0

我正在使用 PHP 处理将 .jpg、.gif、.jpeg、.png、.zip 和 .rar 文件上传到upload/目录的过程。只允许授权用户(具有给定密码)上传文件。我已经为文件夹upload/所有权www-data:www-data提供了适当的访问权限,所以这不是问题。

上传效果很好,只要我直接在服务器上通过网站上传,该服务器托管整个网站并且其 IP 与某个域相关联。如果我转到另一台计算机并尝试通过网站将 zip 文件上传到服务器,我会收到一条Invalid file消息,但没有任何内容被上传或存储在数据库中。这是我的代码:

$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["fajl"]["name"]));
$allowedExts1 = array("zip", "rar");
$extension1 = end(explode(".", $_FILES["fajl"]["name"]));
if ((($_FILES["fajl"]["type"] == "image/gif")
    || ($_FILES["fajl"]["type"] == "image/jpeg")
|| ($_FILES["fajl"]["type"] == "image/png")
|| ($_FILES["fajl"]["type"] == "image/pjpeg"))
    && ($_FILES["fajl"]["size"] < 4000000)
    && in_array($extension, $allowedExts))
{
    if ($_FILES["fajl"]["error"] > 0)
    {
        echo "Return Code: " . $_FILES["fajl"]["error"] . "<br />";
    }
    else
    {
        echo "Upload: " . $_FILES["fajl"]["name"] . "<br />";
        echo "Type: " . $_FILES["fajl"]["type"] . "<br />";
        echo "Size: " . ($_FILES["fajl"]["size"] / 1024) . " KB<br />";
        echo "Temp file: " . $_FILES["fajl"]["tmp_name"] . "<br />";

        if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"]))
        {
            echo $_FILES["fajl"]["name"] . " already exists. ";
        }
        else
        {
            move_uploaded_file($_FILES["fajl"]["tmp_name"], $_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"]);
            echo "Stored in: " . $_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"];
            $pomlokacijasl='/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"];
            $query22 = "INSERT INTO `slike` (navig, slik) VALUES ('$nav', '$pomlokacijasl')";
            $query22 = mysql_query($query22) or trigger_error ("Error in query: $query22. ".mysql_error());
            mysql_free_result($query22);
        }
    }
}
else if ((($_FILES["fajl"]["type"] == "application/x-rar-compressed")
    || ($_FILES["fajl"]["type"] == "application/zip"))
    && ($_FILES["fajl"]["size"] < 25000000)
    && in_array($extension1, $allowedExts1)) 
{
    if ($_FILES["fajl"]["error"] > 0)
    {
        echo "Return Code: " . $_FILES["fajl"]["error"] . "<br />";
    }
    else
    {
        echo "Upload: " . $_FILES["fajl"]["name"] . "<br />";
        echo "Type: " . $_FILES["fajl"]["type"] . "<br />";
        echo "Size: " . ($_FILES["fajl"]["size"] / 1024) . " KB<br />";
        echo "Temp file: " . $_FILES["fajl"]["tmp_name"] . "<br />";

        if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"]))
        {
            echo $_FILES["fajl"]["name"] . " already exists. ";
        }
        else
        {
            move_uploaded_file($_FILES["fajl"]["tmp_name"], $_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"]);
            echo "Stored in: " . $_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"];
            $pomlokacijadat='/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"];
            $query22 = "INSERT INTO `datoteke` (navig, dat) VALUES ('$nav', '$pomlokacijadat')";
            $query22 = mysql_query($query22) or trigger_error ("Error in query: $query22. ".mysql_error());
            mysql_free_result($query22);
        }
    }
}
else
{
    echo "Invalid file";
}

我该如何解决这个问题?追加$_SERVER('DOCUMENT_ROOT')工作$_SERVER('SERVER_NAME')吗?

4

1 回答 1

2

您的 MIME 类型检查排除了 zip 文件的一些有效类型。它因浏览器而异,但最常见的类型是:

application/zip   
application/x-zip
application/octet-stream
application/x-zip-compressed

您应该允许所有这些在您的检查。要匹配其余代码,请将其设置为:

$allowedCompressedTypes = array("application/x-rar-compressed", "application/zip", "application/x-zip", "application/octet-stream", "application/x-zip-compressed");

else if (in_array($_FILES["fajl"]["type"], $allowedCompressedTypes)
    && ($_FILES["fajl"]["size"] < 25000000)
    && in_array($extension1, $allowedExts1)) {
于 2012-10-12T04:00:09.300 回答