CodeIgniter(和allowed_types)存在问题 [英] Problems with CodeIgniter (and allowed_types)
问题描述
早上好.
我正在尝试将Plupload与CodeIgniter一起使用.我在Plupload之前尝试了uploadify,它的工作效果非常好,uploadify的主要问题是,无论我使用什么,它都从未发送CSRF代码,这确实很奇怪,因此我查看了Plupload,并在几分钟内使它按预期工作.但是,它只能与HTML5上传器一起使用,而不能与Flash上传器一起使用.
I'm trying to use Plupload along with CodeIgniter. I tried uploadify before Plupload and it worked awesome, the main problem with uploadify is that it never sent the CSRF code, no matter what I used, this was really odd so I reviewed Plupload and I made it work as expected in matter of minutes. However, it ONLY works well with the HTML5 uploader and not with the Flash Uploader.
查看日志时,我发现它无法正常工作的原因:在使用CodeIgniter文件上载类时.
Reviewing the logs I found the reason why it was not working: while using the CodeIgniter File Uploading Class.
由于我正在执行批量图片上传程序,因此将其设置为允许"jpg,gif,png,jpeg",但是发现上传程序拒绝了上传请求,因为我上传的是错误的type_file(我发现是八位字节) /stream-wtf?).
Since I'm doing a bulk image uploader I set it up to allow "jpg,gif,png,jpeg" but found that the uploader rejects the uploading petition since I'm uploading a wrong type_file (which I found is octet/stream - wtf?).
上传过程结束后,我正在处理图像(生成拇指,水印,裁剪等),因此,如果将其设置为允许所有文件类型,则图像处理将根本无法进行.
After the upload process, I was processing the image (generating thumbs, watermarks, cropping, etc) so if I set it to allow all file types, the image processing won't work at all.
我当时想做的事情是上传文件(允许八位位组/流MIME TYPE),然后将其转换为图像(使用imagecreatefromstring和file_get_contents函数),然后分别进行处理.
What I was thinking was on doing something like upload the file (allowing octet/stream MIME TYPE) then convert it to image (with imagecreatefromstring and file_get_contents functions) and then process it individually.
如果您有其他任何想法,请告诉我
If you have any other idea let me know
推荐答案
Before going on, I suggest you drop any flash uploader, and pick up https://github.com/blueimp/jQuery-File-Upload that stays always HTML5 and is backwards compatible. At most you won't see uploading bars, but there's no Flash, and you don't have to do any kind of modification to CodeIgniter.
以下内容不是很完善.实际上,从下一版本开始,我将在我的应用程序中放弃对Flash上传的支持.
The following is not very refined. In fact, I'm dropping support for Flash upload in my application from the next version.
任何通过Flash上传的内容都将被服务器接收为应用程序/八位字节流. 当在文件/application/config/mime.php中将"application/octet-stream"添加到您感兴趣的文件类型时,这不再是一个问题.这是
Any upload made via Flash will be received by the server as application/octet-stream. This stops being a problem when in the file /application/config/mime.php you add "application/octet-stream" to the filetypes you're interested in. Here's an example, look at the bottom of the file.
目前,CSRF并不是什么大问题,因为Flash具有自己的cookie,这意味着它就像一个完全独立的浏览器.甚至在尝试发送CSRF之前,我们必须将CodeIgniter用来标识您的Session ID放入Flash.您还必须在/application/config/config.php
Currently, the CSRF is not much the problem, as much that Flash has its own cookies, which means it's like a completely separate browser. Before even trying to send the CSRF, we must put into Flash the Session ID that CodeIgniter uses to identify you. You will also have to change in /application/config/config.php
$config['sess_match_useragent'] = FALSE;
如果要使用Uploadify3(这也应该适用于Uploadify 2和Plupload),则必须首先添加/application/libraries/MY_Session.php,以便也可以通过POST发送会话数据.
If you want to use Uploadify3 (this should work for Uploadify 2 and Plupload too), you first have to add /application/libraries/MY_Session.php to make possible to send Session data also via POST.
只需使用此文件: https://github.com/woxxy/FoOlSlide/blob/a7522d89fe9769118 /application/libraries/MY_Session.php
然后,在您的控制器中,您必须可以随时检索会话ID.
Then in your controller, you have to make it possible to retrieve the Session ID at any time.
function get_sess_id()
{
$this->output->set_output(json_encode(array('session' => $this->session->get_js_session(), 'csrf' => $this->security->get_csrf_hash())));
}
您的上传控制器应该是一个非常标准的上传功能.确保在上传文件中使用正确的名称(用户文件").
Your upload controller should be a pretty standard upload function. Make sure you use the right name on your upload ("userfile").
现在,最糟糕的部分是:视图文件.我本可以删除一些细节,但是我认为一些额外的数据将帮助您进行编码,而不必在Uploadify3中进行过多查找.
