如何解决文件上传在IE和Firefox中不起作用
| 我有以下代码将文件上传到服务器。出于某些奇怪的原因,它在IE和Mozilla Firefox中不起作用,但在Chrome中完美运行。问题是什么? PHP:// Check post_max_size (http://us3.PHP.net/manual/en/features.file-upload.PHP#73762)
$POST_MAX_SIZE = ini_get(\'post_max_size\');
$unit = strtoupper(substr($POST_MAX_SIZE,-1));
$multiplier = ($unit == \'M\' ? 1048576 : ($unit == \'K\' ? 1024 : ($unit == \'G\' ? 1073741824 : 1)));
if ((int)$_SERVER[\'CONTENT_LENGTH\'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE)
HandleError(\'File exceeded maximum allowed size. Your file size <b>MUST NOT</b> be more than 100kb.\');
// Settings
$save_path = \'uploads/\'; //getcwd() . \'/uploads/\';The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
$upload_name = \'userfile\'; // change this accordingly
$max_file_size_in_bytes = 102400; // 100k in bytes
$whitelist = array(\'jpg\',\'png\',\'gif\',\'jpeg\'); // Allowed file extensions
$blacklist = array(\'PHP\',\'PHP3\',\'PHP4\',\'phtml\',\'exe\',\'txt\',\'scr\',\'cgi\',\'pl\',\'shtml\'); // Restrict file extensions
$valid_chars_regex = \'A-Za-z0-9_-\\s \';// Characters allowed in the file name (in a Regular Expression format)
// Other variables
$MAX_FILENAME_LENGTH = 260;
$file_name = $_FILES[$upload_name][\'name\'];
//echo \"testing-\".$file_name.\"<br>\";
//$file_name = strtolower($file_name);
////////$file_extension = end(explode(\'.\',$file_name));
$parts = explode(\'.\',$file_name);
$file_extension = end($parts);
$uploadErrors = array(
0=>\'There is no error,the file uploaded with success\',1=>\'The uploaded file exceeds the upload max filesize allowed.\',2=>\'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form\',3=>\'The uploaded file was only partially uploaded\',4=>\'No file was uploaded\',6=>\'Missing a temporary folder\'
);
// Validate the upload
if (!isset($_FILES[$upload_name]))
**HandleError(\'No upload found for \' . $upload_name);**//THROWS UP ERROR HERE in IE and Firefox
else if (isset($_FILES[$upload_name][\'error\']) && $_FILES[$upload_name][\'error\'] != 0)
HandleError($uploadErrors[$_FILES[$upload_name][\'error\']]);
else if (!isset($_FILES[$upload_name][\'tmp_name\']) || !@is_uploaded_file($_FILES[$upload_name][\'tmp_name\']))
HandleError(\'Upload Failed.\');
else if (!isset($_FILES[$upload_name][\'name\']))
HandleError(\'File has no name.\');
HTML:
<form name=\"upload\" action=\"/upload\" method=\"POST\" ENCTYPE=\"multipart/formdata\">
<table border=\"0\" cellpadding=\"3\" cellspacing=\"3\" class=\"forms\">
<tr>
<tr>
<td style=\"height: 26px\" align=\"center\">
<font class=\"font_upload_picture\">\'.MSG142.\': <input class=\"font_upload_picture\" type=\"file\" name=\"userfile\">
<input type=hidden name=MAX_FILE_SIZE value=102400 />
</td>
</tr>
<tr>
<td colspan=\"2\">
<p align=\"center\">
<input type=\"image\" name=\"upload\" value=\"upload\" src=\"/img/layout/btnupload.gif\" border=\"0\" />
</p>
<p> </p>
<td><a href=\"/picturecamerasettings\"><img src=\"/img/layout/takepicture.gif\" border=\"0\" /><br> \'.MSG143.\'</a></td>
</tr>
</table>
</form>
解决方法
表格的编码应为
multipart/form-data
,您的html中有错误。您缺少tr
和td
标签的结束标签。另外,关闭文件上传输入标签/>
。
,您的某些逻辑已关闭:
if (!isset($_FILES[$upload_name]))
将永远过去。对于表格中的每个“ 7”,无论文件是否实际上传,都会有一个匹配的“ 8”条目。如果没有文件上传到一起,那么您将得到错误代码“ 9”。
else if (isset($_FILES[$upload_name][\'error\']) && $_FILES[$upload_name][\'error\'] != 0)
您不必检查是否已设置错误参数。只要“ 11”中具有有效的文件字段名称,“ 12”部分就会在那里。不过,您可以检查ѭ13ѭ。以防您的变量设置错误。
您已将其注释掉,但是您正在通过检查用户提供的文件名来检查有效的上传类型。请记住,$ _ FILES中的[\'type\']
和[\'name\']
参数是用户提供的,可以被颠覆。没什么说恶意用户无法将bad_virus.exe
重命名为cute_puppies.jpg
并通过您的“验证”检查。始终通过使用Fileinfo之类的东西来确定服务器上的MIME类型。它将检查文件的实际内容,而不仅仅是文件名。
因此,您的上传验证应类似于:
if (isset($_FILES[$upload_name]) && ($_FILES[$upload_name][\'error\'] === UPLOAD_ERR_OK)) {
$fi = finfo_open(FILE_INFO_MIME_TYPE);
$mime = finfo_file($fi,$_FILES[$upload_name][\'tmp_name\']);
if (!in_array($valid_mime_type,$mime)) {
HandleError(\"Invalid file type $mime\");
}
etc...
} else {
HandleError($uploadErrors[$_FILES[$upload_name][\'error\']]);
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。