关于php文件上传漏洞的处理

1.判断后缀是 .php

2.在apache里面需要额外判断 .pht、.phtml

引用原文: so if we upload test.pht/.phtml file, apache aslo will parser it as php file, so we can execute any php code

原文地址: https://www.seebug.org/vuldb/ssvid-97969