本文最后更新于5 天前
文件上传校验
$fileTypeCode = get_file_type($file);
// dd($fileTypeCode);
if ($fileTypeCode == 6063) {
return false;
}
if (!in_array($fileTypeCode, [
13780, // png
255216, // jpg jpeg
8075, // xlxs docx
208207,// xls doc
3780, // pdf
0, // mp4
])) {
return false;
}
if (
Str::upper($file->getClientOriginalExtension()) == 'PHP'
|| Str::upper($file->getClientOriginalExtension()) == 'JSP'
|| Str::upper($file->getClientOriginalExtension()) == 'ASP'
|| Str::upper($file->getClientOriginalExtension()) == 'ASPX'
|| Str::upper($file->getClientOriginalExtension()) == 'JS'
|| Str::upper($file->getClientOriginalExtension()) == 'PY'
|| Str::upper($file->getClientOriginalExtension()) == 'SH'
|| Str::upper($file->getClientOriginalExtension()) == 'VBS'
|| Str::upper($file->getClientOriginalExtension()) == 'VBA'
|| Str::upper($file->getClientOriginalExtension()) == 'BAT'
|| Str::upper($file->getClientOriginalExtension()) == 'CMD'
|| Str::upper($file->getClientOriginalExtension()) == 'HTML'
|| Str::upper($file->getClientOriginalExtension()) == 'HTM'
|| Str::upper($file->getClientOriginalExtension()) == 'CSS'
|| Str::upper($file->getClientOriginalExtension()) == 'JSF'
) {
return false;
}
if (!Str::contains(Str::upper($file->getClientOriginalExtension()), [
PNG, JPG, JPEG, // 图片
XLS, XLSX,
PDF,
DOC, DOCX,
ZIP, MP4,
])) {
return false;
}
function get_file_type($file)
{
$fp = fopen($file, 'rb');
$bin = fread($fp, 2); //利用PHP取二进制文件头判断文件类型,每个文件在产生的时候,他是什么类型的文件,都由这个二进制头部的2个字节决定的
fclose($fp);
if ($bin == '') {
$type = 0;
} else {
$strInfo = unpack(C2chars, $bin); // 函数从二进制字符串对数据进行解包。
$typeCode = intval($strInfo['chars1'] . $strInfo['chars2']);
$type = $typeCode;
}
return $type;
}禁止用户访问可执行文件
location ^~ /storage
{
if ($request_uri ~ ^/(storage)/.*?\.(php|php5|html)$) {
return 403;
}
alias /home/wwwroot/*/public/storage;
try_files $uri $uri/ =404;
}
