My file upload routine first checks to make sure the user is logged in to the wordpress application which is hosting the upload form…CHECK!
Here is the code at the top of my uploader utility that does this…
if (!is_user_logged_in()){
die("You Must Be Logged In to Access This");;
}
So far so good. Now I’m seeking to further secure the upload utility to prevent malicious scripts from being extracted from the uploaded zip files (the upload requires a zip file).
The downside to using a zip, I presume, is that it can contain any number or type of files that might make it more complicated to handle than otherwise.
So my question is for tips on how to further secure this uploader to make sure no malicious files are sent. The desired allowed files are .php, .jpg, .gif, .png
Your approach goes the wrong way. You need to make sure that none of the files in the ZIP file are ever going to be used in a situation in which malicious files could do any damage.
You will never be able to guarantee that an uploaded ZIP file contains only non-malicious data. To do that, you would have to virus scan it, parse the containing PHP code, and whatnot.
Just see that whatever maliciousness is contained, can never unfold.
For PHP scripts, for example, you would have to ensure that they are not stored anywhere where they can be called from the outside, and executed.
For images…. Well, if you want to make totally sure they don’t contain any exploits that attack image displaying components, you could always copy them using PHP´s
gdfunctions, destroying any EXIF Metadata (and probably any other harmful stuff) in the process.There is still some basic sanitation one could and should do.
Check out this question (link below, markdown seems broken right now) for more reading on the issue – especially bobince’s answer and the link he posts. That taught me a lot.
How to make a safe file upload script in php?