HEX
Server: nginx/1.24.0
System: Linux prod-btpayments-io 6.14.0-1018-aws #18~24.04.1-Ubuntu SMP Mon Nov 24 19:46:27 UTC 2025 x86_64
User: ubuntu (1000)
PHP: 8.3.19
Disabled: NONE
$ pwd: /var/www/BtMiners/BtMiners-store/
Upload Files
File: /var/www/BtMiners/BtMiners-store/show_img.php
<?php
    if (empty($_GET['file'])) {
        exit;
    }
    // var_dump($_GET['file']);exit;
    // 获取文件路径
    $file_name = $_GET['file'];
    $file_name = str_replace('https://bt-miners.com/wp-content/uploads/transaction_certificate/','',$file_name);

    $file_name = str_replace('https://www.bt-miners.com/wp-content/uploads/transaction_certificate/','',$file_name);
    $file_name = str_replace('https://testing-25.bt-miners.com/wp-content/uploads/transaction_certificate/','',$file_name);
    
    $upload_dir = './wp-content/uploads/transaction_certificate/';
    $full_path  = $upload_dir . $file_name;

    // 安全检查
    if (!file_exists($full_path) || !is_file($full_path)) {
        echo '文件不存在';
        exit;
    }

    // 获取文件的 MIME 类型
    $mimeType = mime_content_type($full_path);

    header('Content-Type: ' . $mimeType);
    // var_dump($mime['type']);
    header('Content-Length: ' . filesize($full_path));
    // var_dump(filesize($full_path));
    readfile($full_path);
    exit;

?>
@ Telegram