PHP: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Geist (Diskussion | Beiträge) |
Geist (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
| − | === Secure "included php files" === | + | ==== Secure "included php files" ==== |
'''index.php''' | '''index.php''' | ||
<?php | <?php | ||
| Zeile 16: | Zeile 16: | ||
[https://github.com/blockchainoffice/php-hackbugz/projects/ Secure php dynamic code build.] | [https://github.com/blockchainoffice/php-hackbugz/projects/ Secure php dynamic code build.] | ||
| − | === $_GET[] | Query Navigation === | + | ==== $_GET[] | Query Navigation ==== |
'''Example 1''' | '''Example 1''' | ||
<?php | <?php | ||
| Zeile 78: | Zeile 78: | ||
[https://stackoverflow.com/questions/2293902/is-sha-sufficient-for-checking-file-duplication-sha1-file-in-php Is SHA sufficient for checking file duplication? (sha1_file in PHP)] | [https://stackoverflow.com/questions/2293902/is-sha-sufficient-for-checking-file-duplication-sha1-file-in-php Is SHA sufficient for checking file duplication? (sha1_file in PHP)] | ||
| − | === GET PATH OR FILE URL === | + | ==== GET PATH OR FILE URL ==== |
''' echo __DIR__; ''' | ''' echo __DIR__; ''' | ||
''' echo __FILE__; ''' | ''' echo __FILE__; ''' | ||
| + | |||
| + | ==== ternary operator ==== | ||
| + | php short if/else | ||
| + | [https://davidwalsh.name/php-ternary-examples PHP Shorthand If / Else Examples] | ||
| + | [https://stitcher.io/blog/shorthand-comparisons-in-php Shorthand comparisons in PHP] | ||
Version vom 16. Januar 2022, 11:31 Uhr
Inhaltsverzeichnis
Secure "included php files"
index.php
<?php
if((!defined('z'))){ define('z','0'); }
include('file.php')
?>
file.php
<?php
if((!defined("z"))){exit;}
?>
HackBugZ | PHP-SECURE-INCLUDE-FILE
f611e2d0c2b292bce687e6c090956d63e396124abc17c2a2fa662c7ff6118ef2b43388c9d007cd2fadcad7d7952e6f855826028d58e5b1edd7264b2797996381
Secure php dynamic code build.
Example 1
<?php
$PAGES = array();
$PAGES = [
'home' => 'home.html'
,'about' => 'about.php'
,'contact' => 'somedir/contact.php'
];
@include(substr($PAGES[$_GET['p']] ?? ('home'), 0, 255));
exit;
?>
Example 2
<?php
$PAGES = array();
$PAGES = [
'home' => 'home.html'
,'about' => 'about.php'
,'contact' => 'somedir/contact.php'
];
@include($PAGES[$_GET['p']] ?? ('home'));
exit;
?>
CHANGE MAX UPLOAD FILESIZE
You can try it with .user.ini or .htaccess or ini_set(in your php script) For me .user.ini works perfectly
1. Create a new file(0644 on Linux) .user.ini on your webspace/working dir with max_execution_time = 10000 upload_max_filesize = 5000M post_max_size = 5000M
This is my config file .user.ini on my webspace and it works. You can change the values to your needs.
2. Create a new file(0644 on Linux) .htaccess on your webspace/working dir with php_value upload_max_filesize 1000M php_value post_max_size 1000M ! Don't forget the first dot/point at the beginning of the file.
3. Put this on the beginning of your php script
ini_set('upload_max_filesize', '1000M');
ini_set('max_execution_time', '1000');
ini_set('memory_limit', '128M');
ini_set('post_max_size', '1000M');
If this won't work(and you can't modify php.ini) than call your webhoster and ask him, what you can do :)
CHECK FOR DUPLICATE FILE WITH
$ sha1_file($file)
$ md5_file($file)
$ file_get_contents($file) Is SHA sufficient for checking file duplication? (sha1_file in PHP)
GET PATH OR FILE URL
echo __DIR__; echo __FILE__;
ternary operator
php short if/else PHP Shorthand If / Else Examples Shorthand comparisons in PHP