wordpress后台指定上传文件格式

发表于 2014年08月16日
WordPress

WordPress为了出于安全考虑我们必须限制后台的上传文件类型，防患于未然。官方提供了很好的过滤器API

http://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes

目录表

示范例子

add_filter('upload_mimes', 'custom_upload_mimes');

function custom_upload_mimes ( $existing_mimes=array() ) {

unset ($existing_mimes);//注销数组变量

$existing_mimes['jpg']='image/jpeg';

$existing_mimes['png']='image/png';

$existing_mimes['bmp']='image/bmp';

$existing_mimes['gif']='image/gif';

return $existing_mimes;

}

上边是注销上传类型，下边增加可上传类型：

//增加可上传类型

add_filter('upload_mimes', 'custom_upload_mimes');

function custom_upload_mimes ( $existing_mimes=array() ) {

$existing_mimes['rar'] = 'application/octet-stream';

$existing_mimes['zip'] = 'application/zip';

$existing_mimes['7z'] = 'application/octet-stream';

return $existing_mimes;

}

如上代码所示，只允许用户上传jpg，gif，png，bmp的格式文件，其他格式是禁止的也起到一个安全作用。当然要想真正进一步加强后台的安全系数还需要把在线主题安装、插件安装、主题编辑等这些能直接操作文件的地方删掉。下面列出一些文件的类型，如果自己需要添加其他上传文件类型可以参照下表，比如要允许php文件上传，只需在上面增加一个数组变量就可以了： $existing_mimes['php']=’application/octet-stream’; 当然不推荐允许上传php文件。

该对应表包含：

php上传图片文件(gif,jpg,bmp,png,psd,ico)
php上传压缩文件(rar,7z,zip)
php上传可执行文件(exe)
php上传视频文件,音乐文件,歌词文件(avi,rmvb,3gp,flv,mp3,wav,krc,lrc)
php上传文本文件和文档文件(word->doc,excel->xls,幻灯片->ppt,pdf,chm)
php上传数据库文件（access文件,sql文件,con文件,日志文件log, dat文件）
php上传网页文件,脚本文件,字体文件(ini,php,html,htm,字体文件：ttf,fon, js ,xml)
php上传其他文件(class类文件,dll动态加载库文件)

PHP文件上传类型

火狐

id	后缀名	php识别出的文件类型
0	gif	image/gif
1	jpg	image/jpeg
2	png	image/png
3	bmp	image/bmp
4	psd	application/octet-stream
5	ico	image/x-icon
6	rar	application/octet-stream
7	zip	application/zip
8	7z	application/octet-stream
9	exe	application/octet-stream
10	avi	video/avi
11	rmvb	application/vnd.rn-realmedia-vbr
12	3gp	application/octet-stream
13	flv	application/octet-stream
14	mp3	audio/mpeg
15	wav	audio/wav
16	krc	application/octet-stream
17	lrc	application/octet-stream
18	txt	text/plain
19	doc	application/msword
20	xls	application/vnd.ms-excel
21	ppt	application/vnd.ms-powerpoint
22	pdf	application/pdf
23	chm	application/octet-stream
24	mdb	application/msaccess
25	sql	application/octet-stream
26	con	application/octet-stream
27	log	text/plain
28	dat	application/octet-stream
29	ini	application/octet-stream
30	php	application/octet-stream
31	html	text/html
32	htm	text/html
33	ttf	application/octet-stream
34	fon	application/octet-stream
35	js	application/x-javascript
36	xml	text/xml
37	dll	application/octet-stream
38	dll	application/octet-stream

id	后缀名	php识别出的文件类型
0	gif	image/gif
1	jpg	image/pjpeg
2	png	image/x-png
3	bmp	image/bmp
4	psd	application/octet-stream
5	ico	image/x-icon
6	rar	application/octet-stream
7	zip	application/x-zip-compressed
8	7z	application/octet-stream
9	exe	application/octet-stream
10	avi	video/avi
11	rmvb	application/vnd.rn-realmedia-vbr
12	3gp	application/octet-stream
13	flv	application/octet-stream
14	mp3	audio/mpeg
15	wav	audio/wav
16	krc	application/octet-stream
17	lrc	application/octet-stream
18	txt	text/plain
19	doc	application/msword
20	xls	application/vnd.ms-excel
21	ppt	application/vnd.ms-powerpoint
22	pdf	application/pdf
23	chm	application/octet-stream
24	mdb	application/msaccess
25	sql	text/plain
26	con	application/octet-stream
27	log	text/plain
28	dat	text/plain
29	ini	application/octet-stream
30	php	application/octet-stream
31	html	text/html
32	htm	text/html
33	ttf	application/octet-stream
34	fon	application/octet-stream
35	js	text/html
36	xml	text/xml
37	dll	application/octet-stream
38	class	application/java