;
        }

        if($uploadOk){
            if(move_uploaded_file($_FILES['postToUpload']['tmp_name'], $imageName)) {
                // image uploaded

            } else{
                // image did not upload
                $uploadOk = 0;
            }
        }
    }

    if($uploadOk) {

    $post = new Post($con, $userLoggedIn);

    $post->submitPost(trim(strip_tags(filter_var($_POST['post_text'], FILTER_SANITIZE_STRING))), 
        'none', $imageName);

    } else {

        echo "<div class='alert alert-danger'>
                $errorMessage
            </div>";
    }
}
\$\endgroup\$

1 Answer 1

Reset to default
2
\$\begingroup\$

Your code is insecure because:

  • It only relies on the file extension, so attackers can upload any backdoors.
  • It accesses variable $_FILES['postToUpload']['name'] without checking if it is defined and this may lead to Full Path Disclosure.
  • It uses function uniqid() without any arguments, so uniqueness is not guaranteed and the files that are uploaded simultaneously and have the same file name will be overwritten.
  • It stores the filename provided by user without removing potentially dangerous characters and this may lead to unexpected results.

Some recommendations to improve your code:

  • Get rid of the $uploadOk variable. You already have and handle the $errorMessage variable and this is enough to check if the file was uploaded successfully.
  • You should define $imageFileType as lowercase, instead of calling strtolower() for each extension.
  • You should define all accepted file extensions as lowercase, otherwise users won't able to upload some files (in your case WebM and Ogg, because strtolower($imageFileType) != "Ogg" and strtolower($imageFileType) != "WebM" will always be FALSE).
\$\endgroup\$

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.