在PHP中如何通过unpack来准确获取文件格式
目的:识别用户上传的XML
问题1:用户上传的XML可能存在修改后缀的情况,即本身是脚本语言,却伪装成XML,例如PHP
已解决:那么我通过下面的代码来准确获取文件后缀
问题2:代码是通过fread读取文件头两字节,在识别图片方面非常好使,但是在区别xml和PHP方面却不是很清晰了,因为他们头两个字节都是'',请问如何处理呢?
<code> if (($fp = fopen($this->path, 'rb')) == FALSE)
{
throw new \Exception('打开文件失败。');
}
if (!($read = fread($fp, 2)))
{
throw new \Exception('文件内容读取为空或读取失败');
};
$info = unpack('C2chars', $read);
$code = intval($info['chars1'].$info['chars2']);
fclose($fp);
switch ($code)
{
case 3780: return 'pdf';
case 5666: return 'psd';
case 6033: return 'html';
case 6063: return 'xml'; // php
default: throw new \Exception('文件格式超出了系统识别范围。');
}
</code>回复内容:
目的:识别用户上传的XML
问题1:用户上传的XML可能存在修改后缀的情况,即本身是脚本语言,却伪装成XML,例如PHP
已解决:那么我通过下面的代码来准确获取文件后缀
问题2:代码是通过fread读取文件头两字节,在识别图片方面非常好使,但是在区别xml和PHP方面却不是很清晰了,因为他们头两个字节都是'',请问如何处理呢?
<code> if (($fp = fopen($this->path, 'rb')) == FALSE)
{
throw new \Exception('打开文件失败。');
}
if (!($read = fread($fp, 2)))
{
throw new \Exception('文件内容读取为空或读取失败');
};
$info = unpack('C2chars', $read);
$code = intval($info['chars1'].$info['chars2']);
fclose($fp);
switch ($code)
{
case 3780: return 'pdf';
case 5666: return 'psd';
case 6033: return 'html';
case 6063: return 'xml'; // php
default: throw new \Exception('文件格式超出了系统识别范围。');
}
</code>
其实我觉得没你想的那么复杂啊,不要太在意后缀这个问题嘛,关键是文件内容。你只要用XML类解析就好咯,比如simplexml,如果不是规范的XML文档的话是会返回false的,另外最后也可以将内容全部转换为string防止文件内代码的执行。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
CakePHP Project Configuration
Sep 10, 2024 pm 05:25 PM
In this chapter, we will understand the Environment Variables, General Configuration, Database Configuration and Email Configuration in CakePHP.
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
CakePHP Date and Time
Sep 10, 2024 pm 05:27 PM
To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.
CakePHP File upload
Sep 10, 2024 pm 05:27 PM
To work on file upload we are going to use the form helper. Here, is an example for file upload.
Discuss CakePHP
Sep 10, 2024 pm 05:28 PM
CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu
CakePHP Routing
Sep 10, 2024 pm 05:25 PM
In this chapter, we are going to learn the following topics related to routing ?
CakePHP Working with Database
Sep 10, 2024 pm 05:25 PM
Working with database in CakePHP is very easy. We will understand the CRUD (Create, Read, Update, Delete) operations in this chapter.
CakePHP Creating Validators
Sep 10, 2024 pm 05:26 PM
Validator can be created by adding the following two lines in the controller.
