dqcz57269 2013-05-28 17:33
浏览 57
已采纳

用PHP上传文件 - 解压缩和移动

I have a very basic, very straightforward function that takes a file (after checking it to make sure its a zip among other things) and uploads it, unpacks it and such:

public function theme(array $file){ 
        global $wp_filesystem;

        if(is_dir($wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/")){
            $target_path = $wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/";
            if(move_uploaded_file($file['tmp_name'], $target_path . '/' . $file['name'])) {
                $zip = new ZipArchive();
                $x = $zip->open($target_path);
                if ($x === true) {
                    $zip->extractTo($target_path); // change this to the correct site path
                    $zip->close();

                    //unlink($target_path);
                }
                $this->success('We have uplaoded your new theme! Activate it bellow!');
            } else {    
                $this->error('Oops!', 'Either your zip is corrupted, could not be unpacked or failed to be uploaded. 
                    Please try again.');
            }
        }else{
            $this->error('Missing Directory', 'The Directory theme under custom in Aisis Theme does not exist.');
        }

        if(count(self::$_errors) > 0){
            update_option('show_errors', 'true');
        }

        if(count(self::$_messages) > 0){
            update_option('show_success', 'true');
        }

    }

Extremely basic, yes I have used my target path as both the path to upload too and unpack (should I use a different path, by default it seems to use /tmp/tmp_name)

Note: $file is the array of $_FILES['some_file'];

My question is I get:

Warning: move_uploaded_file(/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip): failed to open stream: Permission denied in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82

Warning: move_uploaded_file(): Unable to move '/tmp/phpfwechz' to '/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip' in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82

Which basically means that "oh the folder your trying to move from is owned by root, no you cannot do that." the folder I am moving too is owned by apache, www-data. - I have full read/write/execute (it's localhost).

So question time:

  • Should my upload to and move to folder be different?
  • How, in a live environment, because this is a WordPress theme, will users who have the ability to upload files be able to get around this "you dont have permission"?
  • 写回答

2条回答 默认 最新

  • doutongwei4380 2013-05-28 18:09
    关注

    You should try to do it the wordpress way. Uploading all user content to wp-content/uploads, and doing it with the native functions.

    As you mention, uploading to a custom directory, may be an issue to non tech savvy users. /uploads already have the special permissions.

    Check out wp_handle_upload. You just have to limit the mime type of the file.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器