When uploading files or images in php, we will encounter the type of files to be uploaded. If we only limit the suffix, it is easy to bypass it, I have found some tables corresponding to the mine name after the marker, and hope to help you. When uploading files or images in php, we will encounter the type of files to be uploaded. If we only limit the suffix, it is easy to bypass it, I have found some tables corresponding to the mine name after the marker, and hope to help you.
Script ec (2); script
When uploading a file using a PHP script, the format of the file is processed as the PHP file, for example, (.jpg file format is image/jpeg ). This format is first determined by the browser. The browser submits a form to identify a type of file and submits it to php for processing.
Sometimes different browsers have different definitions of file types, so sometimes they need to make judgments on different browsers. In fact, different browser types can be added to the judgment.
The following table lists the file types of IE and Firefox browsers:
Ie |
Firefox |
Id |
Suffix |
File types identified by php |
0 |
Gif |
Image/gif |
1 |
Jpg |
Image/jpeg |
2 |
Png |
Image/png |
3 |
Bmp |
Image/bmp |
4 |
Psd |
Application/octet-stream |
5 |
Ico |
Image/x-icon |
6 |
Rar |
Application/octet-stream |
7 |
Zip |
Application/zip |
8 |
7z |
Application/octet-stream |
9 |
Exe |
Application/octet-stream |
10 |
Avi |
Video/avi |
11 |
Rmvb |
Application/vnd. rn-realmedia-vbr |
12 |
3gp |
Application/octet-stream |
13 |
Flv |
Application/octet-stream |
14 |
Mp3 |
Audio/mpeg |
15 |
Wav |
Audio/wav |
16 |
Krc |
Application/octet-stream |
17 |
Lrc |
Application/octet-stream |
18 |
Txt |
Text/plain |
19 |
Doc |
Application/msword |
20 |
Xls |
Application/vnd. ms-excel |
21 |
Ppt |
Application/vnd. ms-powerpoint |
22 |
Pdf |
Application/pdf |
23 |
Chm |
Application/octet-stream |
24 |
Mdb |
Application/msaccess |
25 |
SQL |
Application/octet-stream |
26 |
Con |
Application/octet-stream |
27 |
Log |
Text/plain |
28 |
Dat |
Application/octet-stream |
29 |
Ini |
Application/octet-stream |
30 |
Php |
Application/octet-stream |
31 |
Html |
Text/html |
32 |
Htm |
Text/html |
33 |
Ttf |
Application/octet-stream |
34 |
Fon |
Application/octet-stream |
35 |
Js |
Application/x-javascript |
36 |
Xml |
Text/xml |
37 |
Dll |
Application/octet-stream |
38 |
Dll |
Application/octet-stream |
|
Id |
Suffix |
File types identified by php |
0 |
Gif |
Image/gif |
1 |
Jpg |
Image/pjpeg |
2 |
Png |
Image/x-png |
3 |
Bmp |
Image/bmp |
4 |
Psd |
Application/octet-stream |
5 |
Ico |
Image/x-icon |
6 |
Rar |
Application/octet-stream |
7 |
Zip |
Application/x-zip-compressed |
8 |
7z |
Application/octet-stream |
9 |
Exe |
Application/octet-stream |
10 |
Avi |
Video/avi |
11 |
Rmvb |
Application/vnd. rn-realmedia-vbr |
12 |
3gp |
Application/octet-stream |
13 |
Flv |
Application/octet-stream |
14 |
Mp3 |
Audio/mpeg |
15 |
Wav |
Audio/wav |
16 |
Krc |
Application/octet-stream |
17 |
Lrc |
Application/octet-stream |
18 |
Txt |
Text/plain |
19 |
Doc |
Application/msword |
20 |
Xls |
Application/vnd. ms-excel |
21 |
Ppt |
Application/vnd. ms-powerpoint |
22 |
Pdf |
Application/pdf |
23 |
Chm |
Application/octet-stream |
24 |
Mdb |
Application/msaccess |
25 |
SQL |
Text/plain |
26 |
Con |
Application/octet-stream |
27 |
Log |
Text/plain |
28 |
Dat |
Text/plain |
29 |
Ini |
Application/octet-stream |
30 |
Php |
Application/octet-stream |
31 |
Html |
Text/html |
32 |
Htm |
Text/html |
33 |
Ttf |
Application/octet-stream |
34 |
Fon |
Application/octet-stream |
35 |
Js |
Text/html |
36 |
Xml |
Text/xml |
37 |
Dll |
Application/octet-stream |
38 |
Class |
Application/java |
|
Let's look at an instance.
The Code is as follows: |
|
$ Temppath = $ upfile ['tmp _ name']; $ Fileinfo = pathinfo ($ upfile ['name']); $ Extension = $ upfile ['type']; // Echo $ extension; // Exit; Switch ($ extension) { Case 'application/msword ': $ Extension = 'Doc '; Break; Case 'application/vnd. ms-excel ': $ Extension = 'xls '; Break; Case 'application/vnd.openxmlformats-officedocument.wordprocessingml.doc ument ': $ Extension = 'docx '; Break; Case 'application/vnd. ms-powerpoint ': $ Extension = 'ppt '; Break; Case 'application/pdf ': $ Extension = 'pdf '; Break; Case 'application/vnd. openxmlformats-officedocument.spreadsheetml.sheet ': $ Extension = 'xlsx '; Break; Default: Die ('only upload doc, docx, xls, pdf, and pptfile reupload '); } |
The above example limits the upload of doc, docx, xls, pdf, and ppt files. If someone wants to upload other files, such as php or asp files, the system will prompt that the file to be uploaded is invalid.