我正在尝试在前端为 WordPress 用户制作上传头像图像。我正在使用这个代码
$files = $_FILES['post_files'];
foreach($files as $file){
if(is_array($file)){
$uploaded_file_type = $file['type'];
$allowed_file_types = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif');
if(!in_array($uploaded_file_type, $allowed_file_types)) {
$errors['image_empty'] = __( 'this image is not valid', 'themename' );
}
}
}
它不允许上传 php 文件,但如果他们将 php 文件扩展名更改为 png 或 jpeg,他们可以将 php 文件上传到我的服务器。我尝试使用
getimagesize()谢谢各位的解答
如果您使用 WordPress 图像上传器(媒体上传器与),请使用此:
禁用任何文件格式:
add_filter('upload_mimes','remove_mime_types');
function remove_mime_types($mimes){
unset( $mimes['mp4'] );
}
启用任何文件格式:
add_filter('upload_mimes','add_custom_mime_types');
function add_custom_mime_types($mimes){
return array_merge($mimes,array (
'ac3' => 'audio/ac3',
'mpa' => 'audio/MPA',
'flv' => 'video/x-flv',
'svg' => 'image/svg+xml'
));
}
了解更多信息,请访问 paulund 的文章:https://paulund.co.uk/change-wordpress-upload-mime-types
试试这个
$files = $_FILES['post_files'];
foreach ($files['tmp_name'] as $key => $tmp_name) { $uploaded_file_type = $files['type'][$key]; $allowed_file_types = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif');
// Check if file type is allowed
if (!in_array($uploaded_file_type, $allowed_file_types)) {
$errors['image_empty'] = __('This image is not valid', 'themename');
continue;
}
// Check if the file is really an image using getimagesize()
$image_info = getimagesize($tmp_name);
if ($image_info === false) {
$errors['image_empty'] = __('This file is not an image', 'themename');
continue;
}
}