|
Wong Ho Wang - 2005-12-19 14:56:52
This "uploader" only wrok with localhost, because it use copy() to copy the file with the file name(and path) provided by user to the destination folder. It is very dangerous!!! For example, if I input "C:\windows\php.ini"(assume target server is running Windows), I can get the php.ini from the server, it is not limited to what I can do with this script! If I provide a URL to a custom PHP file, I can run any code that I like on the target server also! NEVER use this script without modification!
CWL - 2005-12-19 15:20:18 - In reply to message 1 from Wong Ho Wang
I totally agree with you, This script is DANGETOUS!!
Er. Rochak Chauhan - 2005-12-19 17:54:01 - In reply to message 1 from Wong Ho Wang
Common guys have some faith. This class is only for EDUCATIONAL purpose only. If u want a proper uploaded that you wan use in your website, wait for my version 2.
And for for your kind info, you can use COPY function to upload remote file too. You dont know ?? look in the code of version 2.
Happy programming :)
Wong Ho Wang - 2005-12-20 02:27:42 - In reply to message 3 from Er. Rochak Chauhan
Yes, since PHP/4.3.0 copy() can be used for download remote files by giving a URL as the source. But, :( this is not for upload client file! To handle client's upload file, you must use POST to post the file up to the server and use the $_FILES superglobal array. There is one way to use copy() with upload file, is to copy the tmp file ($_FILES['upload_filed_name']['tmp_name']) to your destination folder. But this is not recommended. The best way is to use move_uploaded_file(): move_uploaded_file($_FILES['upload_filed_name']['tmp_name'], $destdir . basename($_FILES['upload_filed_name']['name'])) ;)
Jeff Paffett - 2006-01-03 13:57:46 - In reply to message 4 from Wong Ho Wang
The name of the class is still totally inaccurate, especially as it appears to offer something that is not possible with AJAX
Dan Primer - 2006-04-09 05:14:57 - In reply to message 5 from Jeff Paffett
100% Agreed. Posting a file via an XMLHttpRequest object as this title implies it's possible with AJAX. Currently, it isn't.
|