Now, the worst part: the view file. I could've removed some details, but I think some extra data will help you coding it without having to look up too much in Uploadify3.
<script type="text/javascript">
function updateSession()
{
jQuery.post('<?php echo site_url('/admin/series/get_sess_id'); ?>',
function(result){
jQuery('#file_upload_flash').uploadifySettings( 'postData', {
'ci_sessionz' : result.session,
'<?php echo $this->security->get_csrf_token_name(); ?>' : result.csrf,
'chapter_id' : <?php echo $chapter->id; ?>
}, false );
setTimeout('updateSession()', 6000);
}, 'json');
}
jQuery(document).ready(function() {
jQuery('#file_upload_flash').uploadify({
'swf' : '<?php echo site_url(); ?>assets/uploadify/uploadify.swf',
'uploader' : '<?php echo site_url('/admin/series/upload/compressed_chapter'); ?>',
'cancelImage' : '<?php echo site_url(); ?>assets/uploadify/uploadify-cancel.png',
'checkExisting' : false,
'preventCaching' : false,
'multi' : true,
'buttonText' : '<?php echo _('Use flash upload'); ?>',
'width': 200,
'auto' : true,
'requeueErrors' : true,
'uploaderType' : 'flash',
'postData' : {},
'onSWFReady' : function() {
updateSession();
},
'onUploadSuccess' : function(file, data, response) {
var files = jQuery.parseJSON(data);
var fu = jQuery('#fileupload').data('fileupload');
fu._adjustMaxNumberOfFiles(-files.length);
fu._renderDownload(files)
.appendTo(jQuery('#fileupload .files'))
.fadeIn(function () {
jQuery(this).show();
});
}
});
});
</script>
<div id="file_upload_flash"></div>
现在,如果还不够用……Uploadify3中有一个错误,那就不会使其触发一个或两个回调.
Now, if it wasn't already enough work... there's a bug in Uploadify3, that doesn't make it trigger one or two of the callbacks.
Here's a fixed version of the code: https://github.com/woxxy/FoOlSlide/blob/a7522d747fe406da18ce18ae9763f083b89eb91e/assets/uploadify/jquery.uploadify.js
您可能希望将其缩小.
但是,如果您想使用jQuery-File-Upload,怎么办?
那么您要做的就是稍微调整一下控制器.这是一个示例(我也不会清理这段代码,因为它可能反而会导致损坏的上载控制器)
Then all you'd have to do is adapting your controller a bit. Here's an example (I won't go through cleaning this code either, as it would probably just make a broken upload controller anyway)
function upload()
{
$info = array();
// compatibility for flash uploader and browser not supporting multiple upload
if (is_array($_FILES['Filedata']) && !is_array($_FILES['Filedata']['tmp_name']))
{
$_FILES['Filedata']['tmp_name'] = array($_FILES['Filedata']['tmp_name']);
$_FILES['Filedata']['name'] = array($_FILES['Filedata']['name']);
}
for ($file = 0; $file < count($_FILES['Filedata']['tmp_name']); $file++)
{
$valid = explode('|', 'png|zip|rar|gif|jpg|jpeg');
if (!in_array(strtolower(substr($_FILES['Filedata']['name'][$file], -3)), $valid))
continue;
if (!in_array(strtolower(substr($_FILES['Filedata']['name'][$file], -3)), array('zip', 'rar')))
$pages = $this->files_model->page($_FILES['Filedata']['tmp_name'][$file], $_FILES['Filedata']['name'][$file], $this->input->post('chapter_id'));
else
$pages = $this->files_model->compressed_chapter($_FILES['Filedata']['tmp_name'][$file], $_FILES['Filedata']['name'][$file], $this->input->post('chapter_id'));
foreach ($pages as $page)
{
$info[] = array(
'name' => $page->filename,
'size' => $page->size,
'url' => $page->page_url(),
'thumbnail_url' => $page->page_url(TRUE),
'delete_url' => site_url("admin/series/delete/page"),
'delete_data' => $page->id,
'delete_type' => 'POST'
);
}
}
// return a json array
echo json_encode($info);
return true;
}
function get_file_objects()
{
// Generate JSON File Output (Required by jQuery File Upload)
header('Content-type: application/json');
header('Pragma: no-cache');
header('Cache-Control: private, no-cache');
header('Content-Disposition: inline; filename="files.json"');
$id = $this->input->post('id');
$chapter = new Chapter($id);
$pages = $chapter->get_pages();
$info = array();
foreach ($pages as $page)
{
$info[] = array(
'name' => $page['filename'],
'size' => intval($page['size']),
'url' => $page['url'],
'thumbnail_url' => $page['thumb_url'],
'delete_url' => site_url("admin/series/delete/page"),
'delete_data' => $page['id'],
'delete_type' => 'POST'
);
}
echo json_encode($info);
return true;
}
并添加更多巨大的视图代码(这次几乎是jQuery上传中的一个)
And add more tremendous view code (this time it's almost stock one from jQuery upload)
