在Laravel 5.1中上传文件安全性

时间:2016-01-04 07:19:08

标签: php mysql database laravel-5.1

我在Laravel 5.1中表现不佳。我需要你的帮助......

为什么上传我的请求文件中不在列表中的其他文件?我想在请求文件上仅上传规则功能。

这是我的新更新控制器

public function store(UploadFiles $filename) {

    $input = Input::all();
    $rules = array('filename' => 'mimes:pdf,doc,jpeg,png,docx');
    $validator = Validator::make($input, $rules);

    if($validator->fails()) {
        $messages = $validator->messages();
        print_r($messages);
    } else {
        $file = $filename->file('filefield');
        $extension = $file->getClientOriginalExtension();
        $entry = new Fileentry();
        $entry->mime = $file->getClientMimeType();
        $entry->original_filename = $file->getClientOriginalName();
        $entry->filename = $file->getFilename().'.'.$extension;
        $entry->description = Request::input('description');
        Storage::disk('local')->put($file->getFilename().'.'.$extension, File::get($file));
        $entry->user_id = Auth::user()->id;
        return redirect('upload');
    }    
}

我的要求: UploadFiles.php

public function authorize() {
    return true;
}

/**
 * Get the validation rules that apply to the request.
 *
 * @return array
 */
public function rules() {
    return ['filename' => 'mimes:pdf,doc,jpeg,png,docx'];
}

这是我的 index.blade.php

<form action="{{route('addentry', [])}}" method="post" enctype="multipart/form-data">
    <input type="hidden" name="_token" value="{!! csrf_token() !!}">
    <input type="file" name="filefield" required>
    <br>

    Description <br>
    <div class="form-group">
       <input type="textarea" name="description"><br>
    </div>
    <input type="submit">
</form>

2 个答案:

答案 0 :(得分:1)

您应该将规则arr传递给验证者。

您的代码应该是这样的:

array(4) {
  [0]=>
  array(2) {
    ["link"]=>
    string(11) "xyz.com/def"
    ["time"]=>
    string(10) "2016-01-03"
  }
  [1]=>
  array(2) {
    ["link"]=>
    string(11) "xyz.com/123"
    ["time"]=>
    string(10) "2016-01-03"
  }
  [2]=>
  array(2) {
    ["link"]=>
    string(11) "xyz.com/abc"
    ["time"]=>
    string(10) "2015-12-03"
  }
  [3]=>
  array(2) {
    ["link"]=>
    string(14) "xyz.com/123456"
    ["time"]=>
    string(10) "2016-01-03"
  }
}

答案 1 :(得分:1)

试试这个:

在您上传的控制器中: 添加use App\Http\Requests\UploadFilesValidationRequest;并在控制器中实现依赖注入,如:

public function store(UploadFilesValidationRequest $uploadValidator, UploadFiles $filename){

}

$imageValidator = new UploadFilesValidationRequest;
$imageValidation = Validator::make($fileData,$imageValidator->rules());

if ($imageValidation->fails()){
    dd($imageValidation->messages())
}

看,如果有效。