Contenu connexe Similaire à Asegúr@IT II - Seguridad en Web (20) Plus de Chema Alonso (20) Asegúr@IT II - Seguridad en Web6. globals if ( $doc ) { echo "<b>Nuevo documento añadido</b><br/>" ; echo "tmp: " . $doc . "</br>" ; echo "Nombre: " . $doc_name . "</br>" ; echo "Tipo: " . $doc_type . "</br>" ; echo "Tamaño: " . $doc_size . "</br>" ; copy ( $doc , $docsPath . $doc_name ); } 8. $_FILES if ( $_FILES ) { echo "<b>Nuevo documento añadido</b><br/>" ; echo "tmp: " . $_FILES [ "doc" ][ "tmp_name" ] . "</br>" ; echo "Nombre: " . $_FILES [ "doc" ][ "name" ] . "</br>" ; echo "Tipo: " . $_FILES [ "doc" ][ "type" ] . "</br>" ; echo "Tamaño: " . $_FILES [ "doc" ][ "size" ] . "</br>" ; if ( is_uploaded_file ( $_FILES [ "doc" ][ "tmp_name" ])) move_uploaded_file ( $_FILES [ "doc" ][ "tmp_name" ], $docsPath . $_FILES [ "doc" ][ "name" ]); else echo "<br/<b>ERROR: No se puede acceder al fichero</b><br/>" ; } 10. $FILES[“doc”][“type”] function tipoValido( $type ) { $tiposValidos = array ( 'image/jpeg' , 'image/gif' , 'image/png' , 'image/bmp' , 'application/pdf' , 'text/plain' ); return ( in_array ( $type , $tiposValidos )); } 12. mime_content_type function tipoValido2( $doc ) { $tiposValidos = array ( 'image/jpeg' , 'image/gif' , 'image/png' , 'image/bmp' , 'application/pdf' , 'text/plain' ); return ( in_array ( trim ( mime_content_type ( $doc )), $tiposValidos )); } 14. $files[“doc”][“name”] function extensionValida( $docName ) { $extensionesProhibidas = array ( 'php' , ); $partes = split ( "" , $docName ); if ( count ( $partes )>1) return (! in_array ( $partes [1], $extensionesProhibidas )); return ( false ); } 16. eregi() function extensionValida2( $docName ) { $extensionesValidas = array ( 'jpg' , 'gif' , 'png' , 'bmp' , 'pdf' , 'txt' ); foreach ( $extensionesValidas as $ext ) if ( eregi ( $ext , $docName )) return ( true ); return ( false ); } 18. extensiones permitidas function extensionValida3( $docName ) { $extensionesValidas = array ( 'jpg' , 'gif' , 'png' , 'bmp' , 'pdf' , 'txt' ); $partes = split ( "" , $docName ); if ( count ( $partes )>1) return ( in_array ( $partes [1], $extensionesValidas )); return ( false ); } 20. ¿que tiene de malo un .txt? function extensionValida4( $docName ) { $extensionesProhibidas = array ( 'php' , 'php3' , 'php4' , 'php5' , 'inc' , 'shtml' ); $partes = split ( "" , $docName ); if ( count ( $partes )>1) return (! in_array ( $partes [ count ( $partes )-1], $extensionesProhibidas )); return ( false ); }