is this code safe? (download.php)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jonwondering
Forum Commoner
Posts: 39
Joined: Mon Mar 13, 2006 6:26 pm

is this code safe? (download.php)

Post by jonwondering »

Just wondering, when this code is used to download an image off of the website (not localhost), is the code safe? I read something somewhere that said it's possible to do an overflow attack on it by modifying the image file:

Code: Select all

$filename = 'http://whatever.com/image.jpg';
header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\"");
header("Content-Type: application/octet-stream");
header("Content-Length: " . basename(filesize($filename)));
header("Pragma: no-cache");
header("Expires: 0");
readfile($filename);
And let's say the code checks to make sure that the filename is a valid image. Thanks.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Seems fine with one exception. You've got basename() & filename() in reversed positions for the Content-Length header. You want:

Code: Select all

filesize(basename($filename))
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
jonwondering
Forum Commoner
Posts: 39
Joined: Mon Mar 13, 2006 6:26 pm

Post by jonwondering »

oh dang, i didn't even notice that... thanks.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

This is an old vulnerability (2003).. so keep your versions up to date (specifically mod_security apache module) and you'll be fine :)

http://securitytracker.com/alerts/2003/Oct/1008025.html
jonwondering
Forum Commoner
Posts: 39
Joined: Mon Mar 13, 2006 6:26 pm

Post by jonwondering »

Cool. So I should be good then... Thanks again.
Post Reply