[FX.php List] [OFF] Potential gotchas with uploading files?

Dennis Dalziel dennis at gandrpublishing.com
Fri Apr 3 10:48:22 MDT 2009 

What if you need to have the user upload files but you also want to give the
user the ability to view and edit those files or images through their web
browser? If the folder that holds the uploaded files is outside of your web
root folder the user can no longer see the files for editing. Also any image
that is available for the user to view and edit would also allow the user to
view the directory path to that image or file.

I've been working on an implementation of FCKEditor, that has both uploading
and editing capability, and wondering how dangerous it is to give a web user
this much information and flexability?

Dennis Dalziel
G & R Publishing Co.

-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale Bengston
Sent: Friday, April 03, 2009 11:38 AM
To: FX.php Discussion List
Subject: Re: [FX.php List] [OFF] Potential gotchas with uploading files?

I followed the strategy laid out on php.net for uploading files to a temp
directory, validating there, and moving/renaming valid files to another
location. Anything not passing validation is deleted from the temp directory
and the user gets an error message.

I'm looking at Michael's and Webko's suggested libraries now, for one really
good reason: multiple file upload support. This is going to be huge for a
brand/content management system I am just beginning to develop.

Dale

On Apr 3, 2009, at 12:39 AM, Head Honcho wrote:

> Hi Joel,
>
> On 03/04/2009, at 1:15 PM, Joel Shapiro wrote:
>
>> Hi all
>>
>> I'm looking for thoughts on how complicated an upload-file site can 
>> be.
>>
>>
> <snip />
>
>>
>> For those that have worked with this, what kinds of problems can 
>> should I be ready for?  Could this be a big headache?
>
> I use the "easy upload" 
> (<http://www.finalwebsites.com/snippets.php?id=7
> >) class which allows me to set file sizes/types as part of my script.
>
> Permissions can be a problem.. the upload folder will have to have 
> write permissions for the web server (_www or www or nobody or 
> whateverTheWebUserIsOnYourSystem).  Those using the files will need 
> read privileges at least.
>
> Regards
>
> Michael Ward
> --
> Head Honcho
> CustoMike Solutions
> Member, FileMaker Business Alliance
> Member, FileMaker Technical Network
> FileMaker 7 Certified Developer
> FileMaker 8 Certified Developer
> FileMaker 9 Certified Developer
> 10 Wandoo Crt
> Wheelers Hill, 3150
> ph 0414 562 501
> headhoncho at customikesolutions.com
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list