Skip to content

Y
yii2_fecshop

OpenDocCN / yii2_fecshop

通知 17
Star 0
Fork 0
Y
yii2_fecshop

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 7a69334b 编写于 作者: T Terry
浏览文件
操作

图片文件加入后缀检查

上级 7ebe4cd0
隐藏空白更改
内联 并排
Showing with 31 addition and 6 deletion
services/Helper.php
浏览文件 @ 7a69334b
...@@ -167,7 +167,7 @@ class Helper extends Service ...@@ -167,7 +167,7 @@ class Helper extends Service
$targetPathFile = $targetPath . '/' . $file; $targetPathFile = $targetPath . '/' . $file;
if (is_dir($sourcePathFile)){ if (is_dir($sourcePathFile)){
$this->copyDirImage($sourcePathFile, $targetPathFile); $this->copyDirImage($sourcePathFile, $targetPathFile);
} else if (Yii::$service->image->isAllowImgType($sourcePathFile)){ } else if (Yii::$service->image->isAllowImgType($sourcePathFile, $file)){
if ($isForce) { if ($isForce) {
copy($sourcePathFile, $targetPathFile); copy($sourcePathFile, $targetPathFile);
} else if (!file_exists($targetPathFile)) { } else if (!file_exists($targetPathFile)) {
......
services/Image.php
浏览文件 @ 7a69334b
...@@ -52,18 +52,41 @@ class Image extends Service ...@@ -52,18 +52,41 @@ class Image extends Service
* @param $file | string, 图片文件路径 * @param $file | string, 图片文件路径
* @return boolean, 是否是允许的图片类型 * @return boolean, 是否是允许的图片类型
*/ */
public function isAllowImgType($file) public function isAllowImgType($file, $fileName)
{ {
$img = getimagesize($file); $img = getimagesize($file);
$imgType = $img['mime']; $imgType = $img['mime'];
if (!in_array($imgType, $this->allowImgType)) { if (!in_array($imgType, $this->allowImgType)) {
return false; return false;
} }
// 文件后缀检查
$fileNameArr = explode('.', $fileName);
$fileSuffix = $fileNameArr[count($fileNameArr)-1];
$allowImgSuffix = $this->getAllowImgSuffix();
if (!in_array($fileSuffix, $allowImgSuffix)) {
return false;
}
return true; return true;
} }
public function getAllowImgSuffix()
{
$arr = [];
if (!is_array($this->allowImgType) || empty($this->allowImgType)) {
return [];
}
foreach ($this->allowImgType as $one) {
$oneArr = explode('/',$one);
$arr[] = $oneArr[1];
}
return $arr;
}
public function init() public function init()
{ {
...@@ -210,7 +233,10 @@ class Image extends Service ...@@ -210,7 +233,10 @@ class Image extends Service
$size = $FILE['size']; $size = $FILE['size'];
$file = $FILE['tmp_name']; $file = $FILE['tmp_name'];
$name = $FILE['name']; $name = $FILE['name'];
$name = $this->generateImgName($name); $newName = $this->generateImgName($name);
if (!$newName) {
throw new InvalidValueException('generate img name fail');
}
if ($size > $this->getMaxUploadSize()) { if ($size > $this->getMaxUploadSize()) {
throw new InvalidValueException('upload image is to max than'. $this->getMaxUploadSize().' MB'); throw new InvalidValueException('upload image is to max than'. $this->getMaxUploadSize().' MB');
...@@ -218,13 +244,12 @@ class Image extends Service ...@@ -218,13 +244,12 @@ class Image extends Service
throw new InvalidValueException('file type is empty.'); throw new InvalidValueException('file type is empty.');
} elseif ($img = getimagesize($file)) { } elseif ($img = getimagesize($file)) {
$imgType = $img['mime']; $imgType = $img['mime'];
if (!$this->isAllowImgType($file, $name)) {
if (!in_array($imgType, $this->allowImgType)) {
throw new InvalidValueException('image type is not allow for '.$imgType); throw new InvalidValueException('image type is not allow for '.$imgType);
} }
} }
// process image name. // process image name.
$imgSavedRelativePath = $this->getImgSavedRelativePath($name); $imgSavedRelativePath = $this->getImgSavedRelativePath($newName);
$isMoved = @move_uploaded_file($file, $this->GetCurrentBaseImgDir().$imgSavedRelativePath); $isMoved = @move_uploaded_file($file, $this->GetCurrentBaseImgDir().$imgSavedRelativePath);
if ($isMoved) { if ($isMoved) {
$imgUrl = $this->getUrlByRelativePath($imgSavedRelativePath); $imgUrl = $this->getUrlByRelativePath($imgSavedRelativePath);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册