When using PHP for file upload and storage, many people will be the name of the file and saved to a writable folder, and then we in one of the mistakes is to use the extension of the upload file as the basis for judging the file type.
This is actually the same as the back door open, to give a simple example, through the extension of the judgment is generally a string intercept judgment, or use $_file array to judge, and then if the user uploads the file name Image.php.png, image.png.php, image.php%** **.png and so on, judgment will go wrong.
In addition, $_files[' type ' may be tampered with.
Here's how I judged the file name:
Read the file header four bytes as a judgment.
Directly below the code
I realized that only word and PDF files are supported, and the file size is less than 512KB:
$tmpname = $_files [' userfile '] [' Tmp_name '];if (Is_uploaded_file ($tmpname)) {$mimetype = Detectmime ($tmpname); $ tuozhanming = Getfileext ($filename, $mimetype); if ($tuozhanming = = "Type_error") {echo ' only supports Word and PDF files, and the file size is less than 512KB: Please retry '; exit ();}} else{$_files [' UserFile '] [' error '] = 6;} if ($_files [' userfile '] [' ERROR '] > 0) {echo ' problem: '; switch ($_files [' userfile '] [' ERROR ']) {case 1:echo ' upload file too large : Please retry '; break;case 2:echo ' upload file too large: Please retry '; break;case 3:echo ' File upload lost: Please retry '; break;case 4:echo ' No files were uploaded: Please retry '; break;case 6:echo ' Only Word and PDF files are supported, and the file size is less than 512kb: Retry '; break;case 7:echo ' upload file storage failed: please retry '; Exit ();} Determine file type//upload file $_files [' UserFile '] [' name '] = time (). "." . $tuozhanming; $upfile = '. /uploads/'. $_files [' UserFile '] [' Name '];if (!move_uploaded_file ($_files [' userfile '] [' tmp_name '], $upfile)) {echo ' Problem: File move "Exit ();}} function Detectmime ($filename) {$file = fopen ($filename, "RB"); $finfo = Finfo_open (fileinfo_mime); if (! $finfo) {// Directly read the first 4 bytes of a file, judging by hard coding $file = fopen($filename, "RB"); $bin = Fread ($file, 4); Read-only file header 4 bytes fclose ($file), $strInfo = @unpack ("C4chars", $bin),//dechex () function converts decimal to 16 binary. $typeCode = Dechex ($strInfo [' chars1 ']). Dechex ($strInfo [' chars2 ']). Dechex ($strInfo [' Chars3 ']). Dechex ($strInfo [' chars4 '); $type = '; switch ($typeCode)//hard-coded value table {case "504b34": $type = ' application/zip; charset=bin ary '; break;case "d0cf11e0": $type = ' application/vnd.ms-office; Charset=binary '; break;case "25504446": $type = ' application/pdf; Charset=binary '; Break;default: $type = ' application/vnd.ms-office; Charset=binary '; break;}} else {//finfo_file return information of a file$type = Finfo_file ($finfo, $filename);} return $type; function Getfileext ($filename, $type) {switch ($type) {case "application/zip; Charset=binary ": $extType =" docx "; break;case" Application/vnd.ms-office; Charset=binary ": $extType =" Doc "; Break;case" Application/msword; CharSet=binary ": $extType =" Doc "; Break;case "application/pdf; Charset=binary ": $extType =" pdf "; Break;default: $extType =" type_error "; break;} return $extType;}