将上传白名单更改为黑名单
Changing upload whitelist to a blacklist
我想创建$deny,而不是$allowed;我想创建一个黑名单而不是白名单。主要是因为我想接受所有文件,exe、com 或我选择的任何文件除外。
<?php
// A list of permitted file extensions
$allowed = array('jpg','txt');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(!in_array(strtolower($extension), $allowed)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;
只需删除条件中的否定 (!),并检查上传的文件是否不是被拒绝的扩展名之一:
if (in_array(strtolower($extension), $denied)) {
echo '{"status":"error"}';
exit;
}
我猜你想要这样;
<?php
// A list of permitted file extensions
$denied = array('exe','com');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(in_array(strtolower($extension), $denied)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;
我想创建$deny,而不是$allowed;我想创建一个黑名单而不是白名单。主要是因为我想接受所有文件,exe、com 或我选择的任何文件除外。
<?php
// A list of permitted file extensions
$allowed = array('jpg','txt');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(!in_array(strtolower($extension), $allowed)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;
只需删除条件中的否定 (!),并检查上传的文件是否不是被拒绝的扩展名之一:
if (in_array(strtolower($extension), $denied)) {
echo '{"status":"error"}';
exit;
}
我猜你想要这样;
<?php
// A list of permitted file extensions
$denied = array('exe','com');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
if(in_array(strtolower($extension), $denied)){
echo '{"status":"error"}';
exit;
}
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
}
echo '{"status":"error"}';
exit;