メモ36 - aurora72source2 @ ウィキ

aaa

abc
あああ
漢字

<html>
<head><title>up.php</title></head>
<body>
<p> file uploader </p>
<?php
$updir = "./upload/";

$updir2 = $_POST['updir'];

$filename = $_FILES['upfile']['name'];

$filemode = $_POST['filemode'];

print("updir:");
print("$updir </br>");

print("filename:");
print("$filename </br>");

print("filemode:");
print("$filemode </br>");

$f = escapeshellcmd($filename);
$ft = escapeshellcmd($_FILES['upfile']['tmp_name']);
$m = escapeshellcmd($filemode);
// $fe = escapeshellcmd($_FILES['upfile']['error']);

// $f01 = $updir.$filename;
// $f02 = $updir2.$filename;
// $f03 = $_FILES['upfile']['tmp_name'];

$f01 = $updir.$f;
$f02 = $updir2.$f;
$f03 = $updir.$ft;

print("f01 : <b> $f01 </b> <BR>");
print("f02 : <b> $f02 </b> <BR>");
print("f03 : <b> $f03 </b> <BR>");
print("m   : <b> $m </b> <BR>");

// if (move_uploaded_file($_FILES['upfile']['tmp_name'], $updir.$filename) == FALSE){
if (move_uploaded_file($f03, $f01) == FALSE){

    print("Upload failed");

    $fe = escapeshellcmd($_FILES['upfile']['error']);
    print($fe);

}
else {
    print("<b> $filename </b> uploaded<BR>");

//    print("<b> $filemode </b> change moded<BR>");

//    chmod("/somedir/somefile", 0755);  // 8 進数; 正しいモードの値

// $f = escapeshellcmd($filename);

// ここでは気を遣い、クォートを使用する
// system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");

/*
    if (chmod($updir.$filename, $filemode ) == FALSE){
        print("chmod failed");
    }
    else {
        print("<b> $filemode </b> change moded<BR>");
    }

*/

    $cmd01 = "chmod \"$m\" \"$f01\"";
    print("cmd01 : <b> $cmd01 </b><BR>");

//    $cmd02 = "cp \"$f03\" \"$f02\"";
    $cmd02 = "cp \"$f01\" \"$f02\"";
    print("cmd02 : <b> $cmd02 </b><BR>");

//    $cmd03 = "del \"$f03\"";
    $cmd03 = "del \"$f01\"";
    print("cmd03 : <b> $cmd03 </b><BR>");

//    $cmd04 = "ls -al \"$f03\"";
    $cmd04 = "ls -al \"$f01\"";
    print("cmd04 : <b> $cmd04 </b><BR>");

//    $cmd05 = "ls -al \"$f03\"";
    $cmd05 = "ls -al \"$f02\"";
    print("cmd05 : <b> $cmd05 </b><BR>");

//void passthru ( string $command [, int &$return_var ] )

    if (system("$cmd01" ) == FALSE){
        print("chmod failed");
    }
    else {
        print("<b> $m </b> change moded");
    }

    if (system("$cmd02" ) == FALSE){
        print("cp failed");
    }
    else {
        print("<b> cmd02 </b> ok");
    }

 

}
?>
</body>
</html>

 

perl

 

1: $dir = "/tmp";
2: $str = `/bin/ls -l $dir`;

1: $fFilename = shellEsc($fFilename);
2: $str = system("/bin/ls /tmp/$fFilename");

1: $str = system("/bin/ls /tmp/$fFilename");

sub shellEsc {
  $_ = shift;
  s/([\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\$\n\r])/\\$1/g;
  return $_;
}
$inputChars = "&;`\'\\\"|*?~<>^()[]{}\$\n\r";
print shellEsc($inputChars);

aaa