xinyin025/mpay
1
0
Fork 0
mirror of https://gitee.com/technical-laohu/mpay.git synced 2025-11-08 11:43:43 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复图片上传文件漏洞

Browse Source
This commit is contained in:
技术老胡
2024-12-20 11:16:57 +08:00
parent de848ab32b
commit 05c1b08e95
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/controller/api/PayManageController.php
View File

@@ -125,14 +125,27 @@ class PayManageController extends BaseController
public function uploadQrcode() public function uploadQrcode()
{ {
$img = $this->request->file('codeimg'); $img = $this->request->file('codeimg');
if (!$img) {
return json(backMsg(1, '请选择要上传的文件'));
}
// 验证文件类型
$allowedTypes = ['image/png', 'image/jpeg', 'image/gif'];
$fileMimeType = $img->getMime();
if (!in_array($fileMimeType, $allowedTypes)) {
return json(backMsg(1, '只允许上传PNG、JPEG或GIF格式的图片'));
}
// 生成唯一文件名
$filename = 'img_' . time() . '_' . uniqid() . '.' . $img->getOriginalExtension();
// 设置文件保存路径
$path = public_path() . '/files/qrcode/'; $path = public_path() . '/files/qrcode/';
if (!is_dir($path)) { if (!is_dir($path)) {
mkdir($path, 0777, true); mkdir($path, 0755, true);
} }
$info = $img->move($path, 'img' . time() . '.' . $img->getOriginalExtension()); // 移动文件到指定目录
$info = $img->move($path, $filename);
if ($info) { if ($info) {
$imgpath = '/files/qrcode/'; $imgpath = '/files/qrcode/' . $filename;
return json(backMsg(0, '上传成功', ['imgpath' => $imgpath . $info->getFilename()])); return json(backMsg(0, '上传成功', ['imgpath' => $imgpath]));
} else { } else {
return json(backMsg(1, '上传失败')); return json(backMsg(1, '上传失败'));
} }