Prevent uploading .sh files to server uisng php
Currently in my code the extension of the files is checked before it is uploaded to the server. I need to check the content of the files too before uploading it to server. I have used the following code
$FileName = $_FILES[$imageInput]['name']; $finfo = finfo_open(FILEINFO_MIME_TYPE); $mtype = finfo_file($finfo, $FileName);
$mtype is correctly identified for all image type like .png , .jpg but it doesn't recognised .sh files. How can I check this using php? Some one please help.
You can block various files to be executed via .htaccess
. For example you can place this
<FilesMatch ".(sh|cgi.+)$">
ForceType text/plain
</FilesMatch>
This will ensure files in the folder will return as text/plain
If you want you can detect mime type as you detect for images. Mime type for .sh
is
application/x-sh
application/x-csh
text/x-shellscript
链接地址: http://www.djcxy.com/p/45534.html