Laravel 5.1上传文件安全性

时间:2015-12-18 04:04:24

标签: php mysql database laravel-5.1

如何在我的上传文件中设置安全性,只能上传pdf,doc,jpeg,png和docx?

我只是在尝试它,但我不知道这是否是正确的做...只是试验.. ^ _ ^但毕竟它没有起作用^^ ...实际上我是得到了一个错误..试着帮我们这个吗?

这是我的Controller.php

public function index()
{
    $entries = Fileentry::where('user_id',Auth::user()->id)->get();
    return view('fileentries.index', compact('entries'));
}

public function store(UploadFiles $request)
{
    if($request->file('filename')) 
    {
        $file = $request->file('filename');

        $filename           = $file->getFilename().'.'.$extension;
        $fileExt            = $file->getClientOriginalExtension();
        $mime               = $file->getClientMimeType();
        $original_filename  = $file->getClientOriginalName();
        $description        = UploadFiles::input('description');
        $user_id            = Auth::user()->id;
        $file->save();

        // Move the file now
        $updatedFileName = $filename.'.'.$fileExt;
        $file->move('path/to/destination/folder', $updatedFileName);

     return redirect('upload');
    }

    else
    {
        echo "nothing happen";
    }
}

这是我的View.blade.php

@extends('layouts.app')
@section('content')

<form action="{{route('addentry', [])}}" method="post" enctype="multipart/form-data">
    <input name="_token" type="hidden" value="{!! csrf_token() !!}" />
    <input type="file" name="filefield" required>
    <br>

    Description <br>
    <input type="textarea" name="description">
    <br>
    <input type="submit">
</form>
<h1> List of your Entries</h1>

<div class="row">
    <ul class="thumbnails">

@foreach($entries as $entry)

<div class="col-md-2">
    <div class="thumbnail">
         <img src="{{route('getentry', $entry->filename ) }}" alt="ALT NAME" class="img-responsive" /> 

                     <p>{{ $entry->description }} </p>

                     <a href="{{ URL::to('download') }}" download="{{$entry->original_filename}}">{{$entry->original_filename}}</a>

            </div>
        </div>


 @endforeach
 </ul>
 </div>


nI@endsection

提前谢谢你们^^

1 个答案:

答案 0 :(得分:0)

通过发出以下命令来创建FormRequest对象:

php artisan make:request YourFormRequest

现在,在你的规则方法中:

/**
 * Get the validation rules that apply to the request.
 *
 * @return array
 */
public function rules()
{
    return [
        'filename' => 'mimes:pdf,doc,jpeg,png,docx',
        // and other validation rules...
    ];
}

现在更新您的控制器:

/**
 * Store the form values.
 * Don't forget to import the YourFormRequest class
 *
 * @param \App\Http\Requests\YourFormRequest $request
 * @return \Illuminate\Http\Redirect|string
 */
public function store(YourFormRequest $request)
{
    if($request->file('filename')) {
        $file = $request->file('filename');

        $fileName = $file->getClientOriginalName();
        $fileExt  = $file->getClientOriginalExtension();
        $fileMime = $file->getClientMimeType();

        // and rest of the file details

        // Move the file now
        $updatedFileName = $fileName.'.'.$fileExt;
        $file->move('path/to/destination/folder', $updatedFileName);

        // or using the Storage class, it is the same
        // as what you have written.
    }
}

更新1:

YourFormRequest文件中,替换authorize方法:

/**
 * Authorize the request.
 *
 * @return bool
 */
public function authorize()
{
    return true; // replace false with true.
}

希望这会帮助你。欢呼声。