wordpress 文件上传设置文件类型和大小(角色权限)
我们最初是简单的给所有用户有上传文件并且设置文件上传可以使用media_handle_upload和wp_handle_upload 类似的函数,其实都是调用wp_handle_upload函数
这个函数的第4个参数,支持数组,代码如下:
- $access = array('test_form' => false, 'mimes' => array('jpeg' => 'image/jpeg',
- 'png' => 'image/png','gif' => 'image/gif','jpg' => 'image/jpeg'));
这样写就可以限制文件的类型,但是貌似对伪造的文件不好使,经过测试可以使用一个过滤器,完美解决这个问题,过滤器名称:wp_handle_upload_prefilter,代码如下:
- add_filter('wp_handle_upload_prefilter', 'custom_upload_filter' );
- function custom_upload_filter($file)
- {
- $fileSize = $file['size'];
- $info =getimagesize($file['tmp_name']);
- return $file;
- }
让用户拥有上传文件的权限
默认情况下,有些用户是不允许上传文件的,你可以在主题的 functions.php 添加下面的代码:
-
- if ( current_user_can('contributor') && !current_user_can('upload_files') )
- add_action('admin_init', 'allow_contributor_uploads');
-
- function allow_contributor_uploads() {
- $contributor = get_role('contributor');
- $contributor->add_cap('upload_files');
- }
上面的代码就是给 'contributor' 这个用户角色添加了 'upload_files'(上传文件)的权限。
限制用户上传文件的类型
首先,大家可以先了解一下 WordPress 默认允许上传的文件类型,打开WordPress的 /wp-includes/functions.php 文件,然后搜索 function wp_get_mime_types 定位到那里,你就会看到详细的文件类型:
- function wp_get_mime_types() {
-
- return apply_filters( 'mime_types', array(
-
- 'jpg|jpeg|jpe' => 'image/jpeg',
- 'gif' => 'image/gif',
- 'png' => 'image/png',
- 'bmp' => 'image/bmp',
- 'tif|tiff' => 'image/tiff',
- 'ico' => 'image/x-icon',
-
- 'asf|asx|wax|wmv|wmx' => 'video/asf',
- 'avi' => 'video/avi',
- 'divx' => 'video/divx',
- 'flv' => 'video/x-flv',
- 'mov|qt' => 'video/quicktime',
- 'mpeg|mpg|mpe' => 'video/mpeg',
- 'mp4|m4v' => 'video/mp4',
- 'ogv' => 'video/ogg',
- 'mkv' => 'video/x-matroska',
-
- 'txt|asc|c|cc|h' => 'text/plain',
- 'csv' => 'text/csv',
- 'tsv' => 'text/tab-separated-values',
- 'ics' => 'text/calendar',
- 'rtx' => 'text/richtext',
- 'css' => 'text/css',
- 'htm|html' => 'text/html',
-
- 'mp3|m4a|m4b' => 'audio/mpeg',
- 'ra|ram' => 'audio/x-realaudio',
- 'wav' => 'audio/wav',
- 'ogg|oga' => 'audio/ogg',
- 'mid|midi' => 'audio/midi',
- 'wma' => 'audio/wma',
- 'mka' => 'audio/x-matroska',
-
- 'rtf' => 'application/rtf',
- 'js' => 'application/javascript',
- 'pdf' => 'application/pdf',
- 'swf' => 'application/x-shockwave-flash',
- 'class' => 'application/java',
- 'tar' => 'application/x-tar',
- 'zip' => 'application/zip',
- 'gz|gzip' => 'application/x-gzip',
- 'rar' => 'application/rar',
- '7z' => 'application/x-7z-compressed',
- 'exe' => 'application/x-msdownload',
-
- 'doc' => 'application/msword',
- 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
- 'wri' => 'application/vnd.ms-write',
- 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
- 'mdb' => 'application/vnd.ms-access',
- 'mpp' => 'application/vnd.ms-project',
- 'docx' => 'application/vnd.openxmlformats-
- officedocument.wordprocessingml.document',
- 'docm' => 'application/vnd.ms-word.document.macroEnabled.12',
- 'dotx' => 'application/vnd.openxmlformats-
- officedocument.wordprocessingml.template',
- 'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
- 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
- 'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
- 'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
- 'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
- 'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
