Closed
Description
\app\Http\Controllers\Backend\Api\V1\UploadController.php
public function imageUpload(Request $request)
{
$url = $request->input('url');
if (!$url) {
return $this->error('请输入图片地址');
}
$extension = '';
if (preg_match('/\.png/i', $url)) {
$extension = 'png';
} elseif (preg_match('/\.jpg/i', $url)) {
$extension = 'jpg';
} elseif (preg_match('/\.gif/i', $url)) {
$extension = 'gif';
} elseif (preg_match('/\.jpeg/i', $url)) {
$extension = 'jpeg';
}
if (!$extension) {
return $this->error('无法检测图片格式');
}
try {
// 将图片保存到本地临时文件
$content = file_get_contents($url);
$tmpPath = config('meedu.upload.image.path') . '/' . Str::random(32) . '.' . $extension;
// 保存到storage
$disk = config('meedu.upload.image.disk');
Storage::disk($disk)->put($tmpPath, $content);
$url = url(Storage::disk($disk)->url($tmpPath));
return $this->successData([
'path' => $tmpPath,
'url' => $url,
]);
} catch (\Exception $e) {
return $this->error($e->getMessage());
}
}
读取一个url,然后保存文件。后缀判断逻辑错误,仅判断了包含这几个后缀,应该判断为以这几个后缀结尾。
payload:
{"url":"file:///www\/wwwroot\/demo.meedu.vip/.png/../.env"}
Metadata
Metadata
Assignees
Labels
No labels