Mjhd Mjhd - 3 months ago 18
PHP Question

simple upload form & double extension

I made a simple upload form, but when I try to upload something, the name of the file changes (ex :

photo.jpg
>>
photo.jpg.jpg
- double extension).

My code:

$place = realpath($_SERVER["PHP_SELF"]);
$name = $place.$_FILES['file']['name'];
$f1 = strchr($name,'.');
$f2 = strtolower($f1);
$name = $place.$name.$f2;

if ($_POST['up']) {

if (file_exists($name)) {
echo '[-] The File Already Exist ! ';
} else {
$upload = move_uploaded_file($_FILES['file']['tmp_name'],$name);
}
if (isset($upload)) {
echo '[+] The File "'.$_FILES['file']['name'].'" uploaded succsessfully';
}
}

Answer

This is because how you create the $name variable.

You first create $name = $place.$_FILES['file']['name']; Where $_FILES['file']['name'] is the full name of the file. With the extension.

After that you say that $name is the path (which makes no logic) and you add the full name of the file and the extension again. Just remove the second $name = $place.$name.$f2;

Comments