网站经常会提供文件上传功能,最经常的是图片上传,但是有心人会改文件后缀伪造图片,所以我们不能根据文件后缀来判断用户上传的文件是否符合规范,得根据字节前面的类型来,下面是用java写的判断文件流是否是图片的例子,代码如下:
public class FileType{public static String bytesToHexString(byte[] src) {StringBuilder stringBuilder = new StringBuilder();if (src == null || src.length <= 0) {return null;}for (int i = 0; i < src.length; i++) {int v = src[i] & 0xFF;String hv = Integer.toHexString(v);if (hv.length() < 2) {stringBuilder.append(0);}stringBuilder.append(hv);}return stringBuilder.toString();}public static String getImgType(byte[] src){String xxx = bytesToHexString(src);xxx = xxx.substring(0, 6).toUpperCase();System.out.println("头文件是:" + xxx);String ooo = TypeDict.checkType(xxx);System.out.println("后缀名是:" + ooo);return ooo;}}class TypeDict {/**常用文件的文件头如下:(以前六位为准)JPEG (jpg),文件头:FFD8FFPNG (png),文件头:89504E47GIF (gif),文件头:47494638TIFF (tif),文件头:49492A00Windows Bitmap (bmp),文件头:424DCAD (dwg),文件头:41433130Adobe Photoshop (psd),文件头:38425053Rich Text Format (rtf),文件头:7B5C727466XML (xml),文件头:3C3F786D6CHTML (html),文件头:68746D6C3EEmail [thorough only] (eml),文件头:44656C69766572792D646174653AOutlook Express (dbx),文件头:CFAD12FEC5FD746FOutlook (pst),文件头:2142444EMS Word/Excel (xls.or.doc),文件头:D0CF11E0MS Access (mdb),文件头:5374616E64617264204AWordPerfect (wpd),文件头:FF575043Postscript (eps.or.ps),文件头:252150532D41646F6265Adobe Acrobat (pdf),文件头:255044462D312EQuicken (qdf),文件头:AC9EBD8FWindows Password (pwl),文件头:E3828596ZIP Archive (zip),文件头:504B0304RAR Archive (rar),文件头:52617221Wave (wav),文件头:57415645AVI (avi),文件头:41564920Real Audio (ram),文件头:2E7261FDReal Media (rm),文件头:2E524D46MPEG (mpg),文件头:000001BAMPEG (mpg),文件头:000001B3Quicktime (mov),文件头:6D6F6F76Windows Media (asf),文件头:3026B2758E66CF11MIDI (mid),文件头:4D546864*/public static String checkType(String xxxx) {if("FFD8FF".equals(xxxx)){return "jpg";}if("89504E".equals(xxxx)){return "png";}if("474946".equals(xxxx)){return "gif";}//用户传的不是图片return "error";}}
