html代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="zy1.php" onsubmit="return checkupload();" method="post" enctype="multipart/form-data">
<input type="file" id="uploadfile" name="uploadfile">
<input type="submit">
</form>
<script type="text/javascript">
function checkupload() {
var filetag = document.getElementById("uploadfile");
var filename=filetag.value;
var lastpos=filename.lastIndexOf(".")+1;
var ext=filename.substring(lastpos);
if(ext != "jpg"){
alert("文件类型错误,上传失败")
return false;
}
}
</script>
</body>
</html>
php代码
<?php
header("content-type:text/html;charset=utf-8");
if(isset($_FILES["uploadfile"])){
$uploadfile=$_FILES["uploadfile"];
$filename=$uploadfile["tmp_name"];
$name=$uploadfile["name"];
$extpos=strpos($name,".")+1;
$ext=substr($name,$extpos);
$destination="upload/".$uploadfile["name"];
$destination=iconv("utf-8","gbk",$destination);
move_uploaded_file($filename,$destination);
}
上传效果测试
上传jpg文件:
上传其他文件:
绕过
将1.txt后缀改为1.jpg,上传后用bp抓包,修改1.jpg为1.txt,点击forward,即可上传成功