mirror of
https://gitee.com/ulthon/ulthon_admin.git
synced 2026-07-01 15:32:48 +08:00
禁止上传php或者图片混合php木马
This commit is contained in:
@@ -35,6 +35,20 @@ class Files extends BaseController
|
||||
|
||||
$file = request()->file('file');
|
||||
|
||||
$file_extension = $file->extension();
|
||||
|
||||
if($file_extension == 'php'){
|
||||
return json_message('上传文件异常');
|
||||
}
|
||||
|
||||
$file_path = $file->getRealPath();
|
||||
|
||||
$file_content = file_get_contents($file_path);
|
||||
|
||||
if(strpos($file_content,'<?php') !== false){
|
||||
return json_message('上传文件异常');
|
||||
}
|
||||
|
||||
if(empty($file)){
|
||||
return json_message('上传失败');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user