PHP 检查文件是否为图像
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15408125/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP check if file is an image
提问by sf89
Is there a way to make sure a received file is an image in PHP?
有没有办法确保收到的文件是PHP.
Testing for the extension doesn't sound very secure to me as you could upload a scriptand change its extension to whatever you want.
测试扩展对我来说听起来不是很安全,因为您可以上传一个script并将其扩展更改为您想要的任何内容。
I've tried to use getimagesizetoo, but there might be something more suited for that particular problem.
我也尝试使用getimagesize,但可能有更适合该特定问题的东西。
采纳答案by Dead Man
Native way to get the mimetype:
获取 mimetype 的原生方式:
For PHP < 5.3 use mime_content_type()
For PHP >= 5.3 use finfo_open()or mime_content_type()
对于 PHP < 5.3 使用mime_content_type()
对于 PHP >= 5.3 使用finfo_open()或mime_content_type()
Alternatives to get the MimeType are exif_imagetypeand getimagesize, but these rely on having the appropriate libs installed. In addition, they will likely just return image mimetypes, instead of the whole list given in magic.mime.
获取 MimeType 的替代方法是exif_imagetype和getimagesize,但这些依赖于安装了适当的库。此外,它们可能只会返回图像 mimetypes,而不是在magic.mime中给出的整个列表。
While mime_content_typeis available from PHP 4.3 and is part of the FileInfo extension (which is enabled by default since PHP 5.3, except for Windows platforms, where it must be enabled manually, for details see here).
虽然mime_content_type可从 PHP 4.3 获得,并且是 FileInfo 扩展的一部分(自 PHP 5.3 起默认启用,Windows 平台除外,必须手动启用它,有关详细信息,请参见此处)。
If you don't want to bother about what is available on your system, just wrap all four functions into a proxy method that delegates the function call to whatever is available, e.g.
如果您不想打扰系统上可用的内容,只需将所有四个函数包装到一个代理方法中,该方法将函数调用委托给可用的任何内容,例如
function getMimeType($filename)
{
$mimetype = false;
if(function_exists('finfo_open')) {
// open with FileInfo
} elseif(function_exists('getimagesize')) {
// open with GD
} elseif(function_exists('exif_imagetype')) {
// open with EXIF
} elseif(function_exists('mime_content_type')) {
$mimetype = mime_content_type($filename);
}
return $mimetype;
}
回答by George Mickleburgh
The getimagesize()should be the most definite way of working out whether the file is an image:
在和getimagesize()应制定文件是否是一个图像的最明确的方式:
if(@is_array(getimagesize($mediapath))){
$image = true;
} else {
$image = false;
}
because this is a sample getimagesize()output:
因为这是一个示例getimagesize()输出:
Array (
[0] => 800
[1] => 450
[2] => 2
[3] => width="800" height="450"
[bits] => 8
[channels] => 3
[mime] => image/jpeg)
回答by Sheen
Using file extension and getimagesizefunction to detect if uploaded file has right format is just the entry level check and it can simply bypass by uploading a file with true extension and some byte of an image header but wrong content.
使用文件扩展名和getimagesize函数来检测上传的文件是否具有正确的格式只是入门级检查,它可以通过上传具有真实扩展名的文件和图像标题的某些字节但内容错误来绕过。
for being secure and safe you may make thumbnail/resize (even with original image sizes) the uploaded picture and save this version instead the uploaded one.
Also its possible to get uploaded file content and search it for special character like <?phpto find the file is image or not.
为了安全起见,您可以对上传的图片进行缩略图/调整大小(即使是原始图像大小)并保存此版本而不是上传的版本。还可以获取上传的文件内容并搜索特殊字符,例如<?php查找文件是否为图像。
