wordpress后台指定上传文件格式

WordPress为了出于安全考虑我们必须限制后台的上传文件类型,防患于未然。官方提供了很好的过滤器API

http://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes

示范例子

add_filter('upload_mimes', 'custom_upload_mimes');
function custom_upload_mimes ( $existing_mimes=array() ) {
unset ($existing_mimes);//注销数组变量
$existing_mimes['jpg']='image/jpeg';
$existing_mimes['png']='image/png';
$existing_mimes['bmp']='image/bmp';
$existing_mimes['gif']='image/gif';
return $existing_mimes;
}

上边是注销上传类型,下边增加可上传类型:

//增加可上传类型
add_filter('upload_mimes', 'custom_upload_mimes');
function custom_upload_mimes ( $existing_mimes=array() ) {
$existing_mimes['rar'] = 'application/octet-stream';
$existing_mimes['zip'] = 'application/zip';
$existing_mimes['7z'] = 'application/octet-stream';
return $existing_mimes;
}

如上代码所示,只允许用户上传jpg,gif,png,bmp的格式文件,其他格式是禁止的也起到一个安全作用。当然要想真正进一步加强后台的安全系数还需要把在线主题安装、插件安装、主题编辑等这些能直接操作文件的地方删掉。下面列出一些文件的类型,如果自己需要添加其他上传文件类型可以参照下表,比如要允许php文件上传,只需在上面增加一个数组变量就可以了:$existing_mimes['php']=’application/octet-stream’; 当然不推荐允许上传php文件。

该对应表包含:

  • php上传图片文件(gif,jpg,bmp,png,psd,ico)
  • php上传压缩文件(rar,7z,zip)
  • php上传可执行文件(exe)
  • php上传视频文件,音乐文件,歌词文件(avi,rmvb,3gp,flv,mp3,wav,krc,lrc)
  • php上传文本文件和文档文件(word->doc,excel->xls,幻灯片->ppt,pdf,chm)
  • php上传数据库文件(access文件,sql文件,con文件,日志文件log, dat文件)
  • php上传网页文件,脚本文件,字体文件(ini,php,html,htm,字体文件:ttf,fon, js ,xml)
  • php上传其他文件(class类文件,dll动态加载库文件)

PHP文件上传类型

ie 火狐
id 后缀名 php识别出的文件类型
0 gif image/gif
1 jpg image/jpeg
2 png image/png
3 bmp image/bmp
4 psd application/octet-stream
5 ico image/x-icon
6 rar application/octet-stream
7 zip application/zip
8 7z application/octet-stream
9 exe application/octet-stream
10 avi video/avi
11 rmvb application/vnd.rn-realmedia-vbr
12 3gp application/octet-stream
13 flv application/octet-stream
14 mp3 audio/mpeg
15 wav audio/wav
16 krc application/octet-stream
17 lrc application/octet-stream
18 txt text/plain
19 doc application/msword
20 xls application/vnd.ms-excel
21 ppt application/vnd.ms-powerpoint
22 pdf application/pdf
23 chm application/octet-stream
24 mdb application/msaccess
25 sql application/octet-stream
26 con application/octet-stream
27 log text/plain
28 dat application/octet-stream
29 ini application/octet-stream
30 php application/octet-stream
31 html text/html
32 htm text/html
33 ttf application/octet-stream
34 fon application/octet-stream
35 js application/x-javascript
36 xml text/xml
37 dll application/octet-stream
38 dll application/octet-stream
id 后缀名 php识别出的文件类型
0 gif image/gif
1 jpg image/pjpeg
2 png image/x-png
3 bmp image/bmp
4 psd application/octet-stream
5 ico image/x-icon
6 rar application/octet-stream
7 zip application/x-zip-compressed
8 7z application/octet-stream
9 exe application/octet-stream
10 avi video/avi
11 rmvb application/vnd.rn-realmedia-vbr
12 3gp application/octet-stream
13 flv application/octet-stream
14 mp3 audio/mpeg
15 wav audio/wav
16 krc application/octet-stream
17 lrc application/octet-stream
18 txt text/plain
19 doc application/msword
20 xls application/vnd.ms-excel
21 ppt application/vnd.ms-powerpoint
22 pdf application/pdf
23 chm application/octet-stream
24 mdb application/msaccess
25 sql text/plain
26 con application/octet-stream
27 log text/plain
28 dat text/plain
29 ini application/octet-stream
30 php application/octet-stream
31 html text/html
32 htm text/html
33 ttf application/octet-stream
34 fon application/octet-stream
35 js text/html
36 xml text/xml
37 dll application/octet-stream
38 class application/java