而不是$允许,我想创建$ deny;而不是白名单,我想制作一个黑名单。主要是因为我想接受所有文件,除了exe,com或我选择的任何文件。
<?php
// A list of permitted file extensions
$allowed = array('jpg','txt');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(!in_array(strtolower($extension), $allowed)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;
答案 0 :(得分:1)
只需删除条件中的否定(!
),并检查上传的文件是否为拒绝的扩展程序之一:
if (in_array(strtolower($extension), $denied)) {
echo '{"status":"error"}';
exit;
}
答案 1 :(得分:0)
你想要这样,我猜;
<?php
// A list of permitted file extensions
$denied = array('exe','com');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(in_array(strtolower($extension), $denied)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;