$allowed_types = array(
/* images extensions */
'jpeg', 'bmp', 'png', 'gif', 'tiff', 'jpg',
/* audio extensions */
'mp3', 'wav', 'midi', 'aac', 'ogg', 'wma', 'm4a', 'mid', 'orb', 'aif',
/* movie extensions */
'mov', 'flv', 'mpeg', 'mpg', 'mp4', 'avi', 'wmv', 'qt',
/* document extensions */
'txt', 'pdf', 'ppt', 'pps', 'xls', 'doc', 'xlsx', 'pptx', 'ppsx', 'docx'
);
$mime_type_black_list= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
'text/x-c++', 'text/x-c',
# Windows metafile, client-side vulnerability on some systems
# 'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
# 'application/zip',
);
$tmp_file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
if(!strlen($tmp_file_extension) || (!$allow_all_types &&
!in_array($tmp_file_extension,$allowed_types))) {
return false;
}
$finfo = new finfo(FILEINFO_MIME, MIME_MAGIC_PATH);
if ($finfo) {
$mime = $finfo->file($file_name_tmp);
}
else {
$mime = $file_type;
}
$mime = explode(" ", $mime);
$mime = $mime[0];
if (substr($mime, -1, 1) == ";") {
$mime = trim(substr($mime, 0, -1));
}
return (in_array($mime, $mime_type_black_list) == false);
2008
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
