图片上传安全处理,防止图片木马

feat/task1-c-wallet
devil_gong 2019-02-19 16:18:31 +08:00
parent 9e078e36f3
commit 89bd63c318
1 changed files with 26 additions and 4 deletions

View File

@ -43,7 +43,7 @@ class Uploader
"ERROR_TYPE_NOT_ALLOWED" => "文件类型不允许",
"ERROR_CREATE_DIR" => "目录创建失败",
"ERROR_DIR_NOT_WRITEABLE" => "目录没有写权限",
"ERROR_FILE_MOVE" => "文件保存出错",
"ERROR_FILE_MOVE" => "保存出错,图片有误",
"ERROR_FILE_NOT_FOUND" => "找不到上传文件",
"ERROR_WRITE_CONTENT" => "写入文件内容错误",
"ERROR_UNKNOWN" => "未知错误",
@ -126,10 +126,32 @@ class Uploader
return;
}
//移动文件
if (!(move_uploaded_file($file["tmp_name"], $this->filePath) && file_exists($this->filePath))) { //移动失败
// 存储图片、使用GD存储图片、防止图片包含木马
switch($this->fileType)
{
case '.png':
$image = imagecreatefrompng($file["tmp_name"]); //PNG
imagesavealpha($image, true); //这里很重要 意思是不要丢了$sourePic图像的透明色;
$width = imagesx($image); //图宽度
$heigh = imagesy($image); //图高度
$thumb = imagecreatetruecolor($width, $heigh);
imagealphablending($thumb, false); //这里很重要,意思是不合并颜色,直接用$img图像颜色替换,包括透明色;
imagesavealpha($thumb, true); //这里很重要,意思是不要丢了$thumb图像的透明色;
if(imagecopyresampled($thumb, $image, 0, 0, 0, 0, $width, $heigh, $width, $heigh))
{
imagepng($thumb, $this->filePath);
}
break;
case '.gif':
@imagegif(@imagecreatefromgif($file["tmp_name"]), $this->filePath);
break;
default:
@imagejpeg(@imagecreatefromjpeg($file["tmp_name"]), $this->filePath, 80);
}
if(!file_exists($this->filePath))
{
$this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE");
} else { //移动成功
} else {
$this->stateInfo = $this->stateMap[0];
}
}