php检测下传excel文件类型
php检测上传excel文件类型
前言
介绍一种比较高端检测上传文件类型的方法,可以防止后缀名修改等低端的检测错误,有耐心的同学可以参考一下,我会封装成类供调用
MIME类型
在把输出结果传送到浏览器上的时候,浏览器必须启动适当的应用程序来处理这个输出文档。这可以通过多种类型MIME(multipurpose internet mail extensions)来完成。在http中,MIME类型被定义在content-type header中。
例如,如果客户端上传一个excel文件到服务器上,那么这是的mime类型就是“application/vnd.ms-excel”。在php中,可以通过$_FILE["type"]获得上传文件类型。
最早的HTTP协议中,并没有附加的数据类型信息,所有传送的数据都被客户端解释为HTML文档,而为了支持多媒体数据类型,HTTP协议中就使用了附加在文档之前的MIME数据类型信息来标识数据类型。
每个MIME类型由两部分组成,前面是数据的大类别,后面定义具体的种类。(具体可以查询mime类型表)
文件检测弊端
- 文件扩展名检测漏洞(ps:文件扩展名可以被任意伪造)
- 文件MIME类型判断不能使用$_FILES['userfile']['type'](ps:根据PHP官方的文档说明,该值完全可以被伪造!黑客只需修改浏览器的post请求头即可绕过这段代码检查,进而上传任意类型的文件!)
检测方法(针对excel)
- 通过文件扩展名判断是03的excel文件还是07的excel文件
- 根据不同的文件,获取不同文件的二进制数据,和file_signature进行对比,我截了03和07的excel的二进制数据图,大家可以参考一下,工具是madedit
- 03的excel
-
- 07的excel(07可以参考zip检测)
-
检测程序
/**
* Detect upload file type
*
* @param array $file
* @return bool $flag
*/
private function detectUploadFileMIME($file) {
// 1.through the file extension judgement 03 or 07
$flag = 0;
$file_array = explode ( ".", $file ["name"] );
$file_extension = strtolower ( array_pop ( $file_array ) );
// 2.through the binary content to detect the file
switch ($file_extension) {
case "xls" :
// 2003 excel
$fh = fopen ( $file ["tmp_name"], "rb" );
$bin = fread ( $fh, 8 );
fclose ( $fh );
$strinfo = @unpack ( "C8chars", $bin );
$typecode = "";
foreach ( $strinfo as $num ) {
$typecode .= dechex ( $num );
}
if ($typecode == "d0cf11e0a1b11ae1") {
$flag = 1;
}
break;
case "xlsx" :
// 2007 excel
$fh = fopen ( $file ["tmp_name"], "rb" );
$bin = fread ( $fh, 4 );
fclose ( $fh );
$strinfo = @unpack ( "C4chars", $bin );
$typecode = "";
foreach ( $strinfo as $num ) {
$typecode .= dechex ( $num );
}
echo $typecode;
if ($typecode == "504b34") {
$flag = 1;
}
break;
}
// 3.return the flag
return $flag;
}参考链接
文件类型对照表
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to filter more than 3 keywords at the same time in excel
Mar 21, 2024 pm 03:16 PM
Excel is often used to process data in daily office work, and it is often necessary to use the "filter" function. When we choose to perform "filtering" in Excel, we can only filter up to two conditions for the same column. So, do you know how to filter more than 3 keywords at the same time in Excel? Next, let me demonstrate it to you. The first method is to gradually add the conditions to the filter. If you want to filter out three qualifying details at the same time, you first need to filter out one of them step by step. At the beginning, you can first filter out employees with the surname "Wang" based on the conditions. Then click [OK], and then check [Add current selection to filter] in the filter results. The steps are as follows. Similarly, perform filtering separately again
What should I do if the frame line disappears when printing in Excel?
