使用 ftp 详细信息通过 php 上传 php 文件正在执行 php 而不是上传原始 php 文件
我正在尝试使用 ftp 详细信息通过 php 上传 PHP 文件,如下所述。
// retrieve name of the file to be uploaded
$source_file=$site_url."IMlobby/IMlobby".$_SESSION['zip_name']."/".$filename;
$fp = @fopen($source_file, 'r');
$destination_file=$filename;
//$upload = ftp_fput($conn_id, $destination_file, $fp, FTP_ASCII);
$upload = ftp_put($conn_id, $destination_file, $source_file, FTP_ASCII);
// check upload status
if(!$upload){
$errorMSG.="FTP upload has failed!" ;
这里的问题是,这些文件包含应该在远程服务器上的 PHP 代码,但 PHP 正在执行,而我在远程服务器上得到的只是 HTML。
请帮忙!
I'm trying to upload PHP file via php using ftp details as mentioned below.
// retrieve name of the file to be uploaded
$source_file=$site_url."IMlobby/IMlobby".$_SESSION['zip_name']."/".$filename;
$fp = @fopen($source_file, 'r');
$destination_file=$filename;
//$upload = ftp_fput($conn_id, $destination_file, $fp, FTP_ASCII);
$upload = ftp_put($conn_id, $destination_file, $source_file, FTP_ASCII);
// check upload status
if(!$upload){
$errorMSG.="FTP upload has failed!" ;
Here the issue that these files contain PHP code that should be there on remote server but the PHP is getting executed and what I'm getting on the remote server is just HTML.
Please help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果文件是本地托管的,则不要通过其 URL 打开文件。请改用其本地路径。
如果您不知道本地路径是什么 - 使用 $_SERVER["DOCUMENT_ROOT"] 来查找。
If file is locally hosted, do not open file by its URL. Use its local path instead.
If you do not know what your local path is - use $_SERVER["DOCUMENT_ROOT"] to find out.
只需以 .phps 结尾命名文件(或者更好的是,在上传之前自动重命名),
如果您允许由服务器执行的 php 文件上传,则这是一个主要的安全漏洞。您可以读取服务器上可由 httpd 守护进程读取的所有文件。
just name the file with an .phps ending (or better, rename it automatically before uploading)
its a major security hole if you allow php file uploads which are executed by the server. you can read all files on the server which are readable by the httpd daemon.