当用户使用本网站https://www.w3schools.com/php/php_file_upload.asp中的代码在上传时手动更改文件扩展名时,我设法检查了图像文件是否是伪造的。我的问题是如何对 doc 文件做同样的事情?这可能吗?
<!DOCTYPE html>
<html>
<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload2" id="fileToUpload2">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload2"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload2"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
?>
答案 0 :(得分:0)
是的,与验证 doc/docx 文件的方式相同。
$allowed_ext = array('doc', 'docx');
$filename = $_FILES['fileToUpload2']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if (!in_array($ext, $allowed))
{
echo "File is not valid doc file.";
}