我有一个非常基本、非常简单的函数,它获取一个文件(在检查它以确保它是 zip 等之后)并上传它,解压缩它等等:
public function theme(array $file){
global $wp_filesystem;
if(is_dir($wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/")){
$target_path = $wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/";
if(move_uploaded_file($file['tmp_name'], $target_path . '/' . $file['name'])) {
$zip = new ZipArchive();
$x = $zip->open($target_path);
if ($x === true) {
$zip->extractTo($target_path); // change this to the correct site path
$zip->close();
//unlink($target_path);
}
$this->success('We have uplaoded your new theme! Activate it bellow!');
} else {
$this->error('Oops!', 'Either your zip is corrupted, could not be unpacked or failed to be uploaded.
Please try again.');
}
}else{
$this->error('Missing Directory', 'The Directory theme under custom in Aisis Theme does not exist.');
}
if(count(self::$_errors) > 0){
update_option('show_errors', 'true');
}
if(count(self::$_messages) > 0){
update_option('show_success', 'true');
}
}
非常基本,是的,我已经使用我的目标路径作为上传和解包的路径(我应该使用不同的路径,默认情况下似乎使用/tmp/tmp_name)
注意: $file 是 $_FILES['some_file']; 的数组。
我的问题是我得到:
Warning: move_uploaded_file(/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip): failed to open stream: Permission denied in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
Warning: move_uploaded_file(): Unable to move '/tmp/phpfwechz' to '/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip' in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
这基本上意味着“哦,您尝试从中移动的文件夹归根用户所有,不,您不能这样做。” 我要移动的文件夹也归apache所有,www-data。- 我有完整的读/写/执行(它是本地主机)。
所以提问时间:
- 我的上传到文件夹和移动到文件夹应该不同吗?
- 在现场环境中,因为这是一个 WordPress 主题,有上传文件能力的用户如何绕过这个“你没有权限”?