PHP identifies file camouflage (file upload)

Question:

When uploading files, it is necessary to verify whether the uploaded files are legal. How to identify file camouflage?

A simple test: change the txt file suffix directly to jpg; upload

    
    Send this file:   
  

1. Get the file suffix through $_FILES['userfile']['type'];

$data = $_FILES['userfile']; var_dump($data); /**结果**/ /* array(5) { ["name"]=> string(8) "test.jpg" ["type"]=> string(10) "image/jpeg" ["tmp_name"]=> string(26) "/private/var/tmp/phpfyE3EC" ["error"]=> int(0) ["size"]=> int(19) } */

Not detected;

2. Use the pathinfo() function to obtain file path information

$data = $_FILES['userfile']; // var_dump($data); var_dump(pathinfo($data['name'])); /**结果**/ /* array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(8) "test.jpg" ["extension"]=> string(3) "jpg" ["filename"]=> string(4) "test" } */

Not detected;

3. PHP extension fileinfo (needs to be installed and enabled)

$data = $_FILES['userfile']; $filename = $data['tmp_name']; $finfo = finfo_open(FILEINFO_MIME_TYPE);//返回 mime 类型。 自 PHP 5.3.0 可用。 $mimetype = finfo_file($finfo, $filename); finfo_close($finfo); var_dump($mimetype); /**结果**/ //string(10) "text/plain"

Yes! Can! Can! It is detected that the file mime type is not a jpg!

For more related php knowledge, please visitphp tutorial!

The above is the detailed content of PHP identifies file camouflage (file upload). For more information, please follow other related articles on the PHP Chinese website!