¾È³çÇϼ¼¿ä...
»êÀÌ´ÔÀÌ phpschool¿¡ ¿Ã·ÁÁֽŠ³»¿ë¿¡ ´ëÇÑ ¹®ÀÇ°¡ ÀÖ¾î ÀÌ·¸°Ô ±ÛÀ» ¿Ã¸²´Ï´Ù.
À̺¥Æ® Çڵ鷯¿¡ ´ëÇÑ ¾×¼ÇÀÌ µ¿ÀÛÇÒ¶§ Á¦ÀϾƷ¡ÂÊÀÇ
readfile($img);
¿¡ ÀÇÇØ À̹ÌÁö°¡ Ãâ·ÂµÇ´Â °Í °°Àºµ¥ ..
Á¦°¡ testÇØ º¸´Ï À̹ÌÁö¸¦ "aa.jpg"¸¦
¾ÆÆÄÄ¡ ¿¡·¯·Î±×¿¡ /action.php/aa.jpg¿¡¼
ã´Â ·Î±×°¡ ³²´õ¶ó±¸¿ä ...
ÀÌ°ÍÀ» ¾îÂîÇØ¾ß ÇÏ´ÂÁö ..
Action¿¡ ´ëÇØ debug ÇÏ´Â ¹æ¹ýÀ̶û ¾à°£ÀÇ ¼³¸íÀ» ºÎŹ µå¸³´Ï´Ù.
°¨»ç ÇÕ´Ï´Ù.
//--- ÷ºÎ//---
[Tue Sep 23 18:59:02 2003] [error] [client 218.39.201.56] File does not exist:
/usr/local/httpd/htdocs/test/actimg.php/aa/a.jpg, referer: http://61.100.5.66/test.php
AddHandler chk-image .gif .png .jpg .jpeg .swf
Action chk-image /actimg.php
ÀÌ·¸°Ô ¼³Á¤ÇÏ°í,
DocumentRoot/actimg.php ÆÄÀÏ¿¡ ´ÙÀ½°ú °°Àº ºñ½ÁÇÑ ¹æ¹ýÀ¸·Î üũÇÏ°í
À̹ÌÁö¸¦ Ŭ¶óÀ̾ðÆ®¿¡°Ô Àü¼ÛÇÏ¸é µË´Ï´Ù.
<?php
## get file extension(tail)
##
function get_ftail($file)
{
$tail = substr(strrchr($file,'.'),1);
return strtolower($tail);
}
function get_stype($ftail)
{
$stype = array
(
'gif' => 'image/gif',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'png' => 'image/png',
'swf' => 'application/x-shockwave-flash',
);
return $stype[$ftail];
}
if(!preg_match(";$_SERVER[HTTP_HOST];",$_SERVER[HTTP_REFERER]))
{ exit; }
if(!file_exists($img=$_SERVER[PATH_TRANSLATED]))
{ exit; }
## ±×¿Ü $_COOKIE µîµî üũ
$header = get_stype(get_ftail($_SERVER[PATH_INFO]));
header('Content-type:'.$header);
readfile($img);
exit; // don't print any messages
?>
|