帝國cms默認編輯器UEdito讀取遠程圖片失效,失敗的原因有2個,1是文件類型,也就是文件的擴展名驗證不通過。2是當圖片的地址后面帶問號“?”,也就是地址后面帶參數(shù)的時候,拉取遠程圖片會失敗。
另外,驗證時的擴展名問題解決了,就出現(xiàn)另一個問題,就是上傳保存的實際的文件名沒有擴展名。
獲取擴展名是依賴原始文件名的:
$imgUrl = "https://upload-images.jianshu.io/upload_images/13291551-ea2071894c84a625.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/544/format/webp"; preg_match("/[\/]([^\/]*)[\.]?[^\.\/]*$/", $imgUrl, $m); $this->oriName = $m ? $m[1]:"";
這導致獲取到的原始文件名是:/webp,原始文件名沒有擴展名,就導致實際的文件名沒有擴展名。
修改后的完整代碼如下:
<?php class Uploader { private $fileField; //文件域名 private $file; //文件上傳對象 private $base64; //文件上傳對象 private $config; //配置信息 private $oriName; //原始文件名 private $fileName; //新文件名 private $fullName; //完整文件名,即從當前配置目錄開始的URL private $filePath; //完整文件名,即從當前配置目錄開始的URL private $fileSize; //文件大小 private $fileType; //文件類型 private $stateInfo; //上傳狀態(tài)信息, private $stateMap = array( //上傳狀態(tài)映射表,國際化用戶需考慮此處數(shù)據(jù)的國際化 "SUCCESS", //上傳成功標記,在UEditor中內不可改變,否則flash判斷會出錯 "文件大小超出 upload_max_filesize 限制", "文件大小超出 MAX_FILE_SIZE 限制", "文件未被完整上傳", "沒有文件被上傳", "上傳文件為空", "ERROR_TMP_FILE" => "臨時文件錯誤", "ERROR_TMP_FILE_NOT_FOUND" => "找不到臨時文件", "ERROR_SIZE_EXCEED" => "文件大小超出網(wǎng)站限制", "ERROR_TYPE_NOT_ALLOWED" => "文件類型不允許", "ERROR_CREATE_DIR" => "目錄創(chuàng)建失敗", "ERROR_DIR_NOT_WRITEABLE" => "目錄沒有寫權限", "ERROR_FILE_MOVE" => "文件保存時出錯", "ERROR_FILE_NOT_FOUND" => "找不到上傳文件", "ERROR_WRITE_CONTENT" => "寫入文件內容錯誤", "ERROR_UNKNOWN" => "未知錯誤", "ERROR_DEAD_LINK" => "鏈接不可用", "ERROR_HTTP_LINK" => "鏈接不是http鏈接", "ERROR_HTTP_CONTENTTYPE" => "鏈接contentType不正確", "ERROR_HTTP_ALLOWFILES" => "抓取圖片格式擴展名不正確", "INVALID_URL" => "非法 URL", "INVALID_IP" => "非法 IP" ); /** * 構造函數(shù) * @param string $fileField 表單名稱 * @param array $config 配置項 * @param bool $base64 是否解析base64編碼,可省略。若開啟,則$fileField代表的是base64編碼的字符串表單名 */ public function __construct($fileField, $config, $type = "upload") { $this->fileField = $fileField; $this->config = $config; $this->type = $type; if ($type == "remote") { $this->saveRemote(); } else if($type == "base64") { $this->upBase64(); } else { $this->upFile(); } $this->stateMap['ERROR_TYPE_NOT_ALLOWED'] = iconv('unicode', 'utf-8', $this->stateMap['ERROR_TYPE_NOT_ALLOWED']); } /** * 上傳文件的主處理方法 * @return mixed */ private function upFile() { $file = $this->file = $_FILES[$this->fileField]; if (!$file) { $this->stateInfo = $this->getStateInfo("ERROR_FILE_NOT_FOUND"); return; } if ($this->file['error']) { $this->stateInfo = $this->getStateInfo($file['error']); return; } else if (!file_exists($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMP_FILE_NOT_FOUND"); return; } else if (!is_uploaded_file($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMPFILE"); return; } $this->oriName = $file['name']; $this->fileSize = $file['size']; $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //檢查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //檢查是否不允許的文件格式 if (!$this->checkType()) { $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED"); return; } //創(chuàng)建目錄失敗 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移動文件 if (!(move_uploaded_file($file["tmp_name"], $this->filePath) && file_exists($this->filePath))) { //移動失敗 $this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE"); } else { //移動成功 $this->stateInfo = $this->stateMap[0]; } } /** * 處理base64編碼的圖片上傳 * @return mixed */ private function upBase64() { $base64Data = $_POST[$this->fileField]; $img = base64_decode($base64Data); $this->oriName = $this->config['oriName']; $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //檢查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //創(chuàng)建目錄失敗 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移動文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移動失敗 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移動成功 $this->stateInfo = $this->stateMap[0]; } } /** * 拉取遠程圖片 * @return mixed */ private function saveRemote() { $imgUrl = htmlspecialchars($this->fileField); $imgUrl = str_replace("&", "&", $imgUrl); //http開頭驗證 if (strpos($imgUrl, "http") !== 0) { $this->stateInfo = $this->getStateInfo("ERROR_HTTP_LINK"); return; } preg_match('/(^https*:\/\/[^:\/]+)/', $imgUrl, $matches); $host_with_protocol = count($matches) > 1 ? $matches[1] : ''; // 判斷是否是合法 url if (!filter_var($host_with_protocol, FILTER_VALIDATE_URL)) { $this->stateInfo = $this->getStateInfo("INVALID_URL"); return; } preg_match('/^https*:\/\/(.