Php Zend framework文件上传非法上传
我正试图上传一个普通格式的文件和其他文本字段 到目前为止,该文件被上传到临时文件夹,但没有上传到我的destinationfolder,我总是收到这样的错误:“文件‘上传’被非法上传。这可能是一种攻击” 我已经检查了tempfile的文件名,并且在正确的文件夹中有正确的url 我错过了什么Php Zend framework文件上传非法上传,php,zend-framework,frameworks,file-upload,Php,Zend Framework,Frameworks,File Upload,我正试图上传一个普通格式的文件和其他文本字段 到目前为止,该文件被上传到临时文件夹,但没有上传到我的destinationfolder,我总是收到这样的错误:“文件‘上传’被非法上传。这可能是一种攻击” 我已经检查了tempfile的文件名,并且在正确的文件夹中有正确的url 我错过了什么 $form = new Zend_Form(); $form->setAttrib('enctype', 'multipart/form-data');
$form = new Zend_Form();
$form->setAttrib('enctype', 'multipart/form-data');
$form->setMethod('post')
->addElement('file', 'pdf', array(
'size' => '40',
'label' => 'Select File',
'required' => true,
'validators' => array(
'Size' => array('min' => 20, 'max' => 1000000)
)
)
)
->addElement('submit', 'Save')
;
if ( $this->getRequest()->isPost() ) {
if ( $form->isValid($this->getRequest()->getParams()) ) {
$id = $form->getValue('name');
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
$form=new Zend_form();
$form->setAttrib('enctype','multipart/formdata');
$form->setMethod('post')
->addElement('file','pdf',数组(
“大小”=>“40”,
“标签”=>“选择文件”,
“必需”=>true,
“验证程序”=>数组(
'Size'=>数组('min'=>20,'max'=>1000000)
)
)
)
->addElement('提交','保存')
;
如果($this->getRequest()->isPost()){
如果($form->isValid($this->getRequest()->getParams())){
$id=$form->getValue('name');
$upload=new Zend_File_Transfer_Adapter_Http();
$uploadDestination=应用程序路径。'/../public/uploads/'.$id;
如果(!is_dir($uploadDestination)){
mkdir($uploadDestination,0777,true);
}
$upload->setDestination($uploadDestination);
echo$upload->getFileName();
如果($upload->receive('pdf'))
{
回声';
if ( $form->isValid($this->getRequest()->getParams()) ) {
}
打印($form->getValues());
模具();
}
其他的
{
$messages=$upload->getMessages();
回声内爆(“\n”,$messages);
模具();
}
$upload->receive('pdf');是无法正常工作的部分。我认为您可能已经解决了问题…因此我只是给出答案,以便任何遇到此错误的人都可以通过此有价值的帖子找到解决方案…我在解决此问题时遇到了许多困难…希望它能帮助某人 这里的问题是isValid方法被调用两次..当您调用时调用一次
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
第二个是receive方法。因此,如果您将下面的代码保留在$form->isValid方法之外,那么您的文件将被上载
class Jogs_Form_ImportForm extends Zend_Form
{
public function init()
{
$this->setAttrib('enctype', 'multipart/form-data');
$this->setAttrib( 'id', 'form-import' );
$importAction = $this->addElement('radio', 'importAction', array(
'multiOptions' => array(
'components' => 'Import components',
'layouts' => 'Import layouts',
'layoutComponents' => 'Import layout components',
),
'required' => true,
'label' => 'Import Type:',
));
$upload = $this->addElement( 'file', 'import-file', array(
'label' => 'Text (tab delimited) file (.txt)',
'validators' => array(
'Size' => array('max' => 10*1024*1024),
'Extension' => array('txt', 'messages' => array(
Zend_Validate_File_Extension::FALSE_EXTENSION
=> 'file must end with ".txt"' ) ),
'MimeType' => array( 'text/plain', 'messages' => array(
Zend_Validate_File_MimeType::FALSE_TYPE
=> 'file must be text (tab delimited)' ) ),
)
) );
$go = $this->addElement('submit', 'go', array(
'required' => false,
'ignore' => true,
'label' => 'Go',
));
}
}
$upload=new Zend_File_Transfer_Adapter_Http();
$uploadDestination=应用程序路径。'/../public/uploads/'.$id;
如果(!is_dir($uploadDestination)){
mkdir($uploadDestination,0777,true);
}
$upload->setDestination($uploadDestination);
echo$upload->getFileName();
如果($upload->receive('pdf'))
{
回声';
if ( $form->isValid($this->getRequest()->getParams()) ) {
}
打印($form->getValues());
模具();
}
其他的
{
$messages=$upload->getMessages();
回声内爆(“\n”,$messages);
模具();
}
但是,当您验证其他元素时,仍然会出现错误,但您的文件将被上载…您认为自提出此问题以来,Zend Framework中的情况可能有所改进 下面的代码显示了一个健壮的文件验证的工作示例,包括定制的错误消息 关键是Zend_Form::isValid()方法是您所需要的全部,您不需要单独验证文件传输 在您的表单定义中,请注意,文件验证器的添加方式与普通验证器的添加方式相同
$form->yourElement->setValueDisabled( true );
您的控制器类
if ( $this->getRequest()->isPost() ) {
if ( $form->isValid($this->getRequest()->getParams()) ) {
$id = $form->getValue('name');
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
}
}
$form = new Zend_Form();
$form->setAttrib('enctype', 'multipart/form-data');
$form->setMethod('post')
->addElement('file', 'pdf', array(
'size' => '40',
'label' => 'Select File',
'required' => true,
'validators' => array(
'Size' => array('min' => 20, 'max' => 1000000)
)
)
)
->addElement('submit', 'Save');
我知道已经好几年了,但在你拔头发之前,这里有一个正确的答案: “设置获取值时是否上载文件。此默认值为false,在调用getValues()时将强制接收()。”尝试以下操作:
if($this->getRequest()->isPost()){
如果($form->isValid($this->getRequest()->getParams())){
$id=$form->getValue('name');
$upload=new Zend_File_Transfer_Adapter_Http();
$uploadDestination=应用程序路径。'/../public/uploads/'.$id;
如果(!is_dir($uploadDestination)){
mkdir($uploadDestination,0777,true);
}
$upload->setDestination($uploadDestination);
echo$upload->getFileName();
如果($upload->receive('pdf'))
{
回声';
if ( $form->isValid($this->getRequest()->getParams()) ) {
}
打印($form->getValues());
模具();
}
其他的
{
$messages=$upload->getMessages();
回声内爆(“\n”,$messages);
模具();
}
}
}
$form=new Zend_form();
$form->setAttrib('enctype','multipart/formdata');
$form->setMethod('post')
->addElement('file','pdf',数组(
“大小”=>“40”,
“标签”=>“选择文件”,
“必需”=>true,
“验证程序”=>数组(
'Size'=>数组('min'=>20,'max'=>1000000)
)
)
)
->附录(“提交”、“保存”);
code看起来没问题,只是$id将为空。无论如何,您解决了这个问题吗?在我的例子中,正确的答案是完全删除表单元素。这个问题源于在两个未连接的表单中处理非必需的File
元素