📄 uploader.php
字号:
}
/**
* Get the temporary name that the uploaded file was stored under
*
* @return string
**/
function getMediaTmpName()
{
return $this->mediaTmpName;
}
/**
* Get the saved filename
*
* @return string
**/
function getSavedFileName(){
return $this->savedFileName;
}
/**
* Get the destination the file is saved to
*
* @return string
**/
function getSavedDestination(){
return $this->savedDestination;
}
/**
* Check the file and copy it to the destination
*
* @return bool
**/
function upload($chmod = 0644)
{
if ($this->uploadDir == '') {
$this->setErrors(_ER_UP_UPLOADDIRNOTSET);
return false;
}
if (!is_dir($this->uploadDir)) {
$this->setErrors(sprintf(_ER_UP_FAILEDOPENDIR, $this->uploadDir));
return false;
}
if (!is_writeable($this->uploadDir)) {
$this->setErrors(sprintf(_ER_UP_FAILEDOPENDIRWRITE, $this->uploadDir));
return false;
}
$this->sanitizeMultipleExtensions();
if (!$this->checkMaxFileSize()) {
return false;
}
if (!$this->checkMaxWidth()) {
return false;
}
if (!$this->checkMaxHeight()) {
return false;
}
if (!$this->checkMimeType()) {
return false;
}
if (!$this->checkImageType()) {
return false;
}
if (count($this->errors) > 0) {
return false;
}
return $this->_copyFile($chmod);
}
/**
* Copy the file to its destination
*
* @return bool
**/
function _copyFile($chmod)
{
$matched = array();
if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) {
$this->setErrors(_ER_UP_INVALIDFILENAME);
return false;
}
if (isset($this->targetFileName)) {
$this->savedFileName = $this->targetFileName;
} elseif (isset($this->prefix)) {
$this->savedFileName = uniqid($this->prefix).'.'.strtolower($matched[1]);
} else {
$this->savedFileName = strtolower($this->mediaName);
}
$this->savedDestination = $this->uploadDir.'/'.$this->savedFileName;
if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
$this->setErrors(sprintf(_ER_UP_FAILEDSAVEFILE, $this->savedDestination));
return false;
}
// Check IE XSS before returning success
$ext = strtolower( substr( strrchr( $this->savedDestination , '.' ) , 1 ) ) ;
if( in_array( $ext , $this->imageExtensions ) ) {
$info = @getimagesize( $this->savedDestination ) ;
if( $info === false || $this->imageExtensions[ (int)$info[2] ] != $ext ) {
$this->setErrors( _ER_UP_SUSPICIOUSREFUSED );
@unlink( $this->savedDestination );
return false;
}
}
@chmod($this->savedDestination, $chmod);
return true;
}
/**
* Is the file the right size?
*
* @return bool
**/
function checkMaxFileSize()
{
if (!isset($this->maxFileSize)) {
return true;
}
if ($this->mediaSize > $this->maxFileSize) {
$this->setErrors(sprintf(_ER_UP_FILESIZETOOLARGE, $this->maxFileSize, $this->mediaSize));
return false;
}
return true;
}
/**
* Is the picture the right width?
*
* @return bool
**/
function checkMaxWidth()
{
if (!isset($this->maxWidth)) {
return true;
}
if (false !== $dimension = getimagesize($this->mediaTmpName)) {
if ($dimension[0] > $this->maxWidth) {
$this->setErrors(sprintf(_ER_UP_FILEWIDTHTOOLARGE, $this->maxWidth, $dimension[0]));
return false;
}
} else {
trigger_error(sprintf(_ER_UP_FAILEDFETCHIMAGESIZE, $this->mediaTmpName), E_USER_WARNING);
}
return true;
}
/**
* Is the picture the right height?
*
* @return bool
**/
function checkMaxHeight()
{
if (!isset($this->maxHeight)) {
return true;
}
if (false !== $dimension = getimagesize($this->mediaTmpName)) {
if ($dimension[1] > $this->maxHeight) {
$this->setErrors(sprintf(_ER_UP_FILEHEIGHTTOOLARGE, $this->maxHeight, $dimension[1]));
return false;
}
} else {
trigger_error(sprintf(_ER_UP_FAILEDFETCHIMAGESIZE, $this->mediaTmpName), E_USER_WARNING);
}
return true;
}
/**
* Check whether or not the uploaded file type is allowed
*
* @return bool
**/
function checkMimeType()
{
if ( empty( $this->mediaRealType ) && empty($this->allowUnknownTypes) ) {
$this->setErrors( _ER_UP_UNKNOWNFILETYPEREJECTED );
return false;
}
if ( ( !empty($this->allowedMimeTypes) && !in_array($this->mediaRealType, $this->allowedMimeTypes) )
|| ( !empty($this->deniedMimeTypes) && in_array($this->mediaRealType, $this->deniedMimeTypes) ) ) {
$this->setErrors(sprintf(_ER_UP_MIMETYPENOTALLOWED, $this->mediaType));
return false;
}
return true;
}
/**
* Check whether or not the uploaded image type is valid
*
* @return bool
**/
function checkImageType()
{
if(empty($this->checkImageType)) return true;
if( ("image" == substr($this->mediaType, 0, strpos($this->mediaType, "/"))) ||
(!empty($this->mediaRealType) && "image" == substr($this->mediaRealType, 0, strpos($this->mediaRealType, "/")))
){
if ( ! ( $info = @getimagesize( $this->mediaTmpName ) ) ) {
$this->setErrors(_ER_UP_INVALIDIMAGEFILE);
return false;
}
}
return true;
}
/**
* Sanitize executable filename with multiple extensions
*
**/
function sanitizeMultipleExtensions()
{
if(empty($this->extensionsToBeSanitized)) return;
$patterns = array();
$replaces = array();
foreach($this->extensionsToBeSanitized as $ext){
$patterns[] = "/\.".preg_quote($ext)."\./i";
$replaces[] = "_".$ext.".";
}
$this->mediaName = preg_replace($patterns, $replaces, $this->mediaName);
}
/**
* Add an error
*
* @param string $error
**/
function setErrors($error)
{
$this->errors[] = trim($error);
}
/**
* Get generated errors
*
* @param bool $ashtml Format using HTML?
*
* @return array|string Array of array messages OR HTML string
*/
function &getErrors($ashtml = true)
{
if (!$ashtml) {
return $this->errors;
} else {
$ret = '';
if (count($this->errors) > 0) {
$ret = '<h4>'._ER_UP_ERRORSRETURNED.'</h4>';
foreach ($this->errors as $error) {
$ret .= $error.'<br />';
}
}
return $ret;
}
}
}
?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -