将上传白名单更改为黑名单

时间:2015-10-03 23:10:07

标签: php file-upload upload

而不是$允许,我想创建$ deny;而不是白名单,我想制作一个黑名单。主要是因为我想接受所有文件,除了exe,com或我选择的任何文件。

<?php

// A list of permitted file extensions
$allowed = array('jpg','txt');

if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){

    $extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);

    if(!in_array(strtolower($extension), $allowed)){
        echo '{"status":"error"}';
        exit;
    }

    if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
        echo '{"status":"success"}';
        exit;
    }
}

echo '{"status":"error"}';
exit;

2 个答案:

答案 0 :(得分:1)

只需删除条件中的否定(!),并检查上传的文件是否为拒绝的扩展程序之一:

if (in_array(strtolower($extension), $denied)) {
    echo '{"status":"error"}';
    exit;
}

答案 1 :(得分:0)

你想要这样,我猜;

<?php

// A list of permitted file extensions
$denied = array('exe','com');

if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){

    $extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);

    if(in_array(strtolower($extension), $denied)){
        echo '{"status":"error"}';
        exit;
    }

    if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
        echo '{"status":"success"}';
        exit;
    }
}

echo '{"status":"error"}';
exit;