1

当 csrf_protection 为 TRUE 时,为什么我无法在 codeigniter 中的 Dropzone 上上传文件?当我将“csrf_protection”设为 FALSE 时,上传有效,但我可以让“csrf_protection”为 TRUE 并且工作正常吗?

这是我的控制器:

function proses_upload(){
        $config['upload_path']   = FCPATH.'/upload-foto/';
        $config['allowed_types'] = 'gif|jpg|jpeg|png|ico';
        $this->load->library('upload',$config);

        if($this->upload->do_upload('userfile')){
        $token=$this->input->post('token_foto');
        $nama=$this->upload->data('file_name');
        $this->db->insert('foto',array('nama_foto'=>$nama,'token'=>$token));
        }
	}

function remove_foto(){
	$token=$this->input->post('token');
	$foto=$this->db->get_where('foto',array('token'=>$token));

	if($foto->num_rows()>0){
	$hasil=$foto->row();
	$nama_foto=$hasil->nama_foto;
	if(file_exists($file=FCPATH.'/upload-foto/'.$nama_foto)){
		unlink($file);
		}
	$this->db->delete('foto',array('token'=>$token));
		}
	echo "{}";

}

这是意见:

  
Dropzone.autoDiscover = false;

var foto_upload= new Dropzone(".dropzone",{
url: "<?php echo base_url('index.php/upload/proses_upload') ?>",
maxFilesize: 2,
method:"post",
acceptedFiles:"image/*",
paramName:"userfile",
dictInvalidFileType:"Type file ini tidak dizinkan",
addRemoveLinks:true,
});

foto_upload.on("sending",function(a,b,c){
	a.token=Math.random();
	c.append("token_foto",a.token);
});

foto_upload.on("removedfile",function(a){
	var token=a.token;
	$.ajax({
		type:"post",
		data:{token:token},
		url:"<?php echo base_url('index.php/upload/remove_foto') ?>",
		cache:false,
		dataType: 'json',
		success: function(){
			console.log("Foto terhapus");
		},
		error: function(){
			console.log("Error");
		}
	});
});

这是在我的 config.php 中,特别是在 CSRF 上:

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

4

0 回答 0