From bce548c4ceef76e0c9b15687540e50ceeb10d16f Mon Sep 17 00:00:00 2001 From: qfdong-github Date: Thu, 20 Aug 2020 08:23:34 +0800 Subject: [PATCH] Add files via upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 图片格式校验 --- src/include/uploadsafe.inc.php | 67 ++++++---------------------------- 1 file changed, 12 insertions(+), 55 deletions(-) diff --git a/src/include/uploadsafe.inc.php b/src/include/uploadsafe.inc.php index 2338a012..ccc561ed 100755 --- a/src/include/uploadsafe.inc.php +++ b/src/include/uploadsafe.inc.php @@ -1,13 +1,4 @@ $_value) ${$_key.'_name'} = $_FILES[$_key]['name']; ${$_key.'_type'} = $_FILES[$_key]['type'] = preg_replace('#[^0-9a-z\./]#i', '', $_FILES[$_key]['type']); ${$_key.'_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#','',$_FILES[$_key]['size']); - - if (is_array(${$_key.'_name'})) { - if (count(${$_key.'_name'}) > 0) { - foreach (${$_key.'_name'} as $key => $value) { - if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) { - if(!defined('DEDEADMIN')) - { - exit('Not Admin Upload filetype not allow !'); - } - } - } - } - } else { - if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) ) + if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) ) + { + if(!defined('DEDEADMIN')) { - if(!defined('DEDEADMIN')) - { - exit('Not Admin Upload filetype not allow !'); - } + exit('Not Admin Upload filetype not allow !'); } } - - if(empty(${$_key.'_size'})) { - ${$_key.'_size'} = @filesize($$_key); + ${$_key.'_size'} = @filesize($$_key); } + $imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp"); if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit('Upload filetype not allow !'); } } $imtypes = array ( @@ -75,30 +49,13 @@ foreach($_FILES as $_key=>$_value) "image/xpng", "image/wbmp", "image/bmp" ); - if (is_array(${$_key.'_type'})) { - if (count(${$_key.'_type'}) > 0) { - foreach (${$_key.'_type'} as $key => $value) { - if(in_array(strtolower(trim($value)), $imtypes)) - { - $image_dd = @getimagesize($$_key); - if (!is_array($image_dd)) - { - exit('Upload filetype not allow !'); - } - } - } - } - } else { - if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) + if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) + { + $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } + if (!is_array($image_dd)) { - $image_dd = @getimagesize($$_key); - if (!is_array($image_dd)) - { - exit('Upload filetype not allow !'); - } + exit('Upload filetype not allow !'); } } - - } ?> \ No newline at end of file