Home>Article>Backend Development> PHP identifies file camouflage (file upload)

PHP identifies file camouflage (file upload)

藏色散人
藏色散人 forward
2020-01-27 15:11:18 2558browse

PHP identifies file camouflage (file upload)

Question:

When uploading files, it is necessary to verify whether the uploaded files are legal. How to identify file camouflage?

A simple test: change the txt file suffix directly to jpg; upload

  test  
Send this file:

1. Get the file suffix through $_FILES['userfile']['type'];

$data = $_FILES['userfile']; var_dump($data); /**结果**/ /* array(5) { ["name"]=> string(8) "test.jpg" ["type"]=> string(10) "image/jpeg" ["tmp_name"]=> string(26) "/private/var/tmp/phpfyE3EC" ["error"]=> int(0) ["size"]=> int(19) } */

Not detected;

2. Use the pathinfo() function to obtain file path information

$data = $_FILES['userfile']; // var_dump($data); var_dump(pathinfo($data['name'])); /**结果**/ /* array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(8) "test.jpg" ["extension"]=> string(3) "jpg" ["filename"]=> string(4) "test" } */

Not detected;

3. PHP extension fileinfo (needs to be installed and enabled)

$data = $_FILES['userfile']; $filename = $data['tmp_name']; $finfo = finfo_open(FILEINFO_MIME_TYPE);//返回 mime 类型。 自 PHP 5.3.0 可用。 $mimetype = finfo_file($finfo, $filename); finfo_close($finfo); var_dump($mimetype); /**结果**/ //string(10) "text/plain"

Yes! Can! Can! It is detected that the file mime type is not a jpg!

For more related php knowledge, please visitphp tutorial!

The above is the detailed content of PHP identifies file camouflage (file upload). For more information, please follow other related articles on the PHP Chinese website!

php
Statement:
This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete