从 MAC 照片应用上传到 PHP 表单

Uploading from MAC Photos app to PHP form

我有一个用户在从他们的 MacBook Air 照片应用程序上传时遇到问题。 MacBook 仅使用了 2 年并进行了更新,他们无需应用程序即可定期上传图片。我自己无法重现该问题,因此遇到了困难。

Php 代码在上传到服务器之前进行验证

    if(getimagesize($_FILES['image']['tmp_name']) == TRUE){ //files have tmp_names on server when being uploaded

  $name; $image; //Vars created here for use in retrieving image id from DB afterwords
  function saveImage($uid,$name,$image){
      //Update to get rid of default pic from registration
      $qry = "UPDATE profile_pics SET name='$name', image='$image' WHERE user_id='$uid';";
      $result=mysql_query($qry) or die(mysql_error());

      if($result){
          echo "<br/>Image uploaded.";
      }
      else{
          echo "<br/>Image not uploaded.";
      }
  }

  if($_FILES['image']['size'] < 1020000){ //1.02 since file size grows when uploaded to server.
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mime = finfo_file($finfo, $_FILES['image']['tmp_name']);
    $ok = false;
    switch ($mime) {
      case 'image/jpeg':
      case 'image/pjpeg':
      case 'image/png':
      case 'image/gif':
      case 'image/jpg':
        $ok = true;
        break;
      default:
      $errors[] = lang("ACCOUNT_PIC_WRONG_FILETYPE");
        // die("Unknown/not permitted file type");
    }
    if($ok == true){
      $image= addslashes($_FILES['image']['tmp_name']); //addslashes() function returns a string with backslashes in front of predefined
      $name= addslashes($_FILES['image']['name']);      //characters: ', ", \, NULL. To prepare string for storage in a database and database queries
      $image= file_get_contents($image);
      $image= base64_encode($image);
      saveImage($uid,$name,$image);
    }
  }else{
    $errors[] = lang("ACCOUNT_PICSIZE_TOO_LARGE");
  }
}

HTML/Javascript 表格的一部分。 Javascript 在进入后端之前进行一些验证。这是为了在提交表单之前提醒用户错误。

 <script type="text/javascript">
  //Check to make sure pic size not to large
  jQuery(document).on("change", ".input-pic[type=file]", function () {
      var file = this.files[0];
      var size = file.size / 1024;
      var ext = file.name.split('.').pop();
      if (size > 1020) {
          alert("Too large Image. Only image smaller than 1MB (1000kB) can be uploaded.");
          //If too large, make field empty again
          jQuery(this).replaceWith('<input type="file" class="form-control input-pic" name="image" id="image">');
      }else if(ext == "jpeg" || ext == "pjpeg" || ext == "png" || ext == "gif" || ext == "jpg"){
        //Do nothing, valid image type
      }else{
        alert("Only jpeg, png, and gif pictures may be uploaded. You uploaded: ."+ext);
        jQuery(this).replaceWith('<input type="file" class="form-control input-pic" name="image" id="image">');
      }
  });
  </script>

  <div class='row form-row' style="padding-bottom:10px;">
    <div class='col-md-12'>
      <strong for="image">Upload a profile picture (JPG/PNG/GIF size limited to 1MB)</strong>
    <input type="file" class="input-pic form-control" name="image" id="image">
    </div>
  </div>

他们不断收到 javascript 中的警报: MAC Photos error alert 同样,当他们在应用程序之外正常上传时(就像 PC 用户会做的那样),他们不会得到这个。

我相信 OS X 正在将扩展名设置为大写。尝试 var ext = strtolower(file.name.split('.').pop();) 看看它是否只是一个验证问题。

注意:您只是在验证文件扩展名 - 这是一个巨大的安全风险。