jQuery文件上传 - 带有特殊字符的blueimp文件名

时间:2015-04-25 11:04:45

标签: php jquery

我的一些用户会附加名称包含特殊字符的文件,这些字符在下载和上传,单引号,空格等时对实用程序有问题。这似乎应该是一个简单的问题要解决但是因为我是编码时的“绿色”我可以使用一些帮助。

我尝试修改'UploadHandler.php'函数来操作文件名但没有成功。我不确定是否需要在表单或上传的输入级别处理它...

我的最后一次尝试是在trim_file_name()函数中:

protected function trim_file_name($name,
        $type = null, $index = null, $content_range = null) {
    // Remove path information and dots around the filename, to prevent uploading
    // into different directories or replacing hidden system files.
    // Also remove control characters and spaces (\x00..\x20) around the filename:
    $name = trim(basename(stripslashes($name)), ".\x00..\x20");
    // Use a timestamp for empty filenames:
    if (!$name) {
        $name = str_replace('.', '-', microtime(true));
        $name = preg_replace('/[^A-Za-z0-9\-]/', '', $name); <==== my attempt
    }
    // Add missing file extension for known image types:
    if (strpos($name, '.') === false &&
        preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
        $name .= '.'.$matches[1];
    }
    return $name;
}

我真的可以使用一些帮助。我真的很沮丧。

谢谢,

2 个答案:

答案 0 :(得分:3)

我使用了一些在生产中运行良好的功能来清理和清理文件名,我将它们放在下面。

public static function cleanFileName($filename)
{
    $filename = htmlentities($filename, ENT_QUOTES, 'UTF-8');
    $filename = preg_replace('~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', $filename);
    $filename = html_entity_decode($filename, ENT_QUOTES, 'UTF-8');
    $filename = preg_replace(array('~[^0-9a-z]~i', '~[ -]+~'), ' ', $filename);
    return trim($filename, ' -');
}

public static function sanitizeFileName($filename)
{
    $dangerous_characters = array(" ", '"', "'", "&", "/", "\\", "?", "#");
    return str_replace($dangerous_characters, '_', $filename);
}

因此,一旦将这两个函数复制到UploadHandler类,修改后的trim_file_name函数将如下所示:

protected function trim_file_name($name,
    $type = null, $index = null, $content_range = null) {
// Remove path information and dots around the filename, to prevent uploading
// into different directories or replacing hidden system files.
// Also remove control characters and spaces (\x00..\x20) around the filename:
$name = trim(basename(stripslashes($name)), ".\x00..\x20");

// Use a timestamp for empty filenames:
if (!$name) {
    $name = str_replace('.', '-', microtime(true));
}
// Add missing file extension for known image types:
if (strpos($name, '.') === false &&
    preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
    $name .= '.'.$matches[1];
}
// Call sanitize file name function
$name = UploadHandler::sanitizeFileName($name);
// Call clean file name function
$name = UploadHandler::cleanFileName($name);
return $name;
}

答案 1 :(得分:1)

Adam:“非常接近!文件名正在被修改,但似乎是将文件扩展名添加为文件名的一部分,例如My'File.jpg =我的文件jpg.jpg任何想法?”

我有同样的问题,我刚修正了函数cleanFileName() ...你应该添加一个点“。”到最后preg_replace函数:

这一行:

$filename = preg_replace(array('~[^0-9a-z]~i', '~[ -]+~'), ' ', $filename);

应该是:

$filename = preg_replace(array('~[^0-9.a-z]~i'),'',$filename);

因此正则表达式不会删除点。

public static function cleanFileName($filename)
{

    $filename = htmlentities($filename, ENT_QUOTES, 'UTF-8');
    $filename = preg_replace('~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', $filename);
    $filename = html_entity_decode($filename, ENT_QUOTES, 'UTF-8');
    $filename = preg_replace(array('~[^0-9.a-z]~i'),'',$filename);


    return trim($filename, ' -');
}
相关问题
最新问题