我正在构建一个ExtJS4 web应用程序,我有一个部分可以成功地将多个文件上传到文件管理器中的一个文件夹中。我用Ivan Novakov's library实现了这一点。
我创建了一个按钮,在该按钮的处理程序中,我有以下代码:
var uploadPanel = Ext.create('Ext.ux.upload.Panel', {
uploader : 'Ext.ux.upload.uploader.FormDataUploader',
uploaderOptions : {
url : 'uploadGallery.php'
},
synchronous : true
});
var uploadDialog = Ext.create('Ext.ux.upload.Dialog', {
dialogTitle : 'My Upload Dialog',
panel : uploadPanel
});
this.mon(uploadDialog, 'uploadcomplete', function(uploadPanel, manager, items, errorCount) {
console.log('manager = ' + manager);
console.log('items = ' + items);
console.log('manager result = ' + manager.result);
console.log('manager result message = ' + manager.message);
console.log('manager status = ' + manager.status);
console.log('manager filePath = ' + manager.filePath);
}, this);
uploadDialog.show();我有自己的PHP文件上载处理程序:
<?php
require_once '_common.php';
$config = require_once '_config.php'; //require __DIR__ . '/_config.php';
$fileName = '';
$mimeType = '';
$fileSize = 0;
if (empty($_FILES)) {
_error('No file received');
}
$pathArray = array();
foreach ($_FILES as $fileName => $fileData) {
if (
!isset($fileData['error']) ||
is_array($fileData['error'])
) {
die(json_encode(array(
'success' => false,
'status' => "Invalid Parameters.",
'files' => $_FILES
)));
}
// Check $_FILES['fileToUpload']['error'] value.
switch ($fileData['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_NO_FILE:
die(json_encode(array(
'success' => false,
'status' => "No file sent.",
'files' => $_FILES
)));
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
die(json_encode(array(
'success' => false,
'status' => "Exceeded filesize limit.",
'files' => $_FILES
)));
default:
die(json_encode(array(
'success' => false,
'status' => "Unknown errors.",
'files' => $_FILES
)));
}
// You should also check filesize here.
if ($fileData['size'] > 1000000) {
die(json_encode(array(
'success' => false,
'status' => "Exceeded File Size Limit.",
'files' => $_FILES
)));
}
// DO NOT TRUST $_FILES['fileToUpload']['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new finfo(FILEINFO_MIME_TYPE);
if (false === $ext = array_search(
$finfo->file($fileData['tmp_name']),
array(
'jpg' => 'image/jpeg',
'png' => 'image/png',
'gif' => 'image/gif',
),
true
)) {
die(json_encode(array(
'success' => false,
'status' => "Invalid file format.",
'files' => $_FILES
)));
}
// You should name it uniquely.
// DO NOT USE $_FILES['fileToUpload']['name'] WITHOUT ANY VALIDATION !!
// On this example, obtain safe unique name from its binary data.
if (!move_uploaded_file(
$fileData['tmp_name'],
sprintf('./gallery/%s.%s',
basename($fileData['tmp_name']),
$ext
)
)) {
die(json_encode(array(
'success' => false,
'status' => "Failed to move uploaded file.",
'files' => $_FILES
)));
}
// $uploadFile = sprintf('./gallery/%s.%s',
// sha1_file($_FILES['fileToUpload']['tmp_name']);
$uploaddir = '/gallery/';
$name = $fileData["tmp_name"];
$fullPath = sprintf('gallery/%s.%s',
basename($fileData['tmp_name']),
$ext
);
array_push($pathArray, $fullPath);
// echo '{"success": true, "status": "file Uploaded successfully", "filePath" : "$filePath"}';
// _response(true, sprintf("%s", $fullPath));
// echo(json_encode(array(
// 'success' => true,
// 'status' => "File is uploaded successfully.",
// 'filePath' => "$fullPath"
// )));
}
//_log(sprintf("[multipart] Uploaded %s, %s, %d byte(s)", $fileName, $mimeType, $fileSize));
// _response(true, $pathArray);
print_r(json_encode(array(
'success' => true,
'status' => "File is uploaded successfully.",
'filePath' => "$fullPath"
)));
?>我没有改变他的_common.php和e1d1e中的can be found here。
正如您所看到的,在我的PHP部分,我正在尝试将上传文件的filePath发送回ExtJS部分,我需要这个用于数据库输入过程。然而,我不知道如何在我的ExtJS代码中获得这个JSON对象,因为函数只有4个参数(uploadPanel、manager、items、errorCount),到目前为止,我还没有猜到哪个参数会包含JSON响应。
1条答案
按热度按时间7rtdyuoh1#
我找到了一个相当粗糙的方法来解决这个问题。我所做的是使用上传文件的原始文件名作为服务器文件系统中的文件名。这是不是一个好的解决方案。如果需要将文件名保存到数据库中,并且文件名是SQL注入,则会出现问题。
在这种情况下,
$_FILES['fileToUpload']['name']是e1d1e,请检查foreach循环的开头。如前所述,如果不先检查和验证
$_FILES['fileToUpload']['name'],就不应该真正使用它。这个问题仍然有待回答。