[FX.php List] [OFF] Potential gotchas with uploading files?

Blair Duncan Blair.Duncan at bbdo.ca
Fri Apr 3 12:53:43 MDT 2009 

I used a typical php uploader script for quite some time.
I¹ve recently switched to Rad Upload www.radinks.com
Very secure and simple to implement.
The drag and drop user experience is sooo much nicer.



On 03/04/09 2:01 PM, "Joel Shapiro" <jsfmp at earthlink.net> wrote:

> Thanks everybody for all your input.
>
> Webko's FileThingie seems very cool although more than I'd need for
> this project -- but I did have issues ("unknown error") with it on my
> web host.  I didn't do any troubleshooting on it, but it confirms
> that there can be various server issues that will likely need to be
> dealt with in addition to things like validating & restricting file
> types.
>
> Michael's Easy PHP Upload looks nice and simple but I haven't
> downloaded it yet.
>
> I think I've got my answer.  Now I just need to decide how big of a
> headache I'm willing to take on for this project ;)
>
> Thanks all.
>
> -Joel
>
>
> On Apr 3, 2009, at 10:10 AM, Dale Bengston wrote:
>
>> Hi Bob,
>>
>> Well, it still has to be a directory that has www write
>> permissions, but as you pointed out in your example, that directory
>> is known to the PHP scripts but not exposed to the user.
>>
>> This is where I started:
>>
>> http://us.php.net/manual/en/reserved.variables.files.php
>> http://us.php.net/manual/en/function.is-uploaded-file.php
>> http://us.php.net/manual/en/function.move-uploaded-file.php
>>
>> Dale
>>
>> On Apr 3, 2009, at 11:52 AM, Bob Patin wrote:
>>
>>> Dale,
>>>
>>> How do you move the files to another directory without having to
>>> give the same permissions to the final directory? I'd be
>>> interested in seeing how that's done...
>>>
>>> Best,
>>>
>>> Bob Patin
>>>
>>>
>>> <new_logo_idea3_120w.jpg>
>>>
>>> Longterm Solutions
>>> bob at longtermsolutions.com
>>> 615-333-6858
>>> http://www.longtermsolutions.com
>>> iChat: bobpatin
>>> AIM: longterm1954
>>> FileMaker 9 Certified Developer
>>> Member of FileMaker Business Alliance and FileMaker TechNet
>>> --------------------------
>>> FileMaker hosting and consulting for all versions of FileMaker
>>> PHP EUR Full email services EUR Free DNS hosting EUR Colocation EUR
>>> Consulting
>>>
>>> On Apr 3, 2009, at 11:38 AM, Dale Bengston wrote:
>>>
>>>> I followed the strategy laid out on php.net for uploading files
>>>> to a temp directory, validating there, and moving/renaming valid
>>>> files to another location. Anything not passing validation is
>>>> deleted from the temp directory and the user gets an error message.
>>>>
>>>> I'm looking at Michael's and Webko's suggested libraries now, for
>>>> one really good reason: multiple file upload support. This is
>>>> going to be huge for a brand/content management system I am just
>>>> beginning to develop.
>>>>
>>>> Dale
>>>>
>>>> On Apr 3, 2009, at 12:39 AM, Head Honcho wrote:
>>>>
>>>>> Hi Joel,
>>>>>
>>>>> On 03/04/2009, at 1:15 PM, Joel Shapiro wrote:
>>>>>
>>>>>> Hi all
>>>>>>
>>>>>> I'm looking for thoughts on how complicated an upload-file site
>>>>>> can be.
>>>>>>
>>>>>>
>>>>> <snip />
>>>>>
>>>>>>
>>>>>> For those that have worked with this, what kinds of problems
>>>>>> can should I be ready for?  Could this be a big headache?
>>>>>
>>>>> I use the "easy upload" (<http://www.finalwebsites.com/
>>>>> snippets.php?id=7>) class which allows me to set file sizes/
>>>>> types as part of my script.
>>>>>
>>>>> Permissions can be a problem.. the upload folder will have to
>>>>> have write permissions for the web server (_www or www or nobody
>>>>> or whateverTheWebUserIsOnYourSystem).  Those using the files
>>>>> will need read privileges at least.
>>>>>
>>>>> Regards
>>>>>
>>>>> Michael Ward
>>>>> --
>>>>> Head Honcho
>>>>> CustoMike Solutions
>>>>> Member, FileMaker Business Alliance
>>>>> Member, FileMaker Technical Network
>>>>> FileMaker 7 Certified Developer
>>>>> FileMaker 8 Certified Developer
>>>>> FileMaker 9 Certified Developer
>>>>> 10 Wandoo Crt
>>>>> Wheelers Hill, 3150
>>>>> ph 0414 562 501
>>>>> headhoncho at customikesolutions.com
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


Please consider the environment before printing this e-mail.

This message and any attachments contain information, which may be confidential or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify us by e-mail to helpdesk at bbdo.com. We appreciate your cooperation.

More information about the FX.php_List mailing list