dsfgdsjfd78773 2010-04-12 20:17
浏览 180
已采纳

上传通过电子邮件发送链接以下载文件

Uploadify is a jQuery plugin that allows the easy integration of a multiple (or single) file uploads on your website. It requires Flash and any backend development language. An array of options allow for full customization for advanced users, but basic implementation is so easy that even coding novices can do it.

I wanted to ask if It is possible to sends out a link of a file that has just been uploaded wioth the e-mail notification of Uploadify.

Here is the code for uploadify.php :

<?php
if (!empty($_FILES)) {
    $tempFile = $_FILES['Filedata']['tmp_name'];
    $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
    $targetFile =  str_replace('//','/',$targetPath) . $_FILES['Filedata']['name'];

    // $fileTypes  = str_replace('*.','',$_REQUEST['fileext']);
    // $fileTypes  = str_replace(';','|',$fileTypes);
    // $typesArray = split('\|',$fileTypes);
    // $fileParts  = pathinfo($_FILES['Filedata']['name']);

    // if (in_array($fileParts['extension'],$typesArray)) {
        // Uncomment the following line if you want to make the directory if it doesn't exist
        // mkdir(str_replace('//','/',$targetPath), 0755, true);

        move_uploaded_file($tempFile,$targetFile);
        echo "1";
    // } else {
    //  echo 'Invalid file type.';
    // }
}

//define the receiver of the email
$to = 'admin@admin.com';
//define the subject of the email
$subject = 'Test email';
//define the message to be sent. Each line should be separated with 

$message = "Hello World!

This is my first mail.";
//define the headers we want passed. Note that they are separated with 

$headers = "From: webmaster@example.com
Reply-To: webmaster@example.com";
//send the email
$mail_sent = @mail( $to, $subject, $message, $headers );
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" 
echo $mail_sent ? "Mail sent" : "Mail failed";
?>
  • 写回答

2条回答 默认 最新

  • drix47193 2010-04-12 21:30
    关注

    Your script is vulnerable to filename collisions. You're the uploaded using the original name provided by the user. If the same filename is used more than once, you'll overwrite previous versions with the new one.

    As well, you're blindly using a form value to specify a location to store the upload. What happens if someone specifies "../../../../../../../../../etc" for the folder and "passwd" for the filename? Or on a Windows server "../../../../../../../../windows/system32" and "ntoskrnl.exe"? If the webserver's misconfigured as to what user ID it's running on, you've just opened the machine to a complete remote compromise. But even if they don't want to compromise the system, they'll be able to trash any file within your site's document root with ease.

    Having said that, if you want to embed a link to directly download the file, you'll have to build an HTML-formatted email, or hope the mail client can auto-linkify text that looks like URLs. Building HTML mails for use with the mail() function is a serious pain. I use PHPMailer for my projects. It works nicely and allows you to build any kind of email you'd like.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 ubuntu系统下挂载磁盘上执行./提示权限不够
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型