阻止PHP中用png或jpg重命名的gif上传图像
[英]Block upload gif image renamed with png or jpg in PHP
问题描述
I've a upload system and the user only can upload png and jpg images, but, if user rename the gif image with .png , for example, the system upload the gif image normally, so, how to do to block the gif images and others extensions that are not png or jpg ? 
我有一个上传系统,用户只能上传png和jpg图像,但是,例如,如果用户使用.png重命名gif图像,则系统会正常上传gif图像,因此,如何阻止gif图像以及其他不是png或jpg的扩展名? My code: 我的代码:
$imageNameBefore = $_FILES["the_image"]["name"];
$imageNameBeforeExt = basename($nomeImgAntes);
$imageNameExt = pathinfo($imageNameBeforeExt, PATHINFO_EXTENSION);
$allowedExt = array("jpg", "jpeg", "png");
if(!in_array($imageNameExt, $allowedExt )) {
echo "Only images with extensions jpg or png are accepted!";
} else {
$imageNameTmp = $_FILES["the_image"]["tmp_name"];
$imageNameDir = "../photos";
$nameImageEnd = md5($imageNameTmp).$imageNameExt;
move_uploaded_file($imageNameTmp, ($imageNameDir.$nameImageEnd));
imagedestroy($imageNameTmp);
}
1 个解决方案
解决方案1
0 已采纳 2015-06-29 02:42:57
Insteadof checking the file name check the contents of the file by either "parsing" the entire contents (ie loading the image eg into gd) or via magic bytes (ie some parts of the file that must be present and contain specific values to have at least a chance of being a valid png/jpeg image). 代替检查文件名,而是通过“解析”整个内容(即将图像加载到gd中)或通过魔术字节(即文件的某些部分必须存在并包含要包含的特定值)来检查文件的内容至少有机会成为有效的png / jpeg图片)。
see 看到
- http://docs.php.net/function.finfo-file -http://docs.php.net/function.finfo-文件
- http://docs.php.net/function.imagecreatefromjpeg -http://docs.php.net/function.imagecreatefromjpeg
- http://docs.php.net/function.imagecreatefrompng -http://docs.php.net/function.imagecreatefrompng
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.