再多站点、网站开放注册投稿的时候,并且没有限制投稿者上传文件,那将是很危险的事情,所以,限制上传类型是必须的!今天逍遥乐就带大家,如何从WordPress默认允许上传的文件类型中,禁止上传某些特定类型的文件,如WordPress默认允许上传 .exe 后缀名的可运行文件,那么我们怎么禁止用户在WordPress后台发表文章时上传 .exe 后缀名的文件呢?这就是本文要解答的问题。
首先,我们要知道WordPress支持上传哪些类型的文件,我们可以在当前主题的functions.php中插入以下php代码,然后打开博客首页,查看网页源代码,即可看到一个完整的支持列表(看完后,记得删除):
print_r(wp_get_mime_types());
下面是以上代码输出的结果,这里供大家参考,也免了大家去写代码看结果。下面是WordPress默认允许上传的文件类型列表:
// []中括号中的名称代表文件名后缀名/扩展名 // => 后面的名称代表的是后缀名所在应的文件MIME信息 Array ( [jpg|jpeg|jpe] => image/jpeg [gif] => image/gif [png] => image/png [bmp] => image/bmp [tif|tiff] => image/tiff [ico] => image/x-icon [asf|asx|wax|wmv|wmx] => video/asf [avi] => video/avi [divx] => video/divx [flv] => video/x-flv [mov|qt] => video/quicktime [mpeg|mpg|mpe] => video/mpeg [mp4|m4v] => video/mp4 [ogv] => video/ogg [mkv] => video/x-matroska [txt|asc|c|cc|h] => text/plain [csv] => text/csv [tsv] => text/tab-separated-values [ics] => text/calendar [rtx] => text/richtext [css] => text/css [htm|html] => text/html [mp3|m4a|m4b] => audio/mpeg [ra|ram] => audio/x-realaudio [wav] => audio/wav [ogg|oga] => audio/ogg [mid|midi] => audio/midi [wma] => audio/wma [mka] => audio/x-matroska [rtf] => application/rtf [js] => application/javascript [pdf] => application/pdf [swf] => application/x-shockwave-flash [class] => application/java [tar] => application/x-tar [zip] => application/zip [gz|gzip] => application/x-gzip [rar] => application/rar [7z] => application/x-7z-compressed [exe] => application/x-msdownload [doc] => application/msword [pot|pps|ppt] => application/vnd.ms-powerpoint [wri] => application/vnd.ms-write [xla|xls|xlt|xlw] => application/vnd.ms-excel [mdb] => application/vnd.ms-access [mpp] => application/vnd.ms-project [docx] => application/vnd.openxmlformats-officedocument.wordprocessingml.document [docm] => application/vnd.ms-word.document.macroEnabled.12 [dotx] => application/vnd.openxmlformats-officedocument.wordprocessingml.template [dotm] => application/vnd.ms-word.template.macroEnabled.12 [xlsx] => application/vnd.openxmlformats-officedocument.spreadsheetml.sheet [xlsm] => application/vnd.ms-excel.sheet.macroEnabled.12 [xlsb] => application/vnd.ms-excel.sheet.binary.macroEnabled.12 [xltx] => application/vnd.openxmlformats-officedocument.spreadsheetml.template [xltm] => application/vnd.ms-excel.template.macroEnabled.12 [xlam] => application/vnd.ms-excel.addin.macroEnabled.12 [pptx] => application/vnd.openxmlformats-officedocument.presentationml.presentation [pptm] => application/vnd.ms-powerpoint.presentation.macroEnabled.12 [ppsx] => application/vnd.openxmlformats-officedocument.presentationml.slideshow [ppsm] => application/vnd.ms-powerpoint.slideshow.macroEnabled.12 [potx] => application/vnd.openxmlformats-officedocument.presentationml.template [potm] => application/vnd.ms-powerpoint.template.macroEnabled.12 [ppam] => application/vnd.ms-powerpoint.addin.macroEnabled.12 [sldx] => application/vnd.openxmlformats-officedocument.presentationml.slide [sldm] => application/vnd.ms-powerpoint.slide.macroEnabled.12 [onetoc|onetoc2|onetmp|onepkg] => application/onenote [odt] => application/vnd.oasis.opendocument.text [odp] => application/vnd.oasis.opendocument.presentation [ods] => application/vnd.oasis.opendocument.spreadsheet [odg] => application/vnd.oasis.opendocument.graphics [odc] => application/vnd.oasis.opendocument.chart [odb] => application/vnd.oasis.opendocument.database [odf] => application/vnd.oasis.opendocument.formula [wp|wpd] => application/wordperfect )
上面的内容,大家看了可能眼花缭乱,其实只要记住,在每一行中,左边中括号中的名称是文件的后缀名(或者叫扩展名),右边 => 后面的名称代表的是后缀名所在应的文件MIME信息,这个我们不用管。
现在言归正传,如果想禁止用户在WordPress后台发表文章时上传特定后缀名的文件,我们可以在当前主题的functions.php中添加以下php代码:
add_filter('upload_mimes', 'custom_upload_mimes'); function custom_upload_mimes( $existing_mimes=array() ) { // 注意中括号中的名称,必须取自上面支持列表中中括号内的名称 unset( $existing_mimes['exe'] ); //此处禁止了上传exe后缀名的文件 return $existing_mimes; }
如果想禁止上传更多后缀名的文件,可以复制第5行的代码,粘贴到第5行代码以后,第7行代码之前,把其中的exe,改成要禁止上传的后缀名即可,如:
add_filter('upload_mimes', 'custom_upload_mimes'); function custom_upload_mimes( $existing_mimes=array() ) { // 注意中括号中的名称,必须取自上面支持列表中中括号的名称 unset( $existing_mimes['exe'] ); //此处禁止了上传exe后缀名的可运行文件 unset( $existing_mimes['jpg|jpeg|jpe'] ); //此处禁止了上传jpg、jpeg和jpe后缀名的压缩文件 unset( $existing_mimes['gif'] ); //此处禁止了上传gif后缀名的图片文件 unset( $existing_mimes['png'] ); //此处禁止了上传png后缀名的图片文件 return $existing_mimes; }
经过此项设置,用户如果在后台上传禁止的文件类型,那么会得到这样的提示:
最新评论