Why filename.php.jpg will work as a PHP file?
Apache controls what file extensions can and cannot execute PHP. This can be controlled on a server-level, or a per-site level (such as with .htaccess
).
By default, a .jpg
extension should not allow PHP execution. Perhaps the filename was really index.jpg.php
and you have misread. However, in the event that the filename is really index.php.jpg
, you'll need to look into all possible locations and lock-down your configuration to only allow .php
extensions to execute PHP.
how to execute jpg or other extensions like php
You can't execute JPEG files per se, but you can have them be a PHP script that generates JPEG data to use in e.g. a <img>
tag.
You need to set the handler for the file to application/x-httpd-php
, output a content type of image/jpeg
in the script, and, most importantly, output JPEG data. Might want to consider naming it <something>.jpg.php
so you don't have to do the first one though, since that's server configuration.
PHP: When I save JPG image the file extension is always missing
Your code $key = basename($img,'.jpg').PHP_EOL;
has a PHP_EOL
at the end, saying that the line ends here, "discarding" anything after it when assembling your filename.
Change $key = basename($img,'.jpg').PHP_EOL;
to $key = basename($img,'.jpg');
to have your file extension appended.
How to stop a file named filename.php.jpg from uploading
Take a look at the finfo
extension, this allows you to determine the true file type as it sniffs the file type at the OS level.
http://php.net/manual/en/function.finfo-file.php
As finfo
is an extension it will need to be installed and enabled.
http://php.net/manual/en/fileinfo.installation.php
Example
$path = $_FILES[$key]['tmp_name'],$uploaddir.'/'.$name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$whitelist = array('image/jpg');
if (in_array(finfo_file($finfo, $path), $whitelist) && move_uploaded_file($path))
{
chmod($uploaddir.'/'.$name, 0644);
}
Related Topics
Laravel - Model Class Not Found
Invoke External Shell Script from PHP and Get Its Process Id
How to Set the Cookie Content with Curl
Xml Parse Error - Extra Content at the End of the Document
Foreach Value from Post from Form
Pushnotification Server Side Implementation
Is Is Bad Practice to Use Array_Walk with MySQLi_Real_Escape_String
How to Convert Array Values to Lowercase in PHP
Is_Null($X) VS $X === Null in PHP
SQL Query, Select Nearest Places by a Given Coordinates
How to Include a PHP.Ini File in Another PHP.Ini File
%2F in Url Breaks and Does Not Reference to the .PHP File Required
How to Execute a Stored Procedure in PHP Using SQLsrv and "" Style Parameters
PHP Try-Catch Blocks: Are They Able to Catch Invalid Arg Types
Pdoexception "Could Not Find Driver" in PHP