dqcz57269 2013-05-28 17:33
浏览 57
已采纳

用PHP上传文件 - 解压缩和移动

I have a very basic, very straightforward function that takes a file (after checking it to make sure its a zip among other things) and uploads it, unpacks it and such:

public function theme(array $file){ 
        global $wp_filesystem;

        if(is_dir($wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/")){
            $target_path = $wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/";
            if(move_uploaded_file($file['tmp_name'], $target_path . '/' . $file['name'])) {
                $zip = new ZipArchive();
                $x = $zip->open($target_path);
                if ($x === true) {
                    $zip->extractTo($target_path); // change this to the correct site path
                    $zip->close();

                    //unlink($target_path);
                }
                $this->success('We have uplaoded your new theme! Activate it bellow!');
            } else {    
                $this->error('Oops!', 'Either your zip is corrupted, could not be unpacked or failed to be uploaded. 
                    Please try again.');
            }
        }else{
            $this->error('Missing Directory', 'The Directory theme under custom in Aisis Theme does not exist.');
        }

        if(count(self::$_errors) > 0){
            update_option('show_errors', 'true');
        }

        if(count(self::$_messages) > 0){
            update_option('show_success', 'true');
        }

    }

Extremely basic, yes I have used my target path as both the path to upload too and unpack (should I use a different path, by default it seems to use /tmp/tmp_name)

Note: $file is the array of $_FILES['some_file'];

My question is I get:

Warning: move_uploaded_file(/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip): failed to open stream: Permission denied in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82

Warning: move_uploaded_file(): Unable to move '/tmp/phpfwechz' to '/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip' in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82

Which basically means that "oh the folder your trying to move from is owned by root, no you cannot do that." the folder I am moving too is owned by apache, www-data. - I have full read/write/execute (it's localhost).

So question time:

  • Should my upload to and move to folder be different?
  • How, in a live environment, because this is a WordPress theme, will users who have the ability to upload files be able to get around this "you dont have permission"?
  • 写回答

2条回答 默认 最新

  • doutongwei4380 2013-05-28 18:09
    关注

    You should try to do it the wordpress way. Uploading all user content to wp-content/uploads, and doing it with the native functions.

    As you mention, uploading to a custom directory, may be an issue to non tech savvy users. /uploads already have the special permissions.

    Check out wp_handle_upload. You just have to limit the mime type of the file.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效