{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Ridiculous、 的问题《Authenticity of uploaded pdf files》','https://www.manongdao.com/q-423734.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
My server must only accept pdf files. I am using php to upload files. Currently, I am checking if the file starts with %PDF to ensure the uploaded file really is a pdf file. Are there other checks to ensure 100%(or at least very strongly) that it is a pdf file. Can malicious users upload executable files beginning with %PDF? I'd appreciate any help.
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- PHP Recursively File Folder Scan Sorted by Modific
- Correctly parse PDF paragraphs with Python
- Can php detect if javascript is on or not?
You can use the PECL
FileInfoextension to detect the MIME type. (I suspect however, that internally, it just does the same thing you're already doing.) Alternatively, you might useFPDIto see if you can successfully read the file. With PDF files though, I think embedded malware is a bigger concern than misnamed executables. Any time you're accepting uploads from users, it's probably a good idea to run the file throughClamAVor similar.