PHP Classes

Fake & dangerous work!!

Recommend this page to a friend!

      AJAX File Uploader  >  All threads  >  Fake & dangerous work!!  >  (Un) Subscribe thread alerts  
Subject:Fake & dangerous work!!
Summary:This is NOT an uploader! It is a local file copier!!!
Messages:6
Author:Wong Ho Wang
Date:2005-12-19 14:56:52
Update:2006-04-09 05:14:57
 

  1. Fake & dangerous work!!   Reply   Report abuse  
Picture of Wong Ho Wang Wong Ho Wang - 2005-12-19 14:56:52
This "uploader" only wrok with localhost, because it use copy() to copy the file with the file name(and path) provided by user to the destination folder. It is very dangerous!!! For example, if I input "C:\windows\php.ini"(assume target server is running Windows), I can get the php.ini from the server, it is not limited to what I can do with this script! If I provide a URL to a custom PHP file, I can run any code that I like on the target server also! NEVER use this script without modification!

  2. Re: Fake & dangerous work!!   Reply   Report abuse  
Picture of CWL CWL - 2005-12-19 15:20:18 - In reply to message 1 from Wong Ho Wang
I totally agree with you, This script is DANGETOUS!!

  3. Re: Fake & dangerous work!!   Reply   Report abuse  
Picture of Er. Rochak Chauhan Er. Rochak Chauhan - 2005-12-19 17:54:01 - In reply to message 1 from Wong Ho Wang
Common guys have some faith. This class is only for EDUCATIONAL purpose only. If u want a proper uploaded that you wan use in your website, wait for my version 2.

And for for your kind info, you can use COPY function to upload remote file too. You dont know ?? look in the code of version 2.

Happy programming :)

  4. Re: Fake & dangerous work!!   Reply   Report abuse  
Picture of Wong Ho Wang Wong Ho Wang - 2005-12-20 02:27:42 - In reply to message 3 from Er. Rochak Chauhan
Yes, since PHP/4.3.0 copy() can be used for download remote files by giving a URL as the source. But, :( this is not for upload client file! To handle client's upload file, you must use POST to post the file up to the server and use the $_FILES superglobal array. There is one way to use copy() with upload file, is to copy the tmp file ($_FILES['upload_filed_name']['tmp_name']) to your destination folder. But this is not recommended. The best way is to use move_uploaded_file(): move_uploaded_file($_FILES['upload_filed_name']['tmp_name'], $destdir . basename($_FILES['upload_filed_name']['name'])) ;)

  5. Re: Fake & dangerous work!!   Reply   Report abuse  
Picture of Jeff Paffett Jeff Paffett - 2006-01-03 13:57:46 - In reply to message 4 from Wong Ho Wang
The name of the class is still totally inaccurate, especially as it appears to offer something that is not possible with AJAX

  6. Re: Fake & dangerous work!!   Reply   Report abuse  
Picture of Dan Primer Dan Primer - 2006-04-09 05:14:57 - In reply to message 5 from Jeff Paffett
100% Agreed. Posting a file via an XMLHttpRequest object as this title implies it's possible with AJAX. Currently, it isn't.