public function upload()
{
$album = "./Public/pic/upload";
$user = $_SESSION['youyax_user'];
if ($user == "" || $user == null)
$this->redirect("Index" . C('default_url') . "index" . C('static_url'));
if (is_dir($album) != true) {
mkdir($album);
}
$type = array('image/jpeg','image/pjpeg','image/gif','image/png','image/x-png');
$type2 = array('jpg','jpeg','gif','png');
$type3 = "|.jpeg|.gif|.png|.jpg";
$hz = substr(strstr($_FILES["file"]["name"],"."),1);
if (in_array($_FILES["file"]["type"], $type) && in_array(strtolower($hz),$type2)) {
$filename = $_FILES["file"]["name"];
list($font, $back) = explode(".", $filename); //获取扩展名
if (!preg_match("/^[\x4e00-\x9fa5]+$/", $font)) {
echo "<script>alert('上传文件不能有中文,空格!');</script>";
$this->redirect("Index/self" . C('static_url'));
} else {
if (move_uploaded_file($_FILES["file"]["tmp_name"], $album . "/" . $filename)) {
$info = getimagesize($album."/".$filename);
$ext = image_type_to_extension($info['2']);
if(stripos($type3,$ext)){
$this->resize($filename);
$this->assign('jumpurl', $this->youyax_url . "/Index" . C('default_url') . "self" . C('static_url'))
->assign('msgtitle', '操作成功')
->assign('message', '图片更新成功!')
->success();
}else{
@unlink($album."/".$filename);
echo "<script>alert('非法类型文件!');</script>";
echo "<script>history.back();</script>";
}
} else {
echo "<script>alert('上传文件失败!');</script>";
echo "<script>history.back();</script>";
}
}
}
}$type = array('image/jpeg','image/pjpeg','image/gif','image/png','image/x-png');
$type2 = array('jpg','jpeg','gif','png');
$type3 = "|.jpeg|.gif|.png|.jpg";
都是必要的过滤参数。$hz = substr(strstr($_FILES["file"]["name"],"."),1);取最后的后缀,避免杂七杂八的文件名。if (in_array($_FILES["file"]["type"], $type) && in_array(strtolower($hz),$type2))
第一层过滤它的mime类型
仅仅是这样是不够的,初步的过滤。比如test.php 改成 test.jpg 一样可以通过,那么先把它传上去,之后用getimagesize获取它的信息,
再用image_type_to_extension获取它的真实拓展名。if(stripos($type3,$ext))
进行第二层过滤,
通过则再对上传的图片进行处理,
验证不通过则删除上传的“图片”文件。
{
$album = "./Public/pic/upload";
$user = $_SESSION['youyax_user'];
if ($user == "" || $user == null)
$this->redirect("Index" . C('default_url') . "index" . C('static_url'));
if (is_dir($album) != true) {
mkdir($album);
}
$type = array('image/jpeg','image/pjpeg','image/gif','image/png','image/x-png');
$type2 = array('jpg','jpeg','gif','png');
$type3 = "|.jpeg|.gif|.png|.jpg";
$hz = substr(strstr($_FILES["file"]["name"],"."),1);
if (in_array($_FILES["file"]["type"], $type) && in_array(strtolower($hz),$type2)) {
$filename = $_FILES["file"]["name"];
list($font, $back) = explode(".", $filename); //获取扩展名
if (!preg_match("/^[\x4e00-\x9fa5]+$/", $font)) {
echo "<script>alert('上传文件不能有中文,空格!');</script>";
$this->redirect("Index/self" . C('static_url'));
} else {
if (move_uploaded_file($_FILES["file"]["tmp_name"], $album . "/" . $filename)) {
$info = getimagesize($album."/".$filename);
$ext = image_type_to_extension($info['2']);
if(stripos($type3,$ext)){
$this->resize($filename);
$this->assign('jumpurl', $this->youyax_url . "/Index" . C('default_url') . "self" . C('static_url'))
->assign('msgtitle', '操作成功')
->assign('message', '图片更新成功!')
->success();
}else{
@unlink($album."/".$filename);
echo "<script>alert('非法类型文件!');</script>";
echo "<script>history.back();</script>";
}
} else {
echo "<script>alert('上传文件失败!');</script>";
echo "<script>history.back();</script>";
}
}
}
}$type = array('image/jpeg','image/pjpeg','image/gif','image/png','image/x-png');
$type2 = array('jpg','jpeg','gif','png');
$type3 = "|.jpeg|.gif|.png|.jpg";
都是必要的过滤参数。$hz = substr(strstr($_FILES["file"]["name"],"."),1);取最后的后缀,避免杂七杂八的文件名。if (in_array($_FILES["file"]["type"], $type) && in_array(strtolower($hz),$type2))
第一层过滤它的mime类型
仅仅是这样是不够的,初步的过滤。比如test.php 改成 test.jpg 一样可以通过,那么先把它传上去,之后用getimagesize获取它的信息,
再用image_type_to_extension获取它的真实拓展名。if(stripos($type3,$ext))
进行第二层过滤,
通过则再对上传的图片进行处理,
验证不通过则删除上传的“图片”文件。
MessageAction.php中的$data['mcon']=htmlspecialchars($mcon,ENT_QUOTES);没有实体化。
$this->redirect("Index" . C('default_url') . "self" . C('static_url'));