复制代码 代码如下:
0,
max_width => 0,
max_height => 0,
max_filename => 0,
allowed_types => ,
file_temp => ,
file_name => ,
orig_name => ,
file_type => ,
file_size => ,
file_ext => ,
upload_path => ,
overwrite => false,
encrypt_name => false,
is_image => false,
image_width => ,
image_height => ,
image_type => ,
image_size_str => ,
error_msg => array(),
mimes => array(),
remove_spaces => true,
xss_clean => false,
temp_prefix => temp_file_,
client_name =>
);
//set each configuration.
foreach($defaults as $key => $val){
if(isset($config[$key])){
$method = set_{$key};
if(method_exists($this, $method)){
$this->$method($config[$key]);
} else {
$this->$key = $config[$key];
}
} else {
$this->$key = $val;
}
}
//check if file_name was provided.
if(!empty($this->file_name)){
//multiple file upload.
if(is_array($this->file_name)){
//clear file name override.
$this->_file_name_override = ;
//set multiple file name override.
$this->_multi_file_name_override = $this->file_name;
//single file upload.
} else {
//set file name override.
$this->_file_name_override = $this->file_name;
//clear multiple file name override.
$this->_multi_file_name_override = ;
}
}
}
/**
* file mime type
*
* detects the (actual) mime type of the uploaded file, if possible.
* the input array is expected to be $_files[$field].
*
* in the case of multiple uploads, a optional second argument may be
* passed specifying which array element of the $_files[$field] array
* elements should be referenced (name, type, tmp_name, etc).
*
* @access protected
* @param $file array
* @param $count int
* @return void
*/
protected function _file_mime_type($file, $count=0){
//mutliple file?
if(is_array($file[name])){
$tmp_name = $file[tmp_name][$count];
$type = $file[type][$count];
//single file.
} else {
$tmp_name = $file[tmp_name];
$type = $file[type];
}
//we'll need this to validate the mime info string (e.g. text/plain; charset=us-ascii).
$regexp = /^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/;
/* fileinfo extension - most reliable method.
*
* unfortunately, prior to php 5.3 - it's only available as a pecl extension and the
* more convenient fileinfo_mime_type flag doesn't exist.
*/
if(function_exists(finfo_file)){
$finfo = finfo_open(fileinfo_mime);
if(is_resource($finfo)){
$mime = @finfo_file($finfo, $tmp_name);
finfo_close($finfo);
/* according to the comments section of the php manual page,
* it is possible that this function returns an empty string
* for some files (e.g. if they don't exist in the magic mime database).
*/
if(is_string($mime) && preg_match($regexp, $mime, $matches)){
$this->file_type = $matches[1];
return;
}
}
}
/* this is an ugly hack, but unix-type systems provide a native way to detect the file type,
* which is still more secure than depending on the value of $_files[$field]['type'], and as it
* was reported in issue #750 (https://github.com/ellislab/codeigniter/issues/750) - it's better
* than mime_content_type() as well, hence the attempts to try calling the command line with
* three different functions.
*
* notes:
* - the directory_separator comparison ensures that we're not on a windows system
* - many system admins would disable the exec(), shell_exec(), popen() and similar functions
* due to security concerns, hence the function_exists() checks
*/
if(directory_separator !== \\){
$cmd = file --brief --mime .escapeshellarg($tmp_name). 2>&1;
if(function_exists(exec)){
/* this might look confusing, as $mime is being populated with all of the output when set in the second parameter.
* however, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites
* anything that could already be set for $mime previously. this effectively makes the second parameter a dummy
* value, which is only put to allow us to get the return status code.
*/
$mime = @exec($cmd, $mime, $return_status);
if($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)){
$this->file_type = $matches[1];
return;
}
}
}
if((bool)@ini_get(safe_mode) === false && function_exists(shell_exec)){
$mime = @shell_exec($cmd);
if(strlen($mime) > 0){
$mime = explode(\n, trim($mime));
if(preg_match($regexp, $mime[(count($mime) - 1)], $matches)){
$this->file_type = $matches[1];
return;
}
}
}
if(function_exists(popen)){
$proc = @popen($cmd, r);
if(is_resource($proc)){
$mime = @fread($proc, 512);
@pclose($proc);
if($mime !== false){
$mime = explode(\n, trim($mime));
if(preg_match($regexp, $mime[(count($mime) - 1)], $matches)){
$this->file_type = $matches[1];
return;
}
}
}
}
//fall back to the deprecated mime_content_type(), if available (still better than $_files[$field][type])
if(function_exists(mime_content_type)){
$this->file_type = @mime_content_type($tmp_name);
//it's possible that mime_content_type() returns false or an empty string.
if(strlen($this->file_type) > 0){
return;
}
}
//if all else fails, use $_files default mime type.
$this->file_type = $type;
}
/**
* set multiple upload data
*
* @access protected
* @return void
*/
protected function set_multi_upload_data(){
$this->_multi_upload_data[] = array(
file_name => $this->file_name,
file_type => $this->file_type,
file_path => $this->upload_path,
full_path => $this->upload_path.$this->file_name,
raw_name => str_replace($this->file_ext, , $this->file_name),
orig_name => $this->orig_name,
client_name => $this->client_name,
file_ext => $this->file_ext,
file_size => $this->file_size,
is_image => $this->is_image(),
image_width => $this->image_width,
image_height => $this->image_height,
image_type => $this->image_type,
image_size_str => $this->image_size_str
);
}
/**
* get multiple upload data
*
* @access public
* @return array
*/
public function get_multi_upload_data(){
return $this->_multi_upload_data;
}
/**
* multile file upload
*
* @access public
* @param string
* @return mixed
*/
public function do_multi_upload($field){
//is $_files[$field] set? if not, no reason to continue.
if(!isset($_files[$field])){ return false; }
//is this really a multi upload?
if(!is_array($_files[$field][name])){
//fallback to do_upload method.
return $this->do_upload($field);
}
//is the upload path valid?
if(!$this->validate_upload_path()){
//errors will already be set by validate_upload_path() so just return false
return false;
}
//every file will have a separate entry in each of the $_files associative array elements (name, type, etc).
