|
|
Posted by frizzle on 04/05/06 02:14
Gary L. Burnore wrote:
> On 4 Apr 2006 15:10:39 -0700, "frizzle" <phpfrizzle@gmail.com> wrote:
>
> >Hi,
> >
> >I am at the base of an FTP thingy i'm building, and i noticed that
> >it would only work if i chmod the folder 777, i thought to remember
> >correctly that previously on another site chmod 744 was enough,
> >now it isn't.
> >Am i mistaking, and should it always be 777 ? And isn't a chmodded
> >777 folder much more vulnerable?
>
>
> Most definitely more vulnerable.
>
>
> You want 755, not 744. You need the x bit set. It should look like
> this:
>
> drwxr-xr-x ... ...
>
>
> The x on a directory means search, not execute. If you can't search
> the directory, you can't read the files in it.
>
> If you want people to be able to find the files but not list the
> directory when they're on the server, you can set the directory as 711
> which would look like:
>
> drwx--x--x ... ...
>
>
>
> >Frizzle.
> >
> >
> >Code sofar below:
> >
> >
> >++++++++++++++++++++++++++
> ><?php
> >
> > require_once('../inc/globals.php');
> >
> > if( isset( $_FILES['image'] ) ){
> >
> >$ftp_conn = @ftp_connect( $default_ftp_server )or
> >die('<b>Error!</b>');
> >@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
> >die('<bError!</b>');
> >
> >$uploaddir = '../items/';
> >$uploadfile = $uploaddir . basename( $_FILES['image']['name'] );
> >
> >if ( move_uploaded_file( $_FILES['image']['tmp_name'], $uploadfile ) ){
> > echo "File is valid, and was successfully uploaded.";
> >} else {
> > echo "Possible file upload attack!";
> >};
> >
> >ftp_close( $ftp_conn );
> >
> >};
> >
> >?>
> ><form action="<?php echo $PHP_SELF; ?>" method="post"
> >enctype="multipart/form-data" name="images" target="_top" id="images"
> >class="form">
> > <input name="image" type="file" id="image">
> > <br>
> > <input type="submit" name="upload" id="upload" value="Upload">
> > <input name="cancel" type="button" id="cancel" value="Cancel"
> >onClick="javascript:history.go(-1) ">
> ></form><?php
> >
> > if (is_dir($uploaddir)) {
> > if ($dh = opendir($uploaddir)) {
> > while (($file = readdir($dh)) !== false) {
> > if ($file !== '..' && $file !== '.') echo "filename: $file :
> >filetype: " . filetype($uploaddir . $file) . "<br>\r\n";
> > }
> > closedir($dh);
> > }
> > };
> >
> >?>
> >----------------------------------------------------
> --
> gburnore at DataBasix dot Com
> ---------------------------------------------------------------------------
> How you look depends on where you go.
> ---------------------------------------------------------------------------
> Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> | ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
> Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
> ===========================================================================
Hmm, i still get an error; i chmodded both the destination folder AND
the executing script-file 755.
Warning: move_uploaded_file(../items/bg.jpg): failed to open stream:
Permission denied in
/home/httpd/vhosts/domain.com/httpdocs/new/admin/ftptest.php on line 15
Read mode Write mode Execute/search mode
Owner + + +
Group + - +
Others + - +
Frizzle.
Navigation:
[Reply to this message]
|