- 'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
- 'pptx' => 'application/vnd.openxmlformats-
- officedocument.presentationml.presentation',
- 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
- 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
- 'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12',
- 'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
- 'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12',
- 'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
- 'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
- 'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12',
- 'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote',
-
- 'odt' => 'application/vnd.oasis.opendocument.text',
- 'odp' => 'application/vnd.oasis.opendocument.presentation',
- 'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
- 'odg' => 'application/vnd.oasis.opendocument.graphics',
- 'odc' => 'application/vnd.oasis.opendocument.chart',
- 'odb' => 'application/vnd.oasis.opendocument.database',
- 'odf' => 'application/vnd.oasis.opendocument.formula',
-
- 'wp|wpd' => 'application/wordperfect',
- ) );
=> 的前面为格式,后面为格式描述,如果你要禁止上传其中的某些类型,可以参考下面的例子,将下面的代码添加到主题的 functions.php 文件:
-
- add_filter('upload_mimes', 'custom_upload_mimes');
- function custom_upload_mimes ( $existing_mimes=array() ) {
- unset ($existing_mimes['avi']);
- unset ($existing_mimes['mp4']);
- return $existing_mimes;
- }
如果你还要禁止更多,可以按照 unset ($existing_mimes['格式']); 样例添加即可,如果你仅仅只需要允许用户上传几种类型而已,还可以通过下面的更简洁的方法,代码添加到主题的functions.php 文件:
-
- add_filter('upload_mimes', 'custom_upload_mimes');
- function custom_upload_mimes ( $existing_mimes=array() ) {
- unset ($existing_mimes);
- $existing_mimes['jpg|jpeg|gif|png']='image/image';
- return $existing_mimes;
- }
如果你还要允许上传其他格式,重复使用 $existing_mimes['格式']='描述';即可.
限制用户上传的文件大小
同样在主题的 functions.php 文件中,添加下面的代码:
-
- function max_up_size() {
- return 500*1024;
- }
- add_filter('upload_size_limit', 'max_up_size');
上面的例子是限制所有用户上传的文件的最大体积为 500 kb (1M =1024*1024)。
注意:主机空间和WordPress本身一般设置了允许上传的文件的最大体积,所以在这里设置需要考虑到这点.
限制不同用户角色可上传的文件类型及大小
其实上面已经给出了限制类型和大小的方法,要根据不同用户角色来限制,只需要添加角色判断代码即可,倡萌举个综合的例子:
不同用户上传的类型,代码如下:
- function custom_upload_mimes ( $existing_mimes=array() ) {
- unset ($existing_mimes);
- if( current_user_can( 'publish_posts' ) && !current_user_can( 'publish_pages' ) ) {
-
- $existing_mimes['jpg|jpeg|gif|png']='image/image';
- 文件
- $existing_mimes['zip']='application/zip';
- $existing_mimes['pdf']='application/pdf';
- }elseif( current_user_can( 'edit_posts' ) && !current_user_can( 'publish_posts' ) )
- {
-
- $existing_mimes['jpg|jpeg|gif|png']='image/image';
- $existing_mimes['pdf']='application/pdf';
- }else{
-
- $existing_mimes['jpg|jpeg|gif|png']='image/image';
- }
- return $existing_mimes;
- }
-
- function max_up_size() {
- if( current_user_can( 'publish_posts' ) && !current_user_can( 'publish_pages' ) ) {
- return 2048*1024;
- }elseif( current_user_can( 'edit_posts' ) && !current_user_can( 'publish_posts' ) )
- {
- return 1024*1024;
- }else{
- return 500*1024;
- }
- }
-
- if( !current_user_can( 'manage_options' ) ) {
- add_filter('upload_mimes', 'custom_upload_mimes');
- add_filter('upload_size_limit', 'max_up_size');
- }
大家只要灵活使用 if 语句判断不同的角色赋予不同的权限即可.
|