Php move upload file with ftp_put -

- 

move_uploaded_file();  ftp_put();

i have input type file, let user upload image.

i try save user's image different server or sub domain.

so if uploads malicious file server wont execute on main server.

my questions are

  1. how can use move_uploaded_file ftp_put?

  2. should server or sub domain enough?

using different subdomain not isolate server: need put on different machine. however, saving file server not put in danger. problem comes when tries interact file in unsafe way. instance, particular image viewing program may have flaw in malicious image take advantage of. in case, opening uploaded image program put @ risk.

checking file extension not legitimate way determine file type. instance, write malicious executable file , name my_vacation_pic.jpeg. once again, not problem save on filesystem.

if want figure out file type, want unix file command, though i'm not sure of kind of risks involved in opening possibly malicious files command.

however, file not guarantee there nothing malicious in file. instance, may tell it's executable program of variety, can't tell it's safe run. or can tell it's jpeg file, can't tell hasn't figured out way make malicious if opened in particular program. best way sure file has nothing malicious in use genuine anti-virus software (and course, there no guarantees there either).

but really, need security depends entirely on intend it. storing data not mean executed in anyway (unless there specific vulnerability os, file-system driver, or program putting file there).

to direct question:

the file upload puts uploaded content on filesystem: can use normal means have of moving file 1 system another. instance, yes, can use ftp_put transfer file local filesystem remote ftp server, other file. variable $_files["upload_key"]["tmp_name"] tells filesystem path uploaded file stored, should able pass directly ftp_put other file.


Comments

Post a Comment

Popular posts from this blog

plot - Remove Objects from Legend When You Have Also Used Fit, Matlab -

-
Image
i've plotted data points , fitted exponential curve between them using 'fit' in matlab. problem fit-function got fitted line wanted plot, markers on top of regular markers. solved problem plotting wanted markers on top of unwanted couldn't seen. problem. when want show legends dots in there. how can remove markers legend without removing fitted line since both of them hidden inside fit-function? can stop 'fit' plotting unwanted markers? so, want remove blue dot called 'hoff' in picture below. you can leave out legend-entries manually leaving out handles of lines, dont want in legend. try this: %if plot something, want showing in legend, save handle: h_line = plot(x,y) %you dont want show line? dont anything, plot it: plot(mymarker) %then set legend-> can add text legend-entries %a cell-array containing strings want show up: legend([h_line another_line],{'text1' 'text2'}) with example (see comments) came solution:
Read more

java - Why does my date parsing return a weird date? -

-
here code using: string string = "08/07/2013".replace('/', '-'); date date = new simpledateformat("yyyy-mm-dd").parse(string); why date return: "wen jan 3 00:00:00 est 14"? not @ date format told use. edit: need format because database using requires format. the format use parse date string, not match it. using yyyy 08 . use following format: new simpledateformat("dd-mm-yyyy") and why @ replacing / - ? can build pattern original string only: string string = "08/07/2013" date date = new simpledateformat("dd/mm/yyyy").parse(string); and if want date string in yyyy-mm-dd format, can format date using dateformat#format(date) method: string formatteddate = new simpledateformat("yyyy-mm-dd").format(date); see also: change date format in java string simpledateformat java doc
Read more

Need help in packaging app using TideSDK on Windows -

-
i developed application using tidesdk on windows , when click launchapp works fine. moved package , installed imagemagick , wix 3.0 required packaging on windows. clicked on package runtime , cannot guess packaged app is? found file 'installer' in workspace when click on it says installer not find application path . think application not being packaged properly. here log see in tidesdk: preparing package desktop app runtime. 1 moment... staging trial -> copying contents d:\lab\tidesdk\trial d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying installer c:\programdata\tidesdk\sdk\win32\1.3.1-beta\installer d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying runtime d:\lab\tidesdk\trial\packages\win32\bundle\trial -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\app\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\codec\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\mod
Read more