+)/', $host_with_protocol, $matches); $host_without_protocol = count($matches) > 1 ? $matches[1] : ''; // 此時提取出來的可能是 ip 也有可能是域名,先獲取 ip $ip = gethostbyname($host_without_protocol); // 判斷是否是私有 ip if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { $this->stateInfo = $this->getStateInfo("INVALID_IP"); return; } //獲取請求頭并檢測死鏈 $heads = get_headers($imgUrl, 1); if (!(stristr($heads[0], "200") && stristr($heads[0], "OK"))) { $this->stateInfo = $this->getStateInfo("ERROR_DEAD_LINK"); return; } //格式驗證(擴展名驗證和Content-Type驗證) if (!isset($heads['Content-Type']) || !stristr($heads['Content-Type'], "image")) { $this->stateInfo = $this->getStateInfo("ERROR_HTTP_CONTENTTYPE"); return; }else{ if (count($this->config['allowFiles']) > 0){ $fileType = strtolower(strrchr($imgUrl, '.')); if (strpos($fileType, "?")){ $fileType = strstr($fileType, "?", true); } if (!in_array($fileType, $this->config['allowFiles'])){ //$this->stateInfo = $this->getStateInfo("ERROR_HTTP_ALLOWFILES"); //return; } } } //打開輸出緩沖區(qū)并獲取遠程圖片 ob_start(); $context = stream_context_create( array('http' => array( 'follow_location' => false // don't follow redirects )) ); readfile($imgUrl, false, $context); $img = ob_get_contents(); ob_end_clean(); $imgUrl2 = $imgUrl; if (strpos($imgUrl, "?")){ $imgUrl2 = substr($imgUrl, 0, strripos($imgUrl, "?")); } preg_match("/[\/]([^\/]*)[\.]?[^\.\/]*$/", $imgUrl2, $m); $this->oriName = $m ? $m[1]:""; if (!strpos($this->oriName, ".")){ if (strpos($heads['Content-Type'], '/')){ $this->oriName .= ".".substr($heads['Content-Type'], strpos($heads['Content-Type'], '/')+1); }else{ $this->oriName .= ".png"; } } $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //檢查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //創(chuàng)建目錄失敗 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移動文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移動失敗 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移動成功 $this->stateInfo = $this->stateMap[0]; } } /** * 上傳錯誤檢查 * @param $errCode * @return string */ private function getStateInfo($errCode) { return !$this->stateMap[$errCode] ? $this->stateMap["ERROR_UNKNOWN"] : $this->stateMap[$errCode]; } /** * 獲取文件擴展名 * @return string */ private function getFileExt() { return strtolower(strrchr($this->oriName, '.')); } /** * 重命名文件 * @return string */ private function getFullName() { //替換日期事件 $t = time(); $d = explode('-', date("Y-y-m-d-H-i-s")); $format = $this->config["pathFormat"]; $format = str_replace("{yyyy}", $d[0], $format); $format = str_replace("{yy}", $d[1], $format); $format = str_replace("{mm}", $d[2], $format); $format = str_replace("{dd}", $d[3], $format); $format = str_replace("{hh}", $d[4], $format); $format = str_replace("{ii}", $d[5], $format); $format = str_replace("{ss}", $d[6], $format); $format = str_replace("{time}", $t, $format); //過濾文件名的非法自負,并替換文件名 $oriName = substr($this->oriName, 0, strrpos($this->oriName, '.')); $oriName = preg_replace("/[\|\?\"\<\>\/\*\\\\]+/", '', $oriName); $format = str_replace("{filename}", $oriName, $format); //替換隨機字符串 $randNum = rand(1, 10000000000) . rand(1, 10000000000); if (preg_match("/\{rand\:([\d]*)\}/i", $format, $matches)) { $format = preg_replace("/\{rand\:[\d]*\}/i", substr($randNum, 0, $matches[1]), $format); } $ext = $this->getFileExt(); return $format . $ext; } /** * 獲取文件名 * @return string */ private function getFileName () { return substr($this->filePath, strrpos($this->filePath, '/') + 1); } /** * 獲取文件完整路徑 * @return string */ private function getFilePath() { $fullname = $this->fullName; $rootPath = $_SERVER['DOCUMENT_ROOT']; if (substr($fullname, 0, 1) != '/') { $fullname = '/' . $fullname; } return $rootPath . $fullname; } /** * 文件類型檢測 * @return bool */ private function checkType() { return in_array($this->getFileExt(), $this->config["allowFiles"]); } /** * 文件大小檢測 * @return bool */ private function checkSize() { return $this->fileSize <= ($this->config["maxSize"]); } /** * 獲取當前上傳成功文件的各項信息 * @return array */ public function getFileInfo() { return array( "state" => $this->stateInfo, "url" => $this->fullName, "title" => $this->fileName, "original" => $this->oriName, "type" => $this->fileType, "size" => $this->fileSize ); } }
解決的問題:
1、地址后面帶參數(shù)的問題,獲取不到正確的擴展名。
2、地址中不包含擴展名的問題,使用 content-type 過濾,取消文件擴展名的過濾;
3、獲取不到正確的擴展名的時候,從 content-type 中獲取,content-type 中也沒有的話,設置默認的擴展名為 .png
版權聲明: 本站資源均來自互聯(lián)網(wǎng)或會員發(fā)布,如果侵犯了您的權益請與我們聯(lián)系,我們將在24小時內刪除!謝謝!
轉載請注明: 帝國cms默認編輯器UEdito讀取遠程圖片失效