0
在这种情况下我想安全上传pdf, doc, docx, ppt, pptx, xls, xlsx, rar, zip
防止任意文件上传尤其是web shell或任何恶意脚本。Laravel 5安全上传文档文件
问题是我如何验证文件,是否安全上传?从样改变MIME类型篡改数据旁路预防,有多个扩展名重命名文件,在文件名中,小写和大写的文件扩展名等使用;
和空间
我的控制器代码看起来象
public function fileUpload(){
$ext = ['pdf', 'doc', 'ppt', 'xls', 'docx', 'pptx', 'xlsx', 'rar', 'zip'];
$data = Request::all();
$name = $data['file']->getClientOriginalName();
$rules = [
'file' => 'required'
];
$v = Validator::make($data, $rules);
if($v->passes()){
// Check safe file validation
// should here or something? and how to prevent bypass
// arbitrary file upload especially evil script.
$data['file']->move(public_path('assets/uploads'), $name);
return 'file uploaded';
}else{
return 'file upload failed';
}
}