image.png
先看下源码(源码没提供, 这只能由果推因了)
function global_filter(){
$type = $_SERVER["CONTENT_TYPE"];
if (strpos($type,"multipart/form-data") !== False){ # 这里对multipart/form-data 做了判断 不能为它 故大写绕过。
$file_ext = substr($_FILES["file"]["name"], strrpos($_FILES["file"]["name"], '.')+1);
$file_ext = strtolower($file_ext);
if (stripos($file_ext,"php") !== False){
die("Invalid File
");
}
}
}
?>
";
}
else{
if (!file_exists('./upload/')){
mkdir ("./upload/");
system("chmod 777 /var/www/html/upload");
}
move_uploaded_file($_FILES["file"]["tmp_name"],"upload/" . $_FILES["file"]["name"]);
echo "Upload Success
";
$filepath = "upload/" . $_FILES["file"]["name"];
echo "Stored in: " ."" . $filepath . "
";
}
}
}
else{
if($_FILES["file"]["size"] > 0){
echo "You was catched! :)
";
}
}
?>