PHP Snippet #02
Bookmarked!This challenge covers the review of a snippet of code written in PHP
The Code Review Snippet challenges are designed to help you identify vulnerabilities in small code snippets. In this specific lab, we examine a PHP function named addfile
that handles file uploads. The function attempts to restrict uploads to PDF files by using a regular expression. However, the regular expression is flawed because it does not ensure that the file extension ends with '.pdf'. This oversight allows an attacker to upload files with names that include '.pdf' but are not actually PDF files, potentially leading to code execution on the server.
The function concatenates user input and file names to create the file path, checks if the file name contains '.pdf', and moves the uploaded file to the server. The problem lies in the regular expression used to validate the file extension. The absence of a $
at the end of the regular expression allows files with names like 'malicious.pdf.php' to pass the check, posing a significant security risk. This lab is an excellent opportunity to understand the importance of proper input validation and secure file handling in web applications.