 PHP File Upload Works... But Stupid IE |
|
|
|
|
  |
 Feb 1 2006, 05:53 PM
Post
#1
|
|
|
Newbie [ Level 2 ]  Group: Members Posts: 12 Joined: 1-February 06 Member No.: 11,015  |
ok i have used the following code in my upload.php file
Code: CODE $uploaddir = '../photos/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } using ../photos/ as my upload DIR works, as the file does upload, but when i echo $uploadfile on the same page: Code: CODE <img src="http://www.thedirtybackbeats.com/<?php echo $uploadfile; ?>" alt="uploadedfile" /> IE wont show it as it has two fullstops before the photo dir in the domain e.g : http://www.thedirtybackbeats.com/../photos/playlist.JPG it works in firefox, as it removes the two full stops, but IE isnt having any of it. any ideas? Reply With Quote -----Please use CODE tags when posting codes-----szupie This post has been edited by szupie: Feb 2 2006, 01:11 AM |
 |
 
|
|
Feb 2 2006, 12:21 AM
Post
#2
|
|
|
Premium Member Group: Members Posts: 292 Joined: 15-December 04 Member No.: 1,768 |
Interesting. I'm sure someone will respond as to why this is happening, and why firefox interprets it differently, but it's obvious if you use $uploadfile as part of the href for the image...it will say http://yourdomain.com/../photos because it's just a string and it's putting the text where you tell it to. I don't know if double quotes would make a difference here, but probably not. I personally was goin to try to write a bit of code that uploads images, but I haven't even started yet. Why are you displaying the picture on the same page? Is it just to verify that the image has been loaded and show it in action?
As I said, I haven't tried this so if the '../photos/' is required rather than just 'photos/' then a simple fix would be to CODE $uploadfile = substr($uploadfile, 3); Just cut out the first 3 (or 2 characters) in your string after you successfully upload. Then you should have a valid path to your image. I'm just curioius as to why firefox parses it. Anyone? |
|
|
|
|
Feb 2 2006, 03:13 AM
Post
#3
|
|
|
Absolute Newbie  Group: Admin Posts: 888 Joined: 20-February 05 From: Indianapolis, Indiana, USA (Midwest) Member No.: 2,714 myCENTs:35.43 |
I suggest not using relative urls.
I understand the though behind using relitive urls but if you are building the url with PHP anyhow, I suggest using some of the built in PHP file system functions to build the link. I think this link may help. http://us2.php.net/manual/en/function.realpath.php This way you'll have all of the benefits of using a relative url for the script but the link that the browser will see will be absolute. You would need to run a few more functions on the variable before it would be usable as a url. Hope this help you. vujsa |
|
|
|
|
Feb 2 2006, 07:51 PM
Post
#4
|
|
|
Premium Member Group: Members Posts: 292 Joined: 15-December 04 Member No.: 1,768 |
Good idea, I thought about that too, but I've never used that function. I don't even know how that thing works lol. Anyways if you can pass an real address rather than just relative to your upload function you could just build your URL.
CODE $uploaddir= 'http://' . $_SERVER['HTTP_HOST'] . '/photos/'; Sometimes you might not want the '//', I've read that somewhere and they used some kind of ternary operator to deal with that problem. In most cases I think something like that would work, as long as you kept the same structure. Perhaps that function realpath would be the better solution tho. Gl with it. |
|
|
|
|
Similar Topics
|
Lo-Fi Version | Time is now: 22nd November 2008 - 04:47 PM |