PHP图像上传安全性-gd/imagick/move_Upload_文件
我目前上传图像的编码 如果我的代码是可破解的,让我知道你将如何做到这一点。我会在我的服务器上亲自尝试PHP图像上传安全性-gd/imagick/move_Upload_文件,php,imagick,Php,Imagick,我目前上传图像的编码 如果我的代码是可破解的,让我知道你将如何做到这一点。我会在我的服务器上亲自尝试 if ((strtolower($_FILES["user_image"]["type"]) == "image/jpeg" || strtolower($_FILES["user_image"]["type"]) == "image/pjpeg" || strtolower($_FILES["user_image"]["type"]) == "image/gif" || strtolower(
if ((strtolower($_FILES["user_image"]["type"]) == "image/jpeg" || strtolower($_FILES["user_image"]["type"]) == "image/pjpeg" || strtolower($_FILES["user_image"]["type"]) == "image/gif" || strtolower($_FILES["user_image"]["type"]) == "image/x-png" || strtolower($_FILES["user_image"]["type"]) == "image/png") && ($_FILES["user_image"]["size"] < 4194304)) {
if(strtolower($_FILES["user_image"]["type"]) == "image/jpeg" || strtolower($_FILES["user_image"]["type"]) == "image/pjpeg"){
$image_source = imagecreatefromjpeg($_FILES["user_image"]["tmp_name"]);
}
// if uploaded image was GIF
if(strtolower($_FILES["user_image"]["type"]) == "image/gif"){
$image_source = imagecreatefromgif($_FILES["user_image"]["tmp_name"]);
}
// if uploaded image was PNG
if(strtolower($_FILES["user_image"]["type"]) == "image/x-png" || strtolower($_FILES["user_image"]["type"]) == "image/png"){
$image_source = imagecreatefrompng($_FILES["user_image"]["tmp_name"]);
}
或者我需要将它们结合起来以安全的方式上传文件吗?对于Nginx,要禁用脚本执行,您的方式是正确的。要禁止使用更多脚本类型
location ~* ^/(upload|images|more_dirs)/.*\.(php|php5|sh|more_types)$
{
deny all;
}
location ~* ^/(upload|images|more_dirs)/.*\.(php|php5|sh|more_types)$
{
deny all;
}