Zend framework file upload illegally uploaded
I'm trying to upload files within a normal form with other text fields.
So far, the file gets uploaded to a temp folder but not to my destinationfolder, I always get this error "File 'upload' was illegally uploaded. This could be a possible attack".
I've checked the filename of the tempfile and that has the correct url in the correct folder.
What am I missing here.
$form = new Zend_Form();
$form->setAttrib('enctype', 'multipart/form-data');
$form->setMethod('post')
->addElement('file', 'pdf', array(
'size' => '40',
开发者_运维百科 'label' => 'Select File',
'required' => true,
'validators' => array(
'Size' => array('min' => 20, 'max' => 1000000)
)
)
)
->addElement('submit', 'Save')
;
if ( $this->getRequest()->isPost() ) {
if ( $form->isValid($this->getRequest()->getParams()) ) {
$id = $form->getValue('name');
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
$upload->receive('pdf'); is what's not working properly.
think things may have improved in Zend Framework since this question was asked.
The code below shows a working example of a robust file validation, including customised error messages.
The key point is that the Zend_Form::isValid() method is all you need, you don't need to validate the file transfer separately
Your form definition, note that the file validators are added as if they were normal validators
class Jogs_Form_ImportForm extends Zend_Form
{
public function init()
{
$this->setAttrib('enctype', 'multipart/form-data');
$this->setAttrib( 'id', 'form-import' );
$importAction = $this->addElement('radio', 'importAction', array(
'multiOptions' => array(
'components' => 'Import components',
'layouts' => 'Import layouts',
'layoutComponents' => 'Import layout components',
),
'required' => true,
'label' => 'Import Type:',
));
$upload = $this->addElement( 'file', 'import-file', array(
'label' => 'Text (tab delimited) file (.txt)',
'validators' => array(
'Size' => array('max' => 10*1024*1024),
'Extension' => array('txt', 'messages' => array(
Zend_Validate_File_Extension::FALSE_EXTENSION
=> 'file must end with ".txt"' ) ),
'MimeType' => array( 'text/plain', 'messages' => array(
Zend_Validate_File_MimeType::FALSE_TYPE
=> 'file must be text (tab delimited)' ) ),
)
) );
$go = $this->addElement('submit', 'go', array(
'required' => false,
'ignore' => true,
'label' => 'Go',
));
}
}
your controller class
class ImportController extends Zend_Controller_Action
{
public function indexAction(){
$form = new Polypipe_Form_ImportForm();
$this->view->form = $form;
if (
$this->getRequest()->isPost()
&&
$form->isValid( $this->getRequest()->getPost() )
){
$data = $form->getValues();
// get the file info
$ft = $form->getElement('import-file')->getTransferAdapter();
$fileInfo = $ft->getFileinfo();
}
}
}
I think you might have solved the problem... so i am just giving answer so that anyone who faces this error can find the solution via this valuable post... I faced many difficulties to solve this problem.... Hope it helps someone...
Here the problem is that isValid method is called twice.. once when you call
if ( $form->isValid($this->getRequest()->getParams()) ) {
}
and second in the receive method.. so if you keep the below code outside $form->isValid method than your file will be uploaded..
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
but still you will get the error when you validate your other elements but your file will be uploaded...
I know it's been a couple years, but here is the correct answer before you pull out your hair:
$form->yourElement->setValueDisabled( true );
"Set if the file will be uploaded when getting the value. This defaults to false which will force receive() when calling getValues()."
Try this:
if ( $this->getRequest()->isPost() ) {
if ( $form->isValid($this->getRequest()->getParams()) ) {
$id = $form->getValue('name');
$upload = new Zend_File_Transfer_Adapter_Http();
$uploadDestination = APPLICATION_PATH . '/../public/uploads/'.$id;
if(!is_dir($uploadDestination)){
mkdir($uploadDestination, 0777, true);
}
$upload->setDestination($uploadDestination);
echo $upload->getFileName();
if($upload->receive('pdf'))
{
echo '<pre>';
print_r($form->getValues());
die();
}
else
{
$messages = $upload->getMessages();
echo implode("\n", $messages);
die();
}
}
}
$form = new Zend_Form();
$form->setAttrib('enctype', 'multipart/form-data');
$form->setMethod('post')
->addElement('file', 'pdf', array(
'size' => '40',
'label' => 'Select File',
'required' => true,
'validators' => array(
'Size' => array('min' => 20, 'max' => 1000000)
)
)
)
->addElement('submit', 'Save');
加载中,请稍侯......
精彩评论