Prevent uploading .sh files to server uisng php

Currently in my code the extension of the files is checked before it is uploaded to the server. I need to check the content of the files too before uploading it to server. I have used the following code


    $FileName = $_FILES[$imageInput]['name'];
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mtype = finfo_file($finfo, $FileName);

$mtype is correctly identified for all image type like .png , .jpg but it doesn't recognised .sh files. How can I check this using php? Some one please help.


You can block various files to be executed via .htaccess . For example you can place this

<FilesMatch ".(sh|cgi.+)$">
    ForceType text/plain
</FilesMatch>

This will ensure files in the folder will return as text/plain

If you want you can detect mime type as you detect for images. Mime type for .sh is

application/x-sh
application/x-csh
text/x-shellscript
链接地址: http://www.djcxy.com/p/45534.html

上一篇: Codeigniter上传不接受.doc文件

下一篇: 防止上传.sh文件到服务器uisng php