上传文件的功能是各类站点的基本功能,但是网络上也存在一些用心不良的人伪装图片或其他文件,上传一些木马或病毒到服务器上。普通php函数文件类型函数无法正确识别,安全的做法应该是头文件判断:
<?php function checkTitle($filename) { $file = fopen($filename, "rb"); $bin = fread($file, 2); //只读2字节 fclose($file); //$bin = file_get_contents($filename,false,null,0,2); $strInfo = @unpack("c2chars", $bin); $typeCode = intval($strInfo['chars1'].$strInfo['chars2']); $fileType = ""; switch ($typeCode) { case 7790: $fileType = 'exe'; break; case 7784: $fileType = 'midi'; break; case 8297: $fileType = 'rar'; break; case 255216: $fileType = 'jpg'; break; case 7173: $fileType = 'gif'; break; case 6677: $fileType = 'bmp'; break; case 13780: $fileType = 'png'; break; case 13780: $fileType = 'png'; break; default: $fileType = 'unknown'.$typeCode; } //Fix if ($strInfo['chars1']=='-1' && $strInfo['chars2']=='-40' ) { return bindec($bin)."#".print_r($strInfo)."#".$typeCode."#".'jpg'; } if ($strInfo['chars1']=='-119'&& $strInfo['chars2']=='80' ) { return bindec($bin)."#".print_r($strInfo)."#".$typeCode."#".'png'; } return bindec($bin)."#".print_r($strInfo)."#".$typeCode."#".$fileType; } //echo "gif:".checkTitle('img/5f.GIF')."
"; echo "gif:".checkTitle('img/weather.gif')."
"; echo "gif:".checkTitle('img/7768752.gif')."
"; echo "gif:".checkTitle('img/gif001.gif')."
"; echo "gif:".checkTitle('img/gif002.gif')."
"; echo "gif:".checkTitle('img/gif007.gif')."
"; echo "jpeg:".checkTitle('img/weather.jpg')."
"; echo "jpeg:".checkTitle('img/0001.jpg')."
"; echo "jpeg:".checkTitle('img/1.jpg')."
"; echo "jpeg:".checkTitle('img/0002.jpg')."
"; echo "jpeg:".checkTitle('img/4.jpg')."
"; echo "jpeg:".checkTitle('img/5.jpg')."
"; echo "jpeg:".checkTitle('img/71885.jpg')."
"; echo "jpeg:".checkTitle('img/imgad.jpg')."
"; echo "png:".checkTitle('img/weather.png')."
"; echo "png:".checkTitle('img/1.png')."
"; echo "png:".checkTitle('img/2.png')."
"; echo "png:".checkTitle('img/3.png')."
"; echo "png:".checkTitle('img/4.png')."
"; echo "png:".checkTitle('img/5.png')."
"; echo hexdec(89)."
"; echo hexdec(50)."
"; //6072,102119 ?>