项目中删除图片的代码,希望各位大大能给些安全性的建议。
if(isset($_server['http_x_requested_with']) && strtolower($_server['http_x_requested_with']) == 'xmlhttprequest'){
$url = $_get['json'];
$url = $_server['document_root'].urldecode($url['picurl']);
$pictype = array("gif","jpg","jpeg","png","bmp");
if(file_exists($url)){
$infos = pathinfo($url);
if(in_array($infos['extension'],$pictype) && strpos($url,"uploadfile")){
if(unlink($url)){
echo json_encode(array("status"=>"1","info"=>l('删除成功!')));
}else{
echo json_encode(array("status"=>"2","info"=>l("删除失败,请检查权限!")));
}
}else{
echo json_encode(array("status"=>"2","info"=>l("删除失败,请检查权限!")));
}
}else{
echo json_encode(array("status"=>"0","info"=>l("文件不存在或已删除")));
}
}