1

我正在尝试在我的 CakePHP 应用程序中加入上传功能。我之前为一个原始的 PHP 项目构建了一个,并决定重用该代码,因为我知道它可以工作。代码如下:

    $allowed_filetypes = array('.jpg','.gif','.bmp','.png');
    $max_filesize = 1000000; // Maximum filesize in BYTES
    $upload_path = './files/';

    $filename = $_FILES['userfile']['name'];
    $desiredname = $_POST['desiredname'];
    $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

    $savedfile = $desiredname.$ext;

    // Check if the filetype is allowed, if not DIE and inform the user.
    if(!in_array($ext,$allowed_filetypes))
        die('The file you attempted to upload is not allowed.');

    // Now check the filesize, if it is too large then DIE and inform the user.
    if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
        die('The file you attempted to upload is too large.');

    // Check if we can upload to the specified path, if not DIE and inform the user.
    if(!is_writable($upload_path))
        die('You cannot upload to the specified directory, please CHMOD it to 777.');

    // Upload the file to your specified path.
    if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $savedfile))
        echo 'Your file upload was successful, view the file <a href="' . $upload_path . $savedfile . '" title="Your File">here</a>'; // It worked.
    else
        echo 'There was an error during the file upload.  Please try again.'; // It failed :(.

我已将此代码放入要上传的页面的控制器中。我在 CakePHP 中使用了 FormHelper 来生成表单,如下:

    <?php 
        echo $this->Form->create('Customer', array(
            'class' => 'form-horizontal',
            'action' => 'add',
            'enctype' => 'multipart/form-data'
        ));

        echo $this->Form->input('filename', array(
            'type' => 'text',
            'label' => 'Filename',
            'class' => 'span5'
        ));
        echo $this->Form->input('file', array(
            'between' => '<br />',
            'type' => 'file'
        ));
        echo $this->Form->end('Save Changes', array(
            'label' => false,
            'type' => 'submit',
            'class' => 'btn btn-primary'
        ));

        echo $this->Form->end();
     ?>

我已更改对旧代码中字段的任何引用,以反映此项目中使用的表单更改。但是,我在提交表单时收到以下错误:

注意(8):未定义索引:CustomerFile [APP\Controller\CustomersController.php,第 148 行]

注意(8):未定义索引:CustomerFilename [APP\Controller\CustomersController.php,第 149 行]

在控制器的代码中,我(再次)更改了表单字段以使用以下内容:

$filename = $this->request->data['CustomerFile']['name'];
$desiredname = $this->request->data['CustomerFilename'];

但错误仍然发生。我猜测表单字段没有被正确引用,但我认为我已经使用$this->request代码正确引用了它们,但显然它没有工作。有人有什么想法吗?

4

2 回答 2

3

主要的非蛋糕问题:

  1. 滚动您自己的文件名操作操作,而不是使用pathinfo()
  2. 按用户提供的文件名过滤以确定上传资格。永远不要相信用户发送的任何东西。使用服务器端 MIME 类型操作,例如fileinfo
  3. 假设上传成功并在检查成功/失败之前对该文件执行服务器端操作。始终首先检查['error']代码。代码记录在这里: http: //php.net/manual/en/features.file-upload.errors.php
  4. 使用上传后文件大小限制 - 最好在 php.ini 中设置限制,这将允许服务器在将带宽与稍后将被忽略的字节绑定之前中止上传。您可以使用['error']代码来确定上传是否由于违反文件大小限制而中止。
  5. 允许用户指定目标文件名,绝对没有安全检查,允许恶意用户在该文件名中指定路径,并允许他们在您服务器上的任何文件上乱涂乱画。
于 2012-05-12T23:01:58.960 回答
0

页面模型:

    public function beforeSave() {
    if (!empty($this->data['Page']['image']['name'])) {

        $this->data['Page']['image'] = time() . '-Featured-' . $this->data['Page']['image']['name'];
        $this->data['Page']['alias'] = $this->data['Page']['title'];
        $this->data['Page']['publish'] = date("y.m.d, h:i:s");
        $this->data['Page']['update'] = date("y.m.d, h:i:s");
        $this->data['Page']['posttype'] = 'page';

        return true;
    } else {
        if($this->action == 'edit'){
            $this->data['Page']['image'] = $this->data['Page']['img'];
            $this->data['Page']['alias'] = $this->data['Page']['title'];
            $this->data['Page']['publish'] = date("y.m.d, h:i:s");
            $this->data['Page']['update'] = date("y.m.d, h:i:s");
            $this->data['Page']['posttype'] = 'page';
            return true;
        }
    }

    return true;
}

public function fileExtension ($data) {
    if($this->data['Page']['image']['type'] != 'image/jpeg'){
        $this->invalidate('image','');
        return false;
    }
    return true;
}

页面控制器:

    public function add() {

    if (!empty($this->request->data)) {
        $menus = $this->Page->save($this->request->data);
        if (!empty($menus)) {
            move_uploaded_file($this->data['Page']['image']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name']);
            $filename = $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name'];
            list($width,$height) = getimagesize($filename);
            $percent = 20000/$width;
            $newwidth = $width/100*$percent;
            $newheight = $height/100*$percent;
            $thumb = imagecreatetruecolor($newwidth, $newheight);
            $source = imagecreatefromjpeg($filename);
            imagecopyresampled($thumb, $source, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);
            imagejpeg($thumb, $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' .  time() . '-Featured-' . $this->data['Page']['image']['name'],100);
            $this->Session->setFlash('Səhifə əlavə olundu', 'default', array('class' => 'alert alert-success'));
        }
        $this->redirect(array('action'=>'add'));
    }
}
于 2012-05-13T09:25:23.170 回答