mirror of
https://gitee.com/zoujingli/ThinkAdmin.git
synced 2025-04-06 03:58:04 +08:00
修改文件上传
This commit is contained in:
邹景立
parent
d158dc57fc
commit
51a8c96896
@ -35,18 +35,6 @@ use think\response\Json;
|
|||||||
class Upload extends Controller
|
class Upload extends Controller
|
||||||
{
|
{
|
||||||
|
|
||||||
/**
|
|
||||||
* 文件上传方式
|
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
private $type;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* 文件上传模式
|
|
||||||
* @var boolean
|
|
||||||
*/
|
|
||||||
private $safe;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 文件上传脚本
|
* 文件上传脚本
|
||||||
* @return Response
|
* @return Response
|
||||||
@ -75,27 +63,27 @@ class Upload extends Controller
|
|||||||
*/
|
*/
|
||||||
public function state()
|
public function state()
|
||||||
{
|
{
|
||||||
[$this->name, $this->safe] = [input('name', null), $this->getSafe()];
|
[$name, $safe] = [input('name'), $this->getSafe()];
|
||||||
$data = ['uptype' => $this->getType(), 'safe' => intval($this->safe), 'key' => input('key')];
|
$data = ['uptype' => $this->getType(), 'safe' => intval($safe), 'key' => input('key')];
|
||||||
if ($info = Storage::instance($data['uptype'])->info($data['key'], $this->safe, $this->name)) {
|
if ($info = Storage::instance($data['uptype'])->info($data['key'], $safe, $name)) {
|
||||||
$data['url'] = $info['url'];
|
$data['url'] = $info['url'];
|
||||||
$this->success('文件已经上传', $data, 200);
|
$this->success('文件已经上传', $data, 200);
|
||||||
} elseif ('local' === $data['uptype']) {
|
} elseif ('local' === $data['uptype']) {
|
||||||
$data['url'] = LocalStorage::instance()->url($data['key'], $this->safe, $this->name);
|
$data['url'] = LocalStorage::instance()->url($data['key'], $safe, $name);
|
||||||
$data['server'] = LocalStorage::instance()->upload();
|
$data['server'] = LocalStorage::instance()->upload();
|
||||||
} elseif ('qiniu' === $data['uptype']) {
|
} elseif ('qiniu' === $data['uptype']) {
|
||||||
$data['url'] = QiniuStorage::instance()->url($data['key'], $this->safe, $this->name);
|
$data['url'] = QiniuStorage::instance()->url($data['key'], $safe, $name);
|
||||||
$data['token'] = QiniuStorage::instance()->buildUploadToken($data['key'], 3600, $this->name);
|
$data['token'] = QiniuStorage::instance()->buildUploadToken($data['key'], 3600, $name);
|
||||||
$data['server'] = QiniuStorage::instance()->upload();
|
$data['server'] = QiniuStorage::instance()->upload();
|
||||||
} elseif ('alioss' === $data['uptype']) {
|
} elseif ('alioss' === $data['uptype']) {
|
||||||
$token = AliossStorage::instance()->buildUploadToken($data['key'], 3600, $this->name);
|
$token = AliossStorage::instance()->buildUploadToken($data['key'], 3600, $name);
|
||||||
$data['url'] = $token['siteurl'];
|
$data['url'] = $token['siteurl'];
|
||||||
$data['policy'] = $token['policy'];
|
$data['policy'] = $token['policy'];
|
||||||
$data['signature'] = $token['signature'];
|
$data['signature'] = $token['signature'];
|
||||||
$data['OSSAccessKeyId'] = $token['keyid'];
|
$data['OSSAccessKeyId'] = $token['keyid'];
|
||||||
$data['server'] = AliossStorage::instance()->upload();
|
$data['server'] = AliossStorage::instance()->upload();
|
||||||
} elseif ('txcos' === $data['uptype']) {
|
} elseif ('txcos' === $data['uptype']) {
|
||||||
$token = TxcosStorage::instance()->buildUploadToken($data['key'], 3600, $this->name);
|
$token = TxcosStorage::instance()->buildUploadToken($data['key'], 3600, $name);
|
||||||
$data['url'] = $token['siteurl'];
|
$data['url'] = $token['siteurl'];
|
||||||
$data['q-ak'] = $token['q-ak'];
|
$data['q-ak'] = $token['q-ak'];
|
||||||
$data['policy'] = $token['policy'];
|
$data['policy'] = $token['policy'];
|
||||||
@ -119,37 +107,41 @@ class Upload extends Controller
|
|||||||
if (!($file = $this->getFile())->isValid()) {
|
if (!($file = $this->getFile())->isValid()) {
|
||||||
