WEB应用为了满足“安全标准” - 上传文件的保存

Laravel 静态文件过滤中间件

<?phpnamespace App\Http\Middleware;use Closure;class StaticResourceInterceptor
{/*** Handle an incoming request.** @param  \Illuminate\Http\Request  $request* @param  \Closure  $next* @return mixed*/public function handle($request, Closure $next){// 获取请求的路径$path = $request->getPathInfo();// 检查请求是否是静态资源if ($this->isStaticResource($path)) {// 如果是静态资源，返回自定义的响应，或根据需要执行其他操作if(file_exists(storage_path("app".$path))){// 支持响应的静态文件类型$support = ['png'=>'image/png','jpg'=>'image/jpeg','gif'=>'image/gif','pdf'=>'application/pdf','docx'=>'application/msword',];$ext = pathinfo($path, PATHINFO_EXTENSION);if(isset($support[$ext])){$headers = ['Content-Type'=> $support[$ext]];return response()->file(storage_path("app".$path), $headers);}}return response()->json(['error' => '拒绝访问静态资源', 'path'=>$path], 403);}// 继续处理请求return $next($request);}/*** 检查是否是静态资源** @param  string  $path* @return bool*/protected function isStaticResource($path){// 在这里添加检查静态资源的逻辑，可以使用正则表达式或其他方式// 例如，检查路径是否以.css、.js、.jpg等静态资源扩展名结尾$pattern = '/\.(css|js|jpg|jpeg|png|gif|ico|pdf)$/i';return preg_match($pattern, $path);}
}