Zend框架文件上传非法上传 [英] Zend framework file upload illegally uploaded
问题描述
到目前为止,文件被上传到一个临时文件夹,但没有上传到我的目标文件夹,我总是得到这个错误文件上传被非法上传,这可能是一个可能的攻击。
我检查了临时文件的文件名,在正确的文件夹中正确的网址。
我在这里丢失了什么。
$ form = new Zend_Form();
$ form-> setAttrib('enctype','multipart / form-data');
$ form-> setMethod('post')
- > addElement('file','pdf',array(
'size'=> '40 ',
'label'=>'Select File',
'required'=> true,
'validators'=> array(
'Size'=> ; array('min'=> 20,'max'=> 1000000)
)
)
)
- > addElement('submit' ,'Save')
; $
$ b if($ this-> getRequest() - > isPost()){
if($ form-> isValid($ this-> getRequest() - > getParams())){
$ id = $ form-> getValue('name');
$ upload = new Zend_File_Transfer_Adapter_Http();
$ uploadDestination = APPLICATION_PATH。 /../public/uploads/'.$id;
if(!is_dir($ uploadDestination)){
mkdir($ uploadDestination,0777,true);
}
$ upload-> setDestination($ uploadDestination);
echo $ upload-> getFileName();
if($ upload-> receive('pdf'))
{
echo'< pre>;
print_r($ form-> getValues());
die();
}
else
{
$ messages = $ upload-> getMessages();
echo implode(\\\
,$ messages);
die();
$ upload-> receive('pdf');是什么不能正常工作。
b
$ b
下面的代码显示了一个可靠的文件验证的工作示例,包括自定义的错误消息。
关键在于Zend_Form :: isValid()方法是你所需要的,你不需要单独验证文件传输
你的表单定义,请注意文件验证器被添加,就像它们是正常的验证器一样
class Jogs_Form_ImportForm extends Zend_Form
{
public function init()
{
$ this-> setAttrib('enctype','multipart / form-data');
$ this-> setAttrib('id','form-import');
$ b $ importAction = $ this-> addElement('radio','importAction',array(
'multiOptions'=> array(
'components'=> '导入组件',
'layouts'=>'导入布局',
'layoutComponents'=>'导入布局组件',
),
'required'=' > true,
'label'=>'导入类型:',
));
$ b $ upload = $ this-> addElement('file','import-file',array(
'label'=>'Text(tab delimited)file(.txt )',
'validators'=> array(
'Size'=> array('max'=> 10 * 1024 * 1024),
'Extension'=> array('txt','messages'=> array(
Zend_Validate_File_Extension :: FALSE_EXTENSION
=>'file will end with.txt')),
'MimeType'= > array('text / plain','messages'=> array(
Zend_Validate_File_MimeType :: FALSE_TYPE
=>'文件必须是文本(制表符分隔)')),
)
));
$ b $ go = $ this-> addElement('submit','go',array(
'required'=> false,
'ignore'=> true,
'label'=>'Go',
));
$ b 你的控制器类
class ImportController extends Zend_Controller_Action
{
public function indexAction(){
$ form = new Polypipe_Form_ImportForm();
$ this-> view-> form = $ form;
$ b $ this-> getRequest() - > isPost()
&&
$ form-> isValid($ this- > getRequest() - > getPost())
){
$ data = $ form-> getValues();
//获取文件信息
$ ft = $ form-> getElement('import-file') - > getTransferAdapter();
$ fileInfo = $ ft-> getFileinfo();
}
}
}
I'm trying to upload files within a normal form with other text fields.
So far, the file gets uploaded to a temp folder but not to my destinationfolder, I always get this error "File 'upload' was illegally uploaded. This could be a possible attack".
I've checked the filename of the tempfile and that has the correct url in the correct folder.
What am I missing here.
$form = new Zend_Form();
$form->setAttrib('enctype', 'multipart/form-data');
$form->setMethod('post')
->addElement('file', 'pdf', array(
'size' => '40',
'label' => 'Select File',
'required' => true,
'validators' => array(
'Size' => array('min' => 20, 'max' => 1000000)
)
)
)
->addElement('submit', 'Save')
;
if ( $this->getRequest()->isPost() ) {
if ( $form->isValid($this->getRequest()->getParams()) ) {
$id = $form->getValue('name');
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
$upload->receive('pdf'); is what's not working properly.
解决方案 think things may have improved in Zend Framework since this question was asked.
The code below shows a working example of a robust file validation, including customised error messages.
The key point is that the Zend_Form::isValid() method is all you need, you don't need to validate the file transfer separately
Your form definition, note that the file validators are added as if they were normal validators
class Jogs_Form_ImportForm extends Zend_Form
{
public function init()
{
$this->setAttrib('enctype', 'multipart/form-data');
$this->setAttrib( 'id', 'form-import' );
$importAction = $this->addElement('radio', 'importAction', array(
'multiOptions' => array(
'components' => 'Import components',
'layouts' => 'Import layouts',
'layoutComponents' => 'Import layout components',
),
'required' => true,
'label' => 'Import Type:',
));
$upload = $this->addElement( 'file', 'import-file', array(
'label' => 'Text (tab delimited) file (.txt)',
'validators' => array(
'Size' => array('max' => 10*1024*1024),
'Extension' => array('txt', 'messages' => array(
Zend_Validate_File_Extension::FALSE_EXTENSION
=> 'file must end with ".txt"' ) ),
'MimeType' => array( 'text/plain', 'messages' => array(
Zend_Validate_File_MimeType::FALSE_TYPE
=> 'file must be text (tab delimited)' ) ),
)
) );
$go = $this->addElement('submit', 'go', array(
'required' => false,
'ignore' => true,
'label' => 'Go',
));
}
}
your controller class
class ImportController extends Zend_Controller_Action
{
public function indexAction(){
$form = new Polypipe_Form_ImportForm();
$this->view->form = $form;
if (
$this->getRequest()->isPost()
&&
$form->isValid( $this->getRequest()->getPost() )
){
$data = $form->getValues();
// get the file info
$ft = $form->getElement('import-file')->getTransferAdapter();
$fileInfo = $ft->getFileinfo();
}
}
}
这篇关于Zend框架文件上传非法上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