$this->error('文件上传异常,文件过大或未上传!');
|
$this->error('文件上传异常,文件过大或未上传!');
|
||||||
}
|
}
|
||||||
|
$safeMode = $this->getSafe();
|
||||||
$extension = strtolower($file->getOriginalExtension());
|
$extension = strtolower($file->getOriginalExtension());
|
||||||
[$pathname, $original] = [$file->getPathname(), $file->getOriginalName()];
|
$saveName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file');
|
||||||
|
// 检查文件后缀是否被恶意修改
|
||||||
|
if (ltrim(strtolower(strrchr($saveName, '.')), '.') !== $extension) {
|
||||||
|
$this->error('文件后缀异常,请重新上传文件!');
|
||||||
|
}
|
||||||
|
// 屏蔽禁止上传指定后缀的文件
|
||||||
if (!in_array($extension, str2arr(sysconf('storage.allow_exts')))) {
|
if (!in_array($extension, str2arr(sysconf('storage.allow_exts')))) {
|
||||||
$this->error('文件类型受限,请在后台配置规则!');
|
$this->error('文件类型受限,请在后台配置规则!');
|
||||||
}
|
}
|
||||||
if (in_array($extension, ['sh', 'asp', 'bat', 'cmd', 'exe', 'php'])) {
|
if (in_array($extension, ['sh', 'asp', 'bat', 'cmd', 'exe', 'php'])) {
|
||||||
$this->error('文件安全保护,可执行文件禁止上传!');
|
$this->error('文件安全保护,禁止上传可执行文件!');
|
||||||
}
|
}
|
||||||
[$this->type, $this->safe] = [$this->getType(), $this->getSafe()];
|
|
||||||
$this->name = input('key') ?: Storage::name($pathname, $extension, '', 'md5_file');
|
|
||||||
try {
|
try {
|
||||||
if ($this->type === 'local') {
|
if ($this->getType() === 'local') {
|
||||||
$local = LocalStorage::instance();
|
$local = LocalStorage::instance();
|
||||||
$distname = $local->path($this->name, $this->safe);
|
$distName = $local->path($saveName, $safeMode);
|
||||||
$file->move(dirname($distname), basename($distname));
|
$file->move(dirname($distName), basename($distName));
|
||||||
$info = $local->info($this->name, $this->safe, $original);
|
$info = $local->info($saveName, $safeMode, $file->getOriginalName());
|
||||||
if (in_array($extension, ['jpg', 'gif', 'png', 'bmp', 'jpeg', 'wbmp'])) {
|
if (in_array($extension, ['jpg', 'gif', 'png', 'bmp', 'jpeg', 'wbmp'])) {
|
||||||
if ($this->imgNotSafe($distname) && $local->del($this->name)) {
|
if ($this->imgNotSafe($distName) && $local->del($saveName)) {
|
||||||
$this->error('图片未通过安全检查!');
|
$this->error('图片未通过安全检查!');
|
||||||
}
|
}
|
||||||
[$width, $height] = getimagesize($distname);
|
[$width, $height] = getimagesize($distName);
|
||||||
if (($width < 1 || $height < 1) && $local->del($this->name)) {
|
if (($width < 1 || $height < 1) && $local->del($saveName)) {
|
||||||
$this->error('读取图片的尺寸失败!');
|
$this->error('读取图片的尺寸失败!');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$bina = file_get_contents($pathname);
|
$bina = file_get_contents($file->getPathname());
|
||||||
$info = Storage::instance($this->type)->set($this->name, $bina, $this->safe, $original);
|
$info = Storage::instance($this->getType())->set($saveName, $bina, $safeMode, $file->getOriginalName());
|
||||||
}
|
}
|
||||||
if (isset($info['url'])) {
|
if (isset($info['url'])) {
|
||||||
$this->success('文件上传成功!', ['url' => $this->safe ? $this->name : $info['url']]);
|
$this->success('文件上传成功!', ['url' => $safeMode ? $saveName : $info['url']]);
|
||||||
} else {
|
} else {
|
||||||
$this->error('文件处理失败,请稍候再试!');
|
$this->error('文件处理失败,请稍候再试!');
|
||||||
}
|
}
|
||||||
@ -178,11 +170,12 @@ class Upload extends Controller
|
|||||||
*/
|
*/
|
||||||
private function getType(): string
|
private function getType(): string
|
||||||
{
|
{
|
||||||
$this->type = strtolower(input('uptype', ''));
|
$type = strtolower(input('uptype', ''));
|
||||||
if (!in_array($this->type, ['local', 'qiniu', 'alioss', 'txcos'])) {
|
if (in_array($type, ['local', 'qiniu', 'alioss', 'txcos'])) {
|
||||||
$this->type = strtolower(sysconf('storage.type'));
|
return $type;
|
||||||
|
} else {
|
||||||
|
return strtolower(sysconf('storage.type'));
|
||||||
}
|
}
|
||||||
return strtolower($this->type);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user