getimagesize()在流而不是字符串

时间:2011-11-21 09:24:39

标签: php ajax file file-upload inputstream

我正在使用Valum's file uploader使用AJAX上传图片。这个脚本以我不完全理解的方式将文件提交给我的服务器,因此最好通过显示我的服务器端代码来解释:

$pathToFile = $path . $filename;

//Here I get a file not found error, because the file is not yet at this address
getimagesize($pathToFile);

$input = fopen('php://input', 'r');
$temp = tmpfile();
$realSize = stream_copy_to_stream($input, $temp);

//Here I get a string expected, resource given error 
getimagesize($input);

fclose($input);

$target = fopen($pathToFile, 'w');
fseek($temp, 0, SEEK_SET);

//Here I get a file not found error, because the image is not at the $target yet
getimagesize($pathToFile);

stream_copy_to_stream($temp, $target);
fclose($target);

//Here it works, because the image is at the desired location so I'm able to access it with $pathToFile. However, the (potentially) malicious file is already in my server.
getimagesize($pathToFile);

问题是我想在这里使用getimagesize()执行一些文件验证。 getimagesize只支持一个字符串,我只有资源可用,这导致错误:getimagesize需要一个字符串,资源给定。

当我在脚本结束时执行getimagesize($ pathTofile)时它确实有效,但是图像已经上传并且已经完成了损坏。这样做并在之后执行检查然后可能删除te文件对我来说似乎是不好的做法。

$ _REQUEST唯一的东西是文件名,我用它来var $ pathToFile。 $ _FILES是空的。

如何在流上执行文件验证?

修改 解决方案是首先将文件放在临时目录中,然后在临时文件上执行验证,然后再将其复制到目标目录。

// Store the file in tmp dir, to validate it before storing it in destination dir
$input = fopen('php://input', 'r');
$tmpPath = tempnam(sys_get_temp_dir(), 'upl'); // upl is 3-letter prefix for upload
$tmpStream = fopen($tmpPath, 'w'); // For writing it to tmp dir
stream_copy_to_stream($input, $tmpStream);
fclose($input);
fclose($tmpStream);

// Store the file in destination dir, after validation
$pathToFile = $path . $filename;
$destination = fopen($pathToFile, 'w');
$tmpStream = fopen($tmpPath, 'r'); // For reading it from tmp dir
stream_copy_to_stream($tmpStream, $destination);
fclose($destination);
fclose($tmpStream);

2 个答案:

答案 0 :(得分:5)

PHP 5.4现在支持getimagesizefromstring

查看文档: http://php.net/manual/pt_BR/function.getimagesizefromstring.php

你可以尝试:

$input = fopen('php://input', 'r');
$string = stream_get_contents($input);
fclose($input);

getimagesizefromstring($string);

答案 1 :(得分:2)

您可以使用tempnam()tmpfile()来创建临时路径,而不是使用sys_get_temp_dir()

然后使用fopen()获取句柄,复制流。

然后你有一个字符串和一个处理你需要做的操作。

//Copy PHP's input stream data into a temporary file

$inputStream   = fopen('php://input', 'r');
$tempDir       = sys_get_temp_dir();
$tempExtension = '.upload';

$tempFile   = tempnam($tempDir, $tempExtension);
$tempStream = fopen($tempFile, "w");
$realSize   = stream_copy_to_stream($inputStream, $tempStream);

fclose($tempStream);

getimagesize($tempFile);
相关问题
最新问题