【发布时间】:2014-11-16 12:16:20
【问题描述】:
所以我有这个文件上传系统,它应该只接受 $allowedExts 中的文件类型,但有些人一直用一个名为 angel.jpg.php 的文件破坏系统。我认为他已经改变了 mime 类型,但我仍然想知道他是如何违反扩展检查的。 帮助将不胜感激。提前致谢。
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "doc", "pages", "docx", "pdf","ppt","pptx","xls","xlsx");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
$extension2 = pathinfo($target_file,PATHINFO_EXTENSION);
if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/bmp")
|| ($_FILES["file"]["type"] == "application/msword")
|| ($_FILES["file"]["type"] == "application/x-iwork-pages-sffpages")
|| ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
|| ($_FILES["file"]["type"] == "application/pdf")
|| ($_FILES["file"]["type"] == "application/vnd.ms-powerpoint")
|| ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation")
|| ($_FILES["file"]["type"] == "application/excel")
|| ($_FILES["file"]["type"] == "application/vnd.ms-excel")
|| ($_FILES["file"]["type"] == "application/x-excel")
|| ($_FILES["file"]["type"] == "application/x-msexcel")
|| ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")
&& in_array($extension, $allowedExts) && in_array($extension2, $allowedExts) && getimagesize($_FILES["file"]["name"])!=='FALSE')
{
// Upload file
}
else {
// Do not upload file
}
【问题讨论】:
-
您的逻辑有缺陷,因为扩展的条件是
&&-仅链接到最后一个 mime 类型条件,因为&&的优先级高于||。您需要在所有||-linked 条件周围放置另一组圆括号。 -
尝试通过将 $_FILES["file"]["type"] 放入变量来最小化逻辑条件
-
并且将所有这些非图像mime 类型与
getimagesize结合起来也没有多大意义——我怀疑getimagesize将返回除false之外的任何内容,如果你让它检查f.e.一个excel文档。 -
那我还需要看文件内容吗?
-
删除所有这些并用数组和
in_array($realMimeType, $arrayOfAllowedMimeTypes, true)替换它
标签: php file upload mime-types