Zend database file upload illegally downloaded

Question

Zend database file upload illegally downloaded

I am trying to upload files in the usual form with other text fields.

While the file is being downloaded to a temporary folder, but not to the destination folder, I always get this error: “File download” was illegally downloaded. It could be a possible attack. "

I checked the tempfile file name and you have the correct url in the correct folder.

What I miss here.

        $form = new Zend_Form();
        $form->setAttrib('enctype', 'multipart/form-data');
        $form->setMethod('post')

             ->addElement('file', 'pdf', array(
                                            'size' => '40',
                                            'label' => 'Select File',
                                            'required' => true,
                                            'validators' => array(
                                                            'Size' => array('min' => 20, 'max' => 1000000)
                                                            )
                                            )
                        )

            ->addElement('submit', 'Save')
        ;

        if ( $this->getRequest()->isPost() ) {
            if ( $form->isValid($this->getRequest()->getParams()) ) {
                $id = $form->getValue('name');

                $upload = new Zend_File_Transfer_Adapter_Http();
                $uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;

                if(!is_dir($uploadDestination)){
                    mkdir($uploadDestination, 0777, true);
                }

                $upload->setDestination($uploadDestination);
                echo $upload->getFileName();

                if($upload->receive('pdf'))
                {
                    echo '<pre>';
                    print_r($form->getValues());
                    die();
                }
                else
                {
                    $messages = $upload->getMessages();
                    echo implode("\n", $messages);
                    die();
                }

$ upload-> get ('PDF'); that does not work properly.

+3

php frameworks file-upload zend-framework

zendy Dec 26 '10 at 15:16

source share

4 answers

chim · Answer 1 · 2011-09-28T13:38:16+0000

I think that in the Zend Framework the situation can be improved, since this question was asked.

, .

, Zend_Form:: isValid() - , ,

, , ,

class Jogs_Form_ImportForm extends Zend_Form
{
    public function init()
    {
        $this->setAttrib('enctype', 'multipart/form-data');        
        $this->setAttrib( 'id', 'form-import' );

        $importAction = $this->addElement('radio', 'importAction', array(
            'multiOptions' => array(
                'components' => 'Import components',
                'layouts' => 'Import layouts',
                'layoutComponents' => 'Import layout components',
            ),
            'required'   => true,
            'label'      => 'Import Type:',
        ));

        $upload = $this->addElement( 'file', 'import-file', array( 
            'label' => 'Text (tab delimited) file (.txt)',
            'validators' => array(
            'Size'  => array('max' => 10*1024*1024),
            'Extension'  => array('txt', 'messages' => array(
                 Zend_Validate_File_Extension::FALSE_EXTENSION 
                 => 'file must end with ".txt"' ) ),
            'MimeType' => array( 'text/plain', 'messages' => array( 
                 Zend_Validate_File_MimeType::FALSE_TYPE 
                 => 'file must be text (tab delimited)' ) ),            
            )
        ) );

        $go = $this->addElement('submit', 'go', array(
            'required' => false,
            'ignore'   => true,
            'label'    => 'Go',
        ));
    }
}

class ImportController extends Zend_Controller_Action
{
    public function indexAction(){
        $form = new Polypipe_Form_ImportForm();
        $this->view->form = $form;

        if ( 
        $this->getRequest()->isPost() 
        && 
        $form->isValid( $this->getRequest()->getPost() ) 
        ){
            $data = $form->getValues();
            // get the file info
            $ft = $form->getElement('import-file')->getTransferAdapter();
            $fileInfo = $ft->getFileinfo();
        }

    }

}

Jaimin · Answer 2 · 2011-09-05T09:14:48+0000

, , , ... , , , ... .... , -...

, isValid .. ,

if ( $form->isValid($this->getRequest()->getParams()) ) {
}

. $form- > isValid, .

$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;

if(!is_dir($uploadDestination)){
    mkdir($uploadDestination, 0777, true);
}

$upload->setDestination($uploadDestination);
echo $upload->getFileName();

if($upload->receive('pdf'))
{
    echo '<pre>';
    print_r($form->getValues());
    die();
}
else
{
    $messages = $upload->getMessages();
    echo implode("\n", $messages);
    die();
}

, , ...

Clay · Answer 3 · 2015-08-13T03:15:46+0000

, , , :

$form->yourElement->setValueDisabled( true );

", . false, () getValues ()."

Suraj · Answer 4 · 2016-08-31T06:37:38+0000

:

   if ( $this->getRequest()->isPost() ) {
        if ( $form->isValid($this->getRequest()->getParams()) ) {
            $id = $form->getValue('name');

        $upload = new Zend_File_Transfer_Adapter_Http();
        $uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;

        if(!is_dir($uploadDestination)){
            mkdir($uploadDestination, 0777, true);
        }

        $upload->setDestination($uploadDestination);
        echo $upload->getFileName();

        if($upload->receive('pdf'))
        {
            echo '<pre>';
            print_r($form->getValues());
            die();
        }
        else
        {
            $messages = $upload->getMessages();
            echo implode("\n", $messages);
            die();
        }
    }
}

        $form = new Zend_Form();
        $form->setAttrib('enctype', 'multipart/form-data');
        $form->setMethod('post')

          ->addElement('file', 'pdf', array(
                                    'size' => '40',
                                    'label' => 'Select File',
                                    'required' => true,
                                    'validators' => array(
                                                    'Size' => array('min' => 20, 'max' => 1000000)
                                                    )
                                    )
                )

          ->addElement('submit', 'Save');

Zend database file upload illegally downloaded

More articles: