图片文件加入后缀检查

7a69334b · Terry · 7ebe4cd0 · 7a69334b · 7a69334b
隐藏空白更改
内联并排

Showing with 31 addition and 6 deletion

services/Helper.php services/Helper.php +1 -1

services/Image.php services/Image.php +30 -5

未找到文件。
--- a/services/Helper.php
+++ b/services/Helper.php
@@ -167,7 +167,7 @@ class Helper extends Service
                $targetPathFile = $targetPath . '/' . $file;
                if (is_dir($sourcePathFile)){
                    $this->copyDirImage($sourcePathFile, $targetPathFile);
-                } else if (Yii::$service->image->isAllowImgType($sourcePathFile)){
+                } else if (Yii::$service->image->isAllowImgType($sourcePathFile, $file)){
                    if ($isForce) {
                        copy($sourcePathFile, $targetPathFile);
                    } else if (!file_exists($targetPathFile)) {

--- a/services/Image.php
+++ b/services/Image.php
@@ -52,18 +52,41 @@ class Image extends Service
     * @param $file | string, 图片文件路径
     * @return boolean， 是否是允许的图片类型
     */
-    public function isAllowImgType($file)
+    public function isAllowImgType($file, $fileName)
    {
        $img = getimagesize($file);
        $imgType = $img['mime'];

        if (!in_array($imgType, $this->allowImgType)) {
+            
            return false;
        
        }
+        // 文件后缀检查
+        $fileNameArr = explode('.', $fileName);
+        $fileSuffix = $fileNameArr[count($fileNameArr)-1];
+        $allowImgSuffix = $this->getAllowImgSuffix();
+        if (!in_array($fileSuffix, $allowImgSuffix)) {
+            
+            return false;
+        }
        
        return true;
    }
+    public function getAllowImgSuffix()
+    {
+        $arr = [];
+        if (!is_array($this->allowImgType) || empty($this->allowImgType)) {
+            return [];
+        }
+        
+        foreach ($this->allowImgType as $one) {
+            $oneArr = explode('/',$one);
+            $arr[] = $oneArr[1];
+        }
+        
+        return $arr;
+    }
    
    public function init()
    {
@@ -210,7 +233,10 @@ class Image extends Service
        $size = $FILE['size'];
        $file = $FILE['tmp_name'];
        $name = $FILE['name'];
-        $name = $this->generateImgName($name);
+        $newName = $this->generateImgName($name);
+        if (!$newName) {
+            throw new InvalidValueException('generate img name fail');
+        }
        
        if ($size > $this->getMaxUploadSize()) {
            throw new InvalidValueException('upload image is to max than'. $this->getMaxUploadSize().' MB');
@@ -218,13 +244,12 @@ class Image extends Service
            throw new InvalidValueException('file type is empty.');
        } elseif ($img = getimagesize($file)) {
            $imgType = $img['mime'];
-
-            if (!in_array($imgType, $this->allowImgType)) {
+            if (!$this->isAllowImgType($file, $name)) {
                throw new InvalidValueException('image type is not allow for '.$imgType);
            }
        }
        // process image name.
-        $imgSavedRelativePath = $this->getImgSavedRelativePath($name);
+        $imgSavedRelativePath = $this->getImgSavedRelativePath($newName);
        $isMoved = @move_uploaded_file($file, $this->GetCurrentBaseImgDir().$imgSavedRelativePath);
        if ($isMoved) {
            $imgUrl = $this->getUrlByRelativePath($imgSavedRelativePath);