Wherever I look on the difference between PHP functions’ rename and move_uploaded_file it always says that the difference is that move_uploaded_file have some security features.
My questions are:
- what are those security features, what happen if I don’t use it?
- In case that I can’t use it (I did an upload but not through POST) so I have to use the
renamefunction, what security measures do I need to take?
Thanks.
Edit
@Pekka asked from me to elaborate of how I plan to upload the file.
I’m going to upload files through Ajax, and I have some queue feature for uploading multiples files. Therefore I’m using the php://input stream.
If I understand Pekka answer correctly, I have nothing to worry about since I’m getting the file as a stream and I’m not copying any temp file.
Please correct me if I’m wrong.
The background of this was an ancient, pretty bad vulnerability (in the early 2000s) in which you, instead of uploading an actual file, you could overwrite the
tmp_filepath with a local file path, leading to that local file being treated as the upload instead of the real uploaded file. (There was no$_FILESarray back then.)So for example, when uploading an avatar, the script would
copy()the system file you specified (say, a configuration file../../super_secret/config.phpor a.htpasswd) to a public location and try to display it as the avatar image in a<img>tag.Strangely, I’m unable to find any specific info on this vulnerability (I’ve searched a number of times already over the past couple of years), but I know for a fact it existed because I tested it myself. Any links are welcome.
As to what security measures to take, as said in the comment, I think you need to explain in more detail what kind of alternative file upload you are planning to use.