开发者

Having Uploadify e-mail a link to download the file

问答 作者:

Uploadify is a jQuery plugin that allows the easy integration of a multiple (or single) file uploads on your website. It requires Flash and any backend development language. An array of options allow for full customization for advanced users, but basic implementation is so easy that even coding novices can do it.

I wanted to ask if It is possible to sends out a link of a file that has just been uploaded wioth the e-mail notification of Uploadify.

Here is the code for uploadify.php :

<?php
if (!empty($_FILES)) {
    $tempFile = $_FILES['Filedata']['tmp_name'];
    $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
    $targetFile =  str_replace('//','/',$targetPath) . $_FILES['Filedata']['name'];

    // $fileTypes  = str_replace('*.','',$_REQUEST['fileext']);
    // $fileTypes  = str_replace(';','|',$fileTypes);
    // $typesArray = split('\|',$fileTypes);
    // $fileParts  = pathinfo($_FILES['Filedata']['name']);

    // if (in_array($fileParts['extension'],$typesArray)) {
        // Uncomment the following line if you want to make the directory if it doesn't exist
        // mkdir(str_replace('//','/',$targetPath), 0755, true);

        move_uploaded_file($tempFile,$targetFile);
        echo "1";
    // } else {
    /开发者_如何学Go/  echo 'Invalid file type.';
    // }
}

//define the receiver of the email
$to = 'admin@admin.com';
//define the subject of the email
$subject = 'Test email';
//define the message to be sent. Each line should be separated with \n
$message = "Hello World!\n\nThis is my first mail.";
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: webmaster@example.com\r\nReply-To: webmaster@example.com";
//send the email
$mail_sent = @mail( $to, $subject, $message, $headers );
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" 
echo $mail_sent ? "Mail sent" : "Mail failed";
?>

Your script is vulnerable to filename collisions. You're the uploaded using the original name provided by the user. If the same filename is used more than once, you'll overwrite previous versions with the new one.

As well, you're blindly using a form value to specify a location to store the upload. What happens if someone specifies "../../../../../../../../../etc" for the folder and "passwd" for the filename? Or on a Windows server "../../../../../../../../windows/system32" and "ntoskrnl.exe"? If the webserver's misconfigured as to what user ID it's running on, you've just opened the machine to a complete remote compromise. But even if they don't want to compromise the system, they'll be able to trash any file within your site's document root with ease.

Having said that, if you want to embed a link to directly download the file, you'll have to build an HTML-formatted email, or hope the mail client can auto-linkify text that looks like URLs. Building HTML mails for use with the mail() function is a serious pain. I use PHPMailer for my projects. It works nicely and allows you to build any kind of email you'd like.

Something like:

<?PHP
$fileURL = 'http://' . $_SERVER['HTTP_HOST'] . $_REQUEST['folder'] . '/' . $_FILES['Filedata']['name'];

// ...

$message = "You can download the file from: {$fileURL}";

// ...
$mail_sent = @mail( $to, $subject, $message, $headers );
//...

继续阅读:file-uploadjqueryphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9