Mar 21, 2024 am 09:50 AM
If when opening a file that needs to be printed, we will find that the table frame line has disappeared for some reason in the print preview. When encountering such a situation, we must deal with it in time. If this also appears in your print file If you have questions like this, then join the editor to learn the following course: What should I do if the frame line disappears when printing a table in Excel? 1. Open a file that needs to be printed, as shown in the figure below. 2. Select all required content areas, as shown in the figure below. 3. Right-click the mouse and select the "Format Cells" option, as shown in the figure below. 4. Click the “Border” option at the top of the window, as shown in the figure below. 5. Select the thin solid line pattern in the line style on the left, as shown in the figure below. 6. Select "Outer Border"
How to change excel table compatibility mode to normal mode
Mar 20, 2024 pm 08:01 PM
In our daily work and study, we copy Excel files from others, open them to add content or re-edit them, and then save them. Sometimes a compatibility check dialog box will appear, which is very troublesome. I don’t know Excel software. , can it be changed to normal mode? So below, the editor will bring you detailed steps to solve this problem, let us learn together. Finally, be sure to remember to save it. 1. Open a worksheet and display an additional compatibility mode in the name of the worksheet, as shown in the figure. 2. In this worksheet, after modifying the content and saving it, the dialog box of the compatibility checker always pops up. It is very troublesome to see this page, as shown in the figure. 3. Click the Office button, click Save As, and then
How to type subscript in excel
Mar 20, 2024 am 11:31 AM
eWe often use Excel to make some data tables and the like. Sometimes when entering parameter values, we need to superscript or subscript a certain number. For example, mathematical formulas are often used. So how do you type the subscript in Excel? ?Let’s take a look at the detailed steps: 1. Superscript method: 1. First, enter a3 (3 is superscript) in Excel. 2. Select the number "3", right-click and select "Format Cells". 3. Click "Superscript" and then "OK". 4. Look, the effect is like this. 2. Subscript method: 1. Similar to the superscript setting method, enter "ln310" (3 is the subscript) in the cell, select the number "3", right-click and select "Format Cells". 2. Check "Subscript" and click "OK"
How to set superscript in excel
Mar 20, 2024 pm 04:30 PM
When processing data, sometimes we encounter data that contains various symbols such as multiples, temperatures, etc. Do you know how to set superscripts in Excel? When we use Excel to process data, if we do not set superscripts, it will make it more troublesome to enter a lot of our data. Today, the editor will bring you the specific setting method of excel superscript. 1. First, let us open the Microsoft Office Excel document on the desktop and select the text that needs to be modified into superscript, as shown in the figure. 2. Then, right-click and select the "Format Cells" option in the menu that appears after clicking, as shown in the figure. 3. Next, in the “Format Cells” dialog box that pops up automatically
How to use the iif function in excel
Mar 20, 2024 pm 06:10 PM
Most users use Excel to process table data. In fact, Excel also has a VBA program. Apart from experts, not many users have used this function. The iif function is often used when writing in VBA. It is actually the same as if The functions of the functions are similar. Let me introduce to you the usage of the iif function. There are iif functions in SQL statements and VBA code in Excel. The iif function is similar to the IF function in the excel worksheet. It performs true and false value judgment and returns different results based on the logically calculated true and false values. IF function usage is (condition, yes, no). IF statement and IIF function in VBA. The former IF statement is a control statement that can execute different statements according to conditions. The latter
Where to set excel reading mode
Mar 21, 2024 am 08:40 AM
In the study of software, we are accustomed to using excel, not only because it is convenient, but also because it can meet a variety of formats needed in actual work, and excel is very flexible to use, and there is a mode that is convenient for reading. Today I brought For everyone: where to set the excel reading mode. 1. Turn on the computer, then open the Excel application and find the target data. 2. There are two ways to set the reading mode in Excel. The first one: In Excel, there are a large number of convenient processing methods distributed in the Excel layout. In the lower right corner of Excel, there is a shortcut to set the reading mode. Find the pattern of the cross mark and click it to enter the reading mode. There is a small three-dimensional mark on the right side of the cross mark.
How to insert excel icons into PPT slides
Mar 26, 2024 pm 05:40 PM
1. Open the PPT and turn the page to the page where you need to insert the excel icon. Click the Insert tab. 2. Click [Object]. 3. The following dialog box will pop up. 4. Click [Create from file] and click [Browse]. 5. Select the excel table to be inserted. 6. Click OK and the following page will pop up. 7. Check [Show as icon]. 8. Click OK.
