有没有办法验证PDF文件? [英] Is there a way to validate a pdf file?
问题描述
我希望为我的客户提供一种将pdf上传到他们网站上的方法。是
有任何脚本可用于区分真正的pdf
文件和带有.pdf的恶意文件。扩展名?
***firewoodtimescribió/写道(Wed,2008年9月10日16:53:51 -0400):
< blockquote class =post_quotes>
我想给我的客户一种将pdf上传到他们网站上的方法。是
有任何脚本可用于区分真正的pdf
文件和带有.pdf的恶意文件。延期?
每次上传时,做一些服务器端MIME类型总是一个好主意
猜测。在PHP中,你有一个不推荐使用的内置函数:
http://es2.php.net/manual/en/functio...ntent-type.php
....和PECL扩展(见上页链接)
如果它是Unix主机,你可以使用优秀的文件。程序:
file -bi README
text / plain; charset = utf-8
从PHP执行它很容易。
打击恶意上传是另一个知识领域。
-
- http://alvaro.es - álvaroG。Vicario - 西班牙布尔戈斯
- Mi sitiosobreprogramaciónweb: http://bits.demogracia.com
- Mi web de humor en cubitos: http://www.demogracia.com
-
9月10日,4日:53 * pm,firewoodtim< firewood ... @ cavtel.netwrote:
我想给我的客户一种将pdf上传到他们网站上的方法。是
有任何脚本可用于区分真正的pdf
文件和带有.pdf的恶意文件。延期? * *
您可以检查文件的前5个字符,如果是真实的pdf,它们包含%PDF-
。接下来的4个包含版本(即1.2)
Bill H
I want to give my customers a way to upload pdf''s onto their sites. Is
there any script that can be used to distinguish between a true pdf
file and a malicious file with a ".pdf" extension?
*** firewoodtim escribió/wrote (Wed, 10 Sep 2008 16:53:51 -0400):I want to give my customers a way to upload pdf''s onto their sites. Is
there any script that can be used to distinguish between a true pdf
file and a malicious file with a ".pdf" extension?On every upload it''s always a good idea to do some server-side MIME type
guessing. In PHP you have a deprecated builtin function:
http://es2.php.net/manual/en/functio...ntent-type.php
.... and a PECL extension (see link in the above page)
If it''s a Unix host, you can probably use the excellent "file" program:
file -bi README
text/plain; charset=utf-8
It''s easy to execute it from PHP.
Fighting malicious uploads is another field of knowledge.
--
-- http://alvaro.es - álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor en cubitos: http://www.demogracia.com
--
On Sep 10, 4:53*pm, firewoodtim <firewood...@cavtel.netwrote:I want to give my customers a way to upload pdf''s onto their sites. Is
there any script that can be used to distinguish between a true pdf
file and a malicious file with a ".pdf" extension? * *You can check the first 5 characters of the file, they contain %PDF-
if it is a real pdf. The next 4 contain the version (ie 1.2 )
Bill H
这篇关于有没有办法验证PDF文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!