PHP condition with IF working incorrect

Question

I have the following code, and when I upload a file with named "abc.htaccess" then it works correctly by showing "attacked", but when I upload abc.php or abcphp file name, then it tell me file is uploaded. So what's condition of if(false && true) (same as upload .php file) and if(true && true) (same as upload .htaccess file).

<!DOCTYPE html>
<html>
<body>
    <form action="" method="post" enctype="multipart/form-data">
        Select image to upload: <input type="file" name="fileToUpload" id="fileToUpload"><input type="submit" value="Upload Image" name="submit">
    </form>
    <br />
    <br />
    <?php
        $target_dir = "./";
        $target_file =  $target_dir . $_FILES["fileToUpload"]["name"];

        echo "Filename: " . $_FILES["fileToUpload"]["name"];
        var_dump(strpos(strtolower($_FILES["fileToUpload"]["name"]),"php"));
        var_dump(strpos(strtolower($_FILES["fileToUpload"]["name"]), "htaccess"));

        if(1==1 && 1==2){
            echo "Condition test: 1==1 && 1==2";
        }
        if(1==1 && 2==2){
            echo "Condition test: 1==1 && 2==2";
        }

        if((strpos(strtolower($_FILES["fileToUpload"]["name"]),"php") == false) && (strpos(strtolower($_FILES["fileToUpload"]["name"]), "htaccess") == false)){
            if(isset($_POST["submit"])) {
                move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_file);
                echo "Uploaded file: <a href='http://" .$_SERVER['SERVER_NAME'] . "/" . $_FILES["fileToUpload"]["name"] . "' target='_blank'>" . $_FILES["fileToUpload" . "</a>";
                echo "File uploaded";
            }
        }else{echo "attacked";}
    ?>

Result of 2 upload time like this:

<pre>
    1st:
        Filename: phpminiadmin.phpint(0)
        bool(false)
        Condition: 1==1 && 2==2Uploaded file: <a href="http://domain.com/phpminiadmin.php" target="_blank">phpminiadmin.php</a>

    2nd:
        Filename: desktop.htaccessbool(false)
        int(8)
        Condition: 1==1 && 2==2attacked
</pre>

`==` is a loose comparison. You need `===` in order to enforce a strict type and value comparison. In PHP `if(FALSE == 0){ /* This code executes */ }` but `if(FALSE === 0){ /* This code does not execute */ }` — MonkeyZeus, May 13 '15 at 20:05
Another way is to avoid returning 0, by any other value, then it will work. — JWC May, May 24 '19 at 03:30

score 0 · Accepted Answer · answered May 13 '15 at 20:31

0

your code is returning a 0 when evaluating the string position for the file "phpminiadmin.php" and thus "==" interprets that as FALSE.

As an example try using the filename, "aphpminiadmin.php". Your code will then work correctly because strpos returns a 1 which is clearly not false.

Thus, the change that MonkeyZeus suggests will fix the issue.

MonkeyZeus - hope you don't mind my piggybacking on your answer. 'Just thought the example more clearly illustrated the problem.

answered May 13 '15 at 20:31

Craig

456
5
14

Thanks. I changed to === then it worked: if((strpos(strtolower($_FILES["fileToUpload"]["name"]),"php") === false) && (strpos(strtolower($_FILES["fileToUpload"]["name"]), "htaccess") === false)){ – Nguyen Thu May 15 '15 at 01:52

PHP condition with IF working incorrect

1 Answers1