开发者

File Upload not working in IE and Firefox

问答 作者:

I have the following code to upload a file to the server. For some weird reason, it does not work in IE and Mozilla Firefox but works perfect in Chrome. What is the problem?

PHP:

// Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762)
    $POST_MAX_SIZE = ini_get('post_max_size');
    $unit = strtoupper(substr($POST_MAX_SIZE, -1));
    $multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));

    if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE)
        HandleError('File exceeded maximum allowed size. Your file size <b>MUST NOT</b> be more than 100kb.');

// Settings
    $save_path = 'uploads/'; //getcwd() . '/uploads/';The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
    $upload_name = 'userfile';                          // change this accordingly
    $max_file_size_in_bytes = 102400;               // 100k in bytes
    $whitelist = array('jpg', 'png', 'gif', 'jpeg');    // Allowed file extensions
    $blacklist = array('php', 'php3', 'php4', 'phtml','exe','txt','scr','cgi','pl','shtml'); // Restrict file extensions
    $valid_chars_regex = 'A-Za-z0-9_-\s ';// Characters allowed in the file name (in a Regular Expression format)

// Other variables
    $MAX_FILENAME_LENGTH = 260;
    $file_name = $_FILES[$upload_name]['name'];
    //echo "testing-".$file_name."<br>";
    //$file_name = strtolower($file_name);
    ////////$file_extension = end(explode('.', $file_name));

    $parts = explode('.', $file_name);
    $file_开发者_JAVA百科extension = end($parts);

    $uploadErrors = array(
        0=>'There is no error, the file uploaded with success',
        1=>'The uploaded file exceeds the upload max filesize allowed.',
        2=>'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
        3=>'The uploaded file was only partially uploaded',
        4=>'No file was uploaded',
        6=>'Missing a temporary folder'
    );

// Validate the upload
    if (!isset($_FILES[$upload_name]))


        **HandleError('No upload found for ' . $upload_name);**//THROWS UP ERROR HERE in IE and Firefox


    else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)
        HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
    else if (!isset($_FILES[$upload_name]['tmp_name']) || !@is_uploaded_file($_FILES[$upload_name]['tmp_name']))
        HandleError('Upload failed.');
    else if (!isset($_FILES[$upload_name]['name']))
        HandleError('File has no name.');

HTML:

<form name="upload" action="/upload" method="POST" ENCTYPE="multipart/formdata">
        <table border="0" cellpadding="3" cellspacing="3" class="forms">
          <tr> 
           <tr> 
           <td style="height: 26px" align="center">
<font class="font_upload_picture">'.MSG142.': <input class="font_upload_picture" type="file" name="userfile">
<input type=hidden name=MAX_FILE_SIZE value=102400 />
           </td>
          </tr>
          <tr> 
            <td colspan="2">
                   <p align="center">
                                <input type="image" name="upload" value="upload" src="/img/layout/btnupload.gif" border="0" />
                              </p>
                              <p>&nbsp;</p>
                              <td><a href="/picturecamerasettings"><img src="/img/layout/takepicture.gif" border="0" /><br> '.MSG143.'</a></td>
                              </tr>
        </table>
        </form>

The enctype of the form should be multipart/form-data

You have errors in your html. You're missing closing tags for a tr and td tag. Also, close off your file upload input tag />.

Some of your logic is off:

if (!isset($_FILES[$upload_name]))

will always pass. For every <input type="file"> in your form, there'll be a matching $_FILES entry, whether a file was actually uploaded or not. If no file was uploaded to being with, then you'll get error code 4.

else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)

You don't have to check if the error parameter is set. as long as $upload_name has a valid file field name in it, the error section will be there. You can check for $_FILES[$upload_name], though. in case your variable's set wrong.

You've commented it out, but you're checking for valid upload types by checking the user-provided filename. Remember that the ['type'] and ['name'] parameters in $_FILES are user-supplied and can be subverted. Nothing says a malicious user can't rename bad_virus.exe to cute_puppies.jpg and get through your 'validation' check. Always determine MIME type on the server, by using something like Fileinfo. That inspects the file's actual contents, not just the filename.

So, your upload validation should look something like:

if (isset($_FILES[$upload_name]) && ($_FILES[$upload_name]['error'] === UPLOAD_ERR_OK)) {
    $fi = finfo_open(FILE_INFO_MIME_TYPE);
    $mime = finfo_file($fi, $_FILES[$upload_name]['tmp_name']);
    if (!in_array($valid_mime_type, $mime)) {
       HandleError("Invalid file type $mime");
    }
    etc...
} else {
    HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
}

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9