项目中删除图片的代码,希望各位大大能给些安全性的建议。
if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){ $url = $_GET['json']; $url = $_SERVER['DOCUMENT_ROOT'].urldecode($url['picurl']); $pictype = array("gif","jpg","jpeg","png","bmp"); if(file_exists($url)){ $infos = pathinfo($url); if(in_array($infos['extension'],$pictype) && strpos($url,"uploadfile")){ if(unlink($url)){ echo json_encode(array("status"=>"1","info"=>L('删除成功!'))); }else{ echo json_encode(array("status"=>"2","info"=>L("删除失败,请检查权限!"))); } }else{ echo json_encode(array("status"=>"2","info"=>L("删除失败,请检查权限!"))); } }else{ echo json_encode(array("status"=>"0","info"=>L("文件不存在或已删除"))); } }