//loop through $_files[$field][name] as representative of total number of files. use count as key in
//corresponding elements of the $_files[$field] elements.
for($i=0; $i //was the file able to be uploaded? if not, determine the reason why.
if(!is_uploaded_file($_files[$field][tmp_name][$i])){
//determine error number.
$error = (!isset($_files[$field][error][$i])) ? 4 : $_files[$field][error][$i];
//set error.
switch($error){
//upload_err_ini_size
case 1:
$this->set_error(upload_file_exceeds_limit);
break;
//upload_err_form_size
case 2:
$this->set_error(upload_file_exceeds_form_limit);
break;
//upload_err_partial
case 3:
$this->set_error(upload_file_partial);
break;
//upload_err_no_file
case 4:
$this->set_error(upload_no_file_selected);
break;
//upload_err_no_tmp_dir
case 6:
$this->set_error(upload_no_temp_directory);
break;
//upload_err_cant_write
case 7:
$this->set_error(upload_unable_to_write_file);
break;
//upload_err_extension
case 8:
$this->set_error(upload_stopped_by_extension);
break;
default:
$this->set_error(upload_no_file_selected);
break;
}
//return failed upload.
return false;
}
//set current file data as class variables.
$this->file_temp = $_files[$field][tmp_name][$i];
$this->file_size = $_files[$field][size][$i];
$this->_file_mime_type($_files[$field], $i);
$this->file_type = preg_replace(/^(.+?);.*$/, \\1, $this->file_type);
$this->file_type = strtolower(trim(stripslashes($this->file_type), ''));
$this->file_name = $this->_prep_filename($_files[$field][name][$i]);
$this->file_ext = $this->get_extension($this->file_name);
$this->client_name = $this->file_name;
//is the file type allowed to be uploaded?
if(!$this->is_allowed_filetype()){
$this->set_error(upload_invalid_filetype);
return false;
}
//if we're overriding, let's now make sure the new name and type is allowed.
//check if a filename was supplied for the current file. otherwise, use it's given name.
if(!empty($this->_multi_file_name_override[$i])){
$this->file_name = $this->_prep_filename($this->_multi_file_name_override[$i]);
//if no extension was provided in the file_name config item, use the uploaded one.
if(strpos($this->_multi_file_name_override[$i], .) === false){
$this->file_name .= $this->file_ext;
//an extension was provided, lets have it!
} else {
$this->file_ext = $this->get_extension($this->_multi_file_name_override[$i]);
}
if(!$this->is_allowed_filetype(true)){
$this->set_error(upload_invalid_filetype);
return false;
}
}
//convert the file size to kilobytes.
if($this->file_size > 0){
$this->file_size = round($this->file_size/1024, 2);
}
//is the file size within the allowed maximum?
if(!$this->is_allowed_filesize()){
$this->set_error(upload_invalid_filesize);
return false;
}
//are the image dimensions within the allowed size?
//note: this can fail if the server has an open_basdir restriction.
if(!$this->is_allowed_dimensions()){
$this->set_error(upload_invalid_dimensions);
return false;
}
//sanitize the file name for security.
$this->file_name = $this->clean_file_name($this->file_name);
//truncate the file name if it's too long
if($this->max_filename > 0){
$this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
}
//remove white spaces in the name
if($this->remove_spaces == true){
$this->file_name = preg_replace(/\s+/, _, $this->file_name);
}
/* validate the file name
* this function appends an number onto the end of
* the file if one with the same name already exists.
* if it returns false there was a problem.
*/
$this->orig_name = $this->file_name;
if($this->overwrite == false){
$this->file_name = $this->set_filename($this->upload_path, $this->file_name);
if($this->file_name === false){
return false;
}
}
/* run the file through the xss hacking filter
* this helps prevent malicious code from being
* embedded within a file. scripts can easily
* be disguised as images or other file types.
*/
if($this->xss_clean){
if($this->do_xss_clean() === false){
$this->set_error(upload_unable_to_write_file);
return false;
}
}
/* move the file to the final destination
* to deal with different server configurations
* we'll attempt to use copy() first. if that fails
* we'll use move_uploaded_file(). one of the two should
* reliably work in most environments
*/
if(!@copy($this->file_temp, $this->upload_path.$this->file_name)){
if(!@move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)){
$this->set_error(upload_destination_error);
return false;
}
}
/* set the finalized image dimensions
* this sets the image width/height (assuming the
* file was an image). we use this information
* in the data function.
*/
$this->set_image_properties($this->upload_path.$this->file_name);
//set current file data to multi_file_upload_data.
$this->set_multi_upload_data();
}
//return all file upload data.
return true;
}
}
http://www.bkjia.com/phpjc/733059.htmlwww.bkjia.comtruehttp://www.bkjia.com/phpjc/733059.htmltecharticle复制代码 代码如下: ?php if(!defined(basepath)){ exit(no direct script access allowed); } /** * multi-upload * * extends codeigniters native upload class to add support...