PHP y upload (1)
19 Octubre 2009 por admin
http://www.bilbaodigital.es/Hacking/php-shell-upload-iv.html
The understanding of the systems architecture is essential to analize its security. PHP file upload architecture:
- Files are transferred from client filesystem to server RAM.
- Apache process will check httpd.conf and php.ini directives.
- Once completed, file will be dumped into the server’s default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The temporary directory used for storing files must be writable by apache user.
- After a correct transfer, if track_vars is enabled (always since 4.0.3), $_FILES superglobal array is defined (is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods). Only name and type are provided by the user, and therefore tmp_name, error, and size are provided by PHP. The related variables will be initialized as globals if register_globals is enabled (must be desactivated).
- The control is given to the php script to move the file to another location. If not, the temp file will be automatically unlinked at the end of the script.
- Directives in a php.ini file
upload_max_filesize = 10Mpost_max_size = 20M
- .htaccess file
php_value upload_max_filesize 10Mphp_value post_max_size 20M
The PHP documentation states that the memory_limit setting also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size.
memory_limit = 16Mto your php.ini file (recommended, if you have access)ini_set('memory_limit', '16M');to your sites/default/settings.php filephp_value memory_limit 16Mto your .htaccess file in root
With root access, you can use the sed util in Linux/Unix based systems, in order to increace the memory for 64M. Don’t forget to properly locate you php.ini file!
sed -i 's/memory_limit = 16M/memory_limit = 64M/' /etc/php5/apache2/php.ini