我正在创建一个管理员工记录的网络应用程序,其中一个功能允许员工上传他们的资格副本。由于许多扫描仪输出到不同的文件类型,我需要能够验证上传的文件是PDF还是许多不同图像文件类型之一。
我知道MIME验证方法并使用了它,但因为它相对容易破解我正在寻找一种更安全的方法来补充它。
配置文件中存储常量的相关代码
// Set the file types allowed to be uploaded
define('FILETYPEALLOWED', serialize (array ('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png' ) ));
处理表单的代码
//If a file was uploaded, Move the uploaded file
IF (isset($_FILES['upload'])) {
$allowed = unserialize (FILETYPEALLOWED);
$fileinfo = finfo_open (FILEINFO_MIME_TYPE);
//IF file type is allowed
IF (in_array($_FILES['upload'] ['type'], $allowed )) {
move_uploaded_file($_FILES['upload'] ['tmp_name'], UPLOADS . $_FILES['upload'] ['name'] );
} else {
//Add an error to the $errors array
$errors[] = 'The file type is not allowed.';
}
//Delete the temporary file
IF (file_exists ($_FILES['upload'] ['tmp_name']) && is_file($_FILES ['upload'] ['tmp_name'])) {
unlink ($_FILES ['upload'] ['tmp_name']);
echo '<p>The temp file been file.</p>';
}
} else {
print '<p>no file was uploaded</p>';
}