cakephp 2.3如何管理用户的文件上传并在用户登录时显示文件? [英] cakephp 2.3 how to manage file upload for users and display the files when they are logged in?
问题描述
到目前为止,我设法将文件上传到app / files目录中,并使用不赞成使用的媒体视图下载它们。我无法使用
so far what I have managed to do is upload the file in app/files directory and download them using the deprecated media views. I am unable to use
$file = $this->Attachment->getFile($id);
,我想向用户显示图像/文件,比如说用户的个人资料图像。我如何才能做到这一点而又不影响用户图像的安全性。
and i want to display the images/files to the user, say like a profile image of the user. How can i get this done without comprising on the security of the user images.
我遇到了错误
Call to a member function getFile() on a non-object
我不想同时使用任何插件。
I don't want to use any plugins for the same.
在此先感谢。
推荐答案
您有三个选择;
- 创建一个mod_rewrite规则,该规则允许通过URL查看对Web根目录之外的目录的访问。这样,就不必通过PHP脚本输出图像了。
- 在您的Web根目录内创建一个指向Web根目录之外的目录的符号链接。这样,图像也将直接由Apache输出,而不是通过PHP脚本输出。您可以在此处按照插件资产的说明进行操作: http:// book.cakephp.org/2.0/en/plugins.html#plugin-assets
- 使用PHP读取文件,然后使用PHP输出图像(调整大小后的版本),例如通过
imagejpeg()函数。为此,您应该在不使用布局的情况下输出图像,并设置正确的响应标题。可以在此处找到有关响应对象的更多信息: http://book.cakephp.org/2.0/en/controllers/request-response.html#sending-files
- Create a mod_rewrite rule that allows access to the directory outside your web root to be viewed via an URL. This way the image will not have to be output via a PHP script
- Create a symlink inside your webroot that points to the directory outside your web root. This way the images will also be output directly by apache, not via a PHP script. You can follow the instructions for 'plugin assets' here: http://book.cakephp.org/2.0/en/plugins.html#plugin-assets
- Read the file with PHP and output (a resized version of) the image with PHP, e.g via the
imagejpeg()function. For this to work you should output the image without using a 'layout' and set the right response headers. More information on the 'response' object can be found here: http://book.cakephp.org/2.0/en/controllers/request-response.html#sending-files
我目前没有时间编写示例,但是可以根据需要提供一些指针
I don't have time at the moment to write examples, but can provide some pointers if needed
更新
尽管CakeView 2.3中不推荐使用MediaView,但您仍然可以从中了解自己如何处理文件下载。 MediaView中的大多数魔术都集中在响应对象周围,响应对象几乎可以在Cake的每个对象(以及控制器内部)中找到。将de
Although the MediaView is deprecated in CakePHP 2.3, you can still 'learn' from it on how to handle file-downloads yourself. Most of the 'magic' in the MediaView is concentrated around the Response-object, which is available in just about every object inside Cake (also inside your Controller). It's probably easy to convert de MediaView into a Component that you can attach to your Controller for outputting/sending files.
MediaView的来源可以在这里找到:
http://api.cakephp.org/2.2/source-class-MediaView.html#23-242
The source of the MediaView can be found here: http://api.cakephp.org/2.2/source-class-MediaView.html#23-242
此外,有关通过响应对象发送文件的其他信息,请参见我前面提到的链接( http://book.cakephp.org/2.0/en/controllers/request-response.html#sending-files )
And, additional information on sending files via the response-object can be found in the link I mentioned earlier (http://book.cakephp.org/2.0/en/controllers/request-response.html#sending-files)
重要
尽管与您的问题没有直接关系,但还是有一些警告;
Although not directly related to your question, some warnings;
用户提供的上传很危险 ,请务必检查文件类型并清理文件名和路径(如果您允许用户指定路径)。始终假设用户能够发送诸如 ../../../../之类的内容作为路径名,防止这种情况发生
对于包含用户上传文件的目录/ URL,请确保禁用PHP解析。我见过这样的情况,用户可以上传 dangerous_file.php.jpg 并随后可以重命名文件(删除 .jpg )。
Be sure to disable PHP parsing for the directories/URLs that contain files uploaded by users. I've seen situations where users were able to upload dangerous_file.php.jpg and were able to rename the file afterwards (remove .jpg).
有关在路径中禁用PHP的更多信息,请参见:
在目录(包括所有子目录)中使用.htaccess禁用PHP
More information on disabling PHP in paths can be found here: Disable PHP in directory (including all sub-directories) with .htaccess
然后,关于最后一点:确保禁用覆盖用户目录中的那些设置(例如,考虑 user 能够上传一个 .htaccess 文件?
And, regarding that last point: Be sure to disable 'overriding' those settings within the user-directories (e.g. consider a situation where the user is able to upload a .htaccess file?
这篇关于cakephp 2.3如何管理用户的文件上传并在用户登录时显示文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
