I am using this script to upload file to the system with apache2 as server and php7.
If I provide filename as ../../../../tmp/data.png of uploaded file, then also the file gets uploaded to /var/up/data.png.
<?php
$errors = (); // Store errors here
$fileName = $_FILES('the_file')('name');
$fileSize = $_FILES('the_file')('size');
$fileTmpName = $_FILES('the_file')('tmp_name');
$fileType = $_FILES('the_file')('type');
$fileExtension = strtolower(end(explode('.',$fileName)));
if (isset($_POST('submit'))) {
if ($fileSize > 4000000) {
$errors() = "File exceeds maximum size (4MB)";
}
if (empty($errors)) {
$didUpload = move_uploaded_file($fileTmpName, "/var/up/". basename($fileName));
if ($didUpload) {
echo "The file " . basename($fileName) . " has been uploaded";
} else {
echo "An error occurred. Please contact the administrator.";
}
} else {
foreach ($errors as $error) {
echo $error . "These are the errors" . "n";
}
}
}
else{
echo "Bruhh!";
}
?>
I don’t understand why is this happening?
