Jquery 在cakephp上使用ajax上传文件
我正在尝试建立一个上传服务来上传图片。 我的cakephp控制器中的代码如下:Jquery 在cakephp上使用ajax上传文件,jquery,ajax,cakephp,Jquery,Ajax,Cakephp,我正在尝试建立一个上传服务来上传图片。 我的cakephp控制器中的代码如下: $this->autoRender=false; $uptypes=array( '.JPG', '.JPEG', '.PNG', '.PJPEG', '.GIF', '.BMP', '.X-PNG' ); $action=''; if(isset($_GET
$this->autoRender=false;
$uptypes=array(
'.JPG',
'.JPEG',
'.PNG',
'.PJPEG',
'.GIF',
'.BMP',
'.X-PNG'
);
$action='';
if(isset($_GET['act']))
$action = $_GET['act'];
if($action=='delimg'){
$filename = $_POST['imagename'];
if(!empty($filename)){
unlink('C:/xampp/htdocs/youyisi/webroot/files/'.$filename);
echo '1';
}else{
echo 'failed to delete.';
}
}else{
$picname = $_FILES['image_uploader']['name'];
$picsize = $_FILES['image_uploader']['size'];
if ($picname != "") {
if ($picsize > 1024000) {
echo 'the size of your image should less than 1M';
exit;
}
$type = strtoupper(strstr($picname, '.'));
if (!in_array($type, $uptypes)){
echo 'wrong file type!';
exit;
}
$rand = rand(100, 999);
$pics = date("YmdHis") . $rand . $type;
//update location path
$pic_path = "C:/xampp/htdocs/youyisi/webroot/files/". $pics;
move_uploaded_file($_FILES['image_uploader']['tmp_name'], $pic_path);
}
javascript代码在后面:
$(function () {
var showimg = $('#image_container');
var files = $('#message_board');
var filename=$('.filename');
$("#fileupload").wrap("<form id='myupload' action='/account/qacenter/post_images' method='post' enctype='multipart/form-data'></form>");
$("#fileupload").change(function(){
$("#myupload").ajaxSubmit({
dataType: 'json',
beforeSend: function() {
showimg.empty();
},
uploadProgress: function(event, position, total, percentComplete) {
},
success: function(data) {
alert('succeed');
},
error:function(xhr){
files.html(xhr.responseText);
}
});
});
});
我花了好几个小时来克服它,但我失败了。我希望有人能帮我。我是cakephp和jquery的新手。非常感谢。您刚才说错误消息在哪里?我找不到,对不起。我没有足够的声誉来附上图片。所以我就把它打出来。安全漏洞太多了。首先,不要依赖文件扩展名是否正确来确定文件是否为图像。其次,如果我将$\u POST['imagename']设置为'../../../../../../../Windows/System32/something.dll',会发生什么?有一个文件名验证系统,因此您可以只上载图像。我们只上传数组中包含的文件类型。或者,如果需要,您可以不使用javascript上传文件…这里有一个很好的上传文件教程
<input id="fileupload" type="file" name="image_uploader">
Debug timer info
Message Start Time (ms) End Time (ms) Duration (ms)
Core Processing (Derived) 0 239 239
Component initialization and startup 239 319 80
Controller action 319 323 0
Debug timer info
Message Start Time (ms) End Time (ms) Duration (ms)
Core Processing (Derived) 0 -1411631232712 -1411631232712
Component initialization and startup 239 319 80
Controller action 319 323 0