|
|
@@ -232,8 +232,7 @@ class ocean_order {
|
|
|
}
|
|
|
|
|
|
try {
|
|
|
- $allow_extend = "|.pdf|.xlsx|.docx|";
|
|
|
- //$allow_extend = "|.pdf|";
|
|
|
+ $allow_extend = "|.pdf|.xlsx|.docx|.xls|.doc|";
|
|
|
$file_name = $_FILES['file']["name"];
|
|
|
$errorMsg = "";
|
|
|
$sql = "";
|
|
|
@@ -257,22 +256,25 @@ class ocean_order {
|
|
|
$errorMsg = $_FILES['file']["name"][$i].', File type error.';
|
|
|
continue;
|
|
|
}
|
|
|
+
|
|
|
+ //检查xlsx,docx 文档的是否异常, doc 和xls放过
|
|
|
+ if($exten == 'xlsx' || $exten == 'docx'){
|
|
|
+ //MIME 类型校验(关键!防伪装)
|
|
|
+ $tmpName = $_FILES['file']['tmp_name'][$i];
|
|
|
+ $finfo = finfo_open(FILEINFO_MIME_TYPE);
|
|
|
+ $mimeType = finfo_file($finfo, $tmpName);
|
|
|
+ finfo_close($finfo);
|
|
|
+
|
|
|
+ $allowedMimes = [
|
|
|
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', // .xlsx
|
|
|
+ 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', // .docx
|
|
|
+ 'application/pdf' // .pdf
|
|
|
+ ];
|
|
|
|
|
|
- //MIME 类型校验(关键!防伪装)
|
|
|
- $tmpName = $_FILES['file']['tmp_name'][$i];
|
|
|
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
|
|
|
- $mimeType = finfo_file($finfo, $tmpName);
|
|
|
- finfo_close($finfo);
|
|
|
-
|
|
|
- $allowedMimes = [
|
|
|
- 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', // .xlsx
|
|
|
- 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', // .docx
|
|
|
- 'application/pdf' // .pdf
|
|
|
- ];
|
|
|
-
|
|
|
- if (!in_array($mimeType, $allowedMimes)) {
|
|
|
- $errorMsg = "Invalid file format. Please upload a genuine .xlsx, .docx, or .pdf file.";
|
|
|
- continue;
|
|
|
+ if (!in_array($mimeType, $allowedMimes)) {
|
|
|
+ $errorMsg = "Invalid file format. Please upload a genuine .xlsx, .docx, or .pdf file.";
|
|
|
+ continue;
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
$filename = $bol."_".$format['standard']."_V".($i+1+$num). "." . $exten;
|
