08c11-2.php

来自「介绍PHP5的给类型函数应用」· PHP 代码 · 共 33 行

<?php
// For safety, we need to make sure that the file passed in does not
// start with a '/', nor does it ever contain '..'.  This way we
// can ensure that someone doesn't use this to leave the document tree:
$file = $_GET['file'];
if (($file{0} == '/') || (strstr($file, '..') !== false)) {
	exit("ERROR: Attempt to navigate directory tree detected!");
}

// Now we need to try to detect the file type from the ending provided
// so that we can return the proper Content-Type:
$parts = pathinfo($file);
switch (strtolower($parts['extension'])) {
	case 'gif':
		header('Content-type: image/gif');
		break;
	case 'jpg':
	case 'jpeg':
		header('Content-type: image/jpeg');
		break;
	case 'png':
		header('Content-type: image/png');
		break;
	case 'html':
		header('Content-type: text/html');
		break;
	default:
		exit("ERROR: Unsupported filetype accessed!");
}

// If we made it this far, then go ahead and return the file:
readgzfile("{$file}.gz");
?>