开发者

Restrict name of uploaded file

问答 作者:

I am using the following code for user to upload an image.

if ((($_FILES["companylogofile"]["type"] == "image/jpeg")
|| ($_FILES["companylogofile"]["type"] == "image/pjpeg"))
&& ($_FILES["companylogofile"]["size"] < 75000))
  {
  if ($_FILES["companylogofile"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["companylogofile"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["companylogofile"]["name"] . "<br />";
    echo "Type: " . $_FILES["companylogofile"]["type"] . "<br />";
    echo "Size: " . ($_FILES["companylogofile"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["companylogofile"]["tmp_name"] . "<br />";

    if (file_exists("Template/" . $_FILES["companylogofile"]["name"]))
      {
      echo $_FILES["companylogofile"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["companylogofile"]["tmp_name"],
      "Template/" . $_FILES["companylogofile"]["name"]);
      }
    }
  }
else
  {
  echo "Invalid file";
  }

As you can see I only accept .jpeg files to be upload with a restriction on size. What I also need to do is add a restrictio开发者_运维百科n to the name of the file they are upload. Basically I want to only allow files to be uploaded if they are named say: Logo. Is there a way to put a restriction on the name of the files being uploaded?

Thanks!

if (!preg_match("/logo/i", $_FILES["companylogofile"]["name"])) die("File have to contain 'logo' in name");

if you're looking exactly for "Logo.jpg", it is achievable by 

if ("Logo.jpg" != $_FILES["companylogofile"]["name"]) die("File have to contain 'logo' in name");

Yes there is definitely a way to put a restriction on string formats. I would recommend you look into using PERL regular expressions via PHP using preg_match http://php.net/manual/en/function.preg-match.php

If you haven't used regular expressions before, they are simply a way to test against string formatting via a condensed syntax. A GREAT place to get started with regular expressions can be found here: http://www.addedbytes.com/cheat-sheets/regular-expressions-cheat-sheet/

What constitutes a 'bad' file" Logo3? logo-with-some-long-rambling-filename?

function isValidFileName($filename) {
   ... what do you want here?
}

if (!isValidFileName($_FILES['companylogoimage']['name'])) {
   die("Ooops, bad filename");
}

Just FYI: Don't use the ['type'] value in the $_FILES array for validation. That's the mime-type of the file as provided by the user - it can be easily changed to lie to you. Use something like getimagesize() to make the server determine the image's type.

Yes, just test $_FILES['companylogofile']['name']. Example:

if (false === strpos(strtolower($_FILES['companylogofile']['name']), 'logo')) {
    echo 'Error!';
    unlink($_FILES['companylogofile']['tmp_name'];
    return;
}

But, why would you want to put such an annoying restriction on the upload? I hope you're not thinking it will make it ore secure or anything?

继续阅读:file-uploadphprestriction

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9