驗(yàn)證用戶上傳的圖像文件類型是否真實(shí)可靠

在網(wǎng)絡(luò)開發(fā)中經(jīng)常需要用戶上傳文件,一般的做法都是驗(yàn)證用戶上傳文件的后綴名是不是在自己限定的范圍內(nèi),比如jpg,png.這種方式有個(gè)bug就是用戶可以自己修改用戶名,比如把一個(gè)1.txt文件改成1.png文件上傳,這樣上傳的文件就不是我們需要的,所以在服務(wù)端還要在判斷下文件的mimie

這時(shí)候就需要用到這兩個(gè)函數(shù)finfo_open()和finfo_file,php5.3以后需要打開extension=php_fileinfo.dll

直接擼代碼:

?function checkTpe($type,$filepath){

if(!file_exists($filepath)){

return false;

}

$extensions = [

'image/bmp' => 'bmp',

'image/x-ms-bmp' => 'bmp',

'image/cgm' => 'cgm',

'image/g3fax' => 'g3',

'image/gif' => 'gif',

'image/ief' => 'ief',

'image/jpeg' => 'jpeg',

'image/pjpeg' => 'jpeg',

'image/ktx' => 'ktx',

'image/png' => 'png',

'image/prs.btif' => 'btif',

'image/sgi' => 'sgi',

'image/svg+xml' => 'svg',

'image/tiff' => 'tiff',

'image/vnd.adobe.photoshop' => 'psd',

'image/vnd.dece.graphic' => 'uvi',

'image/vnd.dvb.subtitle' => 'sub',

'image/vnd.djvu' => 'djvu',

'image/vnd.dwg' => 'dwg',

'image/vnd.dxf' => 'dxf',

'image/vnd.fastbidsheet' => 'fbs',

'image/vnd.fpx' => 'fpx',

'image/vnd.fst' => 'fst',

'image/vnd.fujixerox.edmics-mmr' => 'mmr',

'image/vnd.fujixerox.edmics-rlc' => 'rlc',

'image/vnd.ms-modi' => 'mdi',

'image/vnd.ms-photo' => 'wdp',

'image/vnd.net-fpx' => 'npx',

'image/vnd.wap.wbmp' => 'wbmp',

'image/vnd.xiff' => 'xif',

'image/webp' => 'webp',

'image/x-3ds' => '3ds',

'image/x-cmu-raster' => 'ras',

'image/x-cmx' => 'cmx',

'image/x-freehand' => 'fh',

'image/x-icon' => 'ico',

'image/x-mrsid-image' => 'sid',

'image/x-pcx' => 'pcx',

'image/x-pict' => 'pic',

'image/x-portable-anymap' => 'pnm',

'image/x-portable-bitmap' => 'pbm',

'image/x-portable-graymap' => 'pgm',

'image/x-portable-pixmap' => 'ppm',

'image/x-rgb' => 'rgb',

'image/x-tga' => 'tga',

'image/x-xbitmap' => 'xbm',

'image/x-xpixmap' => 'xpm',

'image/x-xwindowdump' => 'xwd'

];

$fg = finfo_open(FILEINFO_MIME_TYPE);

$mime = finfo_file($fg,$filepath);

finfo_close($fg);

if($extensions[$mime] && $extensions[$mime]==$type){

return true;

}

return false;

}

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容