PHP上传文件验证 [英] PHP Upload File Validation
问题描述
允许的扩展名是:
$ allowed_extensions = array('gif','jpg','png','swf','doc','docx','pdf' , '拉链', 'RAR', 'RTF', 'PSD');
以下是我正在做的事情列表。
-
检查文件扩展名
$ path_info = pathinfo($ filename);
if(!in_array($ path_info ['extension'],$ allowed_extensions)){
die('File#'。$ i。':不扩展的文件扩展名');
-
检查文件MIME类型
$ allowed_mimes = array('image / jpeg','image / png','image / gif','text / richtext','multipart / x-zip , '应用程序/ x-冲击波闪光', '应用程序/ msword', '应用程序/ PDF', '应用程序/ x-RAR压缩的', '图像/ vnd.adobe.photoshop');
if(!in_array(finfo_file($ finfo,$ file),$ allowed_mimes)){
die('File#'。$ i。':Incorrent mime type。');
-
检查文件大小
我该如何确保上传的文件是有效的文件?我注意到奇怪的事情。我把.jpg文件扩展名改为.zip,并且上传了。我以为它会有不正确的MIME类型,但之后,我注意到我没有检查一个特定的类型,但如果一个特定的MIME类型存在数组中。我会稍后解决,这对我来说没有任何问题(当然,如果你有任何好的解决方案/想法,请不要犹豫,分享它)。
我知道如何处理图像(尝试调整大小,旋转,裁剪等),但不知道如何验证其他扩展名。
现在是我的问题了。
- 你知道验证这些文件的好技巧吗?也许我应该解压缩.zip / .rar文件的档案,但文档(doc,pdf)怎么样?
- 旋转,调整.psd文件的大小。
- 基本上我以为.psd文件具有以下MIME:application / octet-stream,但当
我尝试上传.psd文件显示我(图像/ vnd.adobe.photoshop)。我对此有点困惑。 Do文件总是有相同的MIME类型吗?
另外,我不能强制代码块工作。有没有人有猜测为什么?
大量的文件格式有一个相当标准的起始字节集来表示格式。如果您对前几个字节进行二进制读取,并根据已知格式的起始字节对其进行测试,则应该是确认文件类型与扩展名相匹配的一种相当可靠的方式。
<例如,JPEG的起始字节是0xFF,0xD8;所以像这样:
$ fp = fopen(filename.jpg,rb);
$ startbytes = fread($ fp,8);
$ chunked = str_split($ startbytes,1);
if($ chunked [0] == 0xFF&& $ chunked [1] == 0xD8){
$ exts [] =jpg;
$ exts [] =jpeg;
}
然后检查exts。
可以工作。
I am creating file upload script and I'm looking for the best techniques and practices to validate uploaded files.
Allowed extensions are:
$allowed_extensions = array('gif','jpg','png','swf','doc','docx','pdf','zip','rar','rtf','psd');
Here's the list of what I'm doing.
Checking file extension
$path_info = pathinfo($filename); if( !in_array($path_info['extension'], $allowed_extensions) ) { die('File #'.$i.': Incorrent file extension.'); }
Checking file mime type
$allowed_mimes = array('image/jpeg','image/png','image/gif','text/richtext','multipart/x-zip','application/x-shockwave-flash','application/msword','application/pdf','application/x-rar-compressed','image/vnd.adobe.photoshop'); if( !in_array(finfo_file($finfo, $file), $allowed_mimes) ) { die('File #'.$i.': Incorrent mime type.'); }
Checking file size.
What should I do to make sure uploaded files are valid files? I noticed strange thing. I changed .jpg file extension to .zip and... it was uploaded. I thought it will have incorrect MIME type but after that I noticed I'm not checking for a specific type but if a specific MIME type exist in array. I'll fix it later, that presents no problems for me (of course if you got any good solution/idea, do not hesitate to share it, please).
I know what to do with images (try to resize, rotate, crop, etc.), but have no idea how to validate other extensions.
Now's time for my questions.
- Do you know good techniques to validate such files? Maybe I should unpack archives for .zip/.rar files, but what about documents (doc, pdf)?
- Will rotating, resizing work for .psd files?
- Basically I thought that .psd file has following mime: application/octet-stream but when
I tried to upload .psd file it showed me (image/vnd.adobe.photoshop). I'm a bit confused about this. Do files always have the same MIME type?
Also, I cannot force code block to work. Does anyone have a guess as to why?
Lots of file formats have a pretty standard set of starting bytes to indicate the format. If you do a binary read for the first several bytes and test them against the start bytes of known formats it should be a fairly reliable way to confirm the file type matches the extension.
For example, JPEG's start bytes are 0xFF, 0xD8; so something like:
$fp = fopen("filename.jpg", "rb");
$startbytes = fread($fp, 8);
$chunked = str_split($startbytes,1);
if ($chunked[0] == 0xFF && $chunked[1] == 0xD8){
$exts[] = "jpg";
$exts[] = "jpeg";
}
then check against the exts.
could work.
这篇关于PHP上传文件验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!