开发者

Uploadify dropdown folder list

I'm using the ajax uploader Uploadify which is realy great! i managed to get a dropdown list with the folders in some directory but it writes on the parant dir..

JS:

    $(document).ready(function() {
  $('#file_upload').uploadify({
    'uploader'  : 'uploadify/uploadify.swf',
    'script'    : 'uploadify/uploadify.php',
    'cancelImg' : 'uploadify/cancel.png',
    'folder'        :   '../albums/<?php echo $_POST[folderchoose]  ?>',
    'multi'       : true,
    'auto'      : true,
    'displayData': 'speed',
  });

});

index.php

<form action="index.php" method="post">
<select name="folderchoose" id="folderchoose">

<?php
$items = glob("../albums/*", GLOB_ONLYDIR);
{
    foreach($items as $item)
    {
         ?>  <option><? echo "$item\n "; ?></option> <?
        }
    }

?>
</select>
</form>
<input type="file" id="file_upload" name="file_upload" />
<a href="javascript:$('#file_upload').uploadifyUpload();">Upload Files</a>

it works except开发者_如何学Python it uploads the files to "albums/"

thanks ahead :)


The issue is that you are using PHP to set the folder variable in your upload parameters object. PHP is server-side, not client-side. Therefore, it isn't executed until the page loads. Your path ends up being ../albums/.

Also, this is an incredibly insecure way to handle your file uploads. Clients should not be able to pick what paths to put files... at least, not without sanitation of this path.

What I would do minimally is change this line, to this:

'folder'        :   $('#folderchoose').val()

And then, server-side, concat ../albums or whatever the path is. Again though, sanitize your input. Who cares if it is just for admins or not. Admins can be evil too, and so can scripts and others that get their password.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