<div id="fileupload">
<link href="<?php echo site_url(); ?>assets/jquery-file-upload/jquery-ui.css" rel="stylesheet" id="theme" />
<link href="<?php echo site_url(); ?>assets/jquery-file-upload/jquery.fileupload-ui.css" rel="stylesheet" />
<?php echo form_open_multipart(""); ?>
<div class="fileupload-buttonbar">
<label class="fileinput-button">
<span>Add files...</span>
<input type="file" name="Filedata[]" multiple>
</label>
<button type="submit" class="start">Start upload</button>
<button type="reset" class="cancel">Cancel upload</button>
<button type="button" class="delete">Delete files</button>
</div>
<?php echo form_close(); ?>
<div class="fileupload-content">
<table class="files"></table>
<div class="fileupload-progressbar"></div>
</div>
</div>
<script id="template-upload" type="text/x-jquery-tmpl">
<tr class="template-upload{{if error}} ui-state-error{{/if}}">
<td class="preview"></td>
<td class="name">${name}</td>
<td class="size">${sizef}</td>
{{if error}}
<td class="error" colspan="2">Error:
{{if error === 'maxFileSize'}}File is too big
{{else error === 'minFileSize'}}File is too small
{{else error === 'acceptFileTypes'}}Filetype not allowed
{{else error === 'maxNumberOfFiles'}}Max number of files exceeded
{{else}}${error}
{{/if}}
</td>
{{else}}
<td class="progress"><div></div></td>
<td class="start"><button>Start</button></td>
{{/if}}
<td class="cancel"><button>Cancel</button></td>
</tr>
</script>
<script id="template-download" type="text/x-jquery-tmpl">
<tr class="template-download{{if error}} ui-state-error{{/if}}">
{{if error}}
<td></td>
<td class="name">${name}</td>
<td class="size">${sizef}</td>
<td class="error" colspan="2">Error:
{{if error === 1}}File exceeds upload_max_filesize (php.ini directive)
{{else error === 2}}File exceeds MAX_FILE_SIZE (HTML form directive)
{{else error === 3}}File was only partially uploaded
{{else error === 4}}No File was uploaded
{{else error === 5}}Missing a temporary folder
{{else error === 6}}Failed to write file to disk
{{else error === 7}}File upload stopped by extension
{{else error === 'maxFileSize'}}File is too big
{{else error === 'minFileSize'}}File is too small
{{else error === 'acceptFileTypes'}}Filetype not allowed
{{else error === 'maxNumberOfFiles'}}Max number of files exceeded
{{else error === 'uploadedBytes'}}Uploaded bytes exceed file size
{{else error === 'emptyResult'}}Empty file upload result
{{else}}${error}
{{/if}}
</td>
{{else}}
<td class="preview">
{{if thumbnail_url}}
<a href="${url}" target="_blank"><img src="${thumbnail_url}"></a>
{{/if}}
</td>
<td class="name">
<a href="${url}"{{if thumbnail_url}} target="_blank"{{/if}}>${name}</a>
</td>
<td class="size">${sizef}</td>
<td colspan="2"></td>
{{/if}}
<td class="delete">
<button data-type="${delete_type}" data-url="${delete_url}" data-id="${delete_data}">Delete</button>
</td>
</tr>
</script>
<script src="<?php echo site_url(); ?>assets/js/jquery-ui.js"></script>
<script src="<?php echo site_url(); ?>assets/js/jquery.tmpl.js"></script>
<script src="<?php echo site_url(); ?>assets/jquery-file-upload/jquery.fileupload.js"></script>
<script src="<?php echo site_url(); ?>assets/jquery-file-upload/jquery.fileupload-ui.js"></script>
<script src="<?php echo site_url(); ?>assets/jquery-file-upload/jquery.iframe-transport.js"></script>
<script type="text/javascript">
jQuery(function () {
jQuery('#fileupload').fileupload({
url: '<?php echo site_url('/admin/series/upload/compressed_chapter'); ?>',
sequentialUploads: true,
formData: [
{
name: 'chapter_id',
value: <?php echo $chapter->id; ?>
}
]
});
jQuery.post('<?php echo site_url('/admin/series/get_file_objects'); ?>', { id : <?php echo $chapter->id; ?> }, function (files) {
var fu = jQuery('#fileupload').data('fileupload');
fu._adjustMaxNumberOfFiles(-files.length);
fu._renderDownload(files)
.appendTo(jQuery('#fileupload .files'))
.fadeIn(function () {
jQuery(this).show();
});
});
jQuery('#fileupload .files a:not([target^=_blank])').live('click', function (e) {
e.preventDefault();
jQuery('<iframe style="display:none;"></iframe>')
.prop('src', this.href)
.appendTo('body');
});
});
</script>
这篇关于CodeIgniter(和allowed_types)存在问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
