堆栈内存溢出
  简体   繁体   English

有没有办法通过 PHP 上传带有特定“tmp_name”的文件?

[英]Is there a way to upload a file through PHP with specific “tmp_name”?

 原文  2021-03-07 09:47:50       php

问题描述

When uploading a file through PHP - The default behavior of the interpreter is to save the file in a temporary folder, with temporary name.通过 PHP 上传文件时 - 解释器的默认行为是将文件保存在临时文件夹中,并使用临时名称。

Then we will have to use the function move_uploaded_file() in order to save it permanently.然后我们将不得不使用 function move_uploaded_file()来永久保存它。

If I have access to the php code- is there a way to skip the move_uploaded_file() phase ?如果我可以访问 php 代码 -有没有办法跳过move_uploaded_file()阶段

1 个解决方案

解决方案1
 2 已采纳  2021-03-07 11:01:14

Yes and no.是和不是。 You can specify which directory to put the temporary files in, but not decide on the temporary name yourself.您可以指定放置临时文件的目录,但不能自行决定临时名称。

From the docs :文档

Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini.默认情况下,文件将存储在服务器的默认临时目录中,除非在 php.ini 中使用 upload_tmp_dir 指令指定了另一个位置。

So you can set upload_tmp_dir :所以你可以设置upload_tmp_dir

The temporary directory used for storing files when doing file upload.文件上传时用来存放文件的临时目录。 Must be writable by whatever user PHP is running as. PHP 运行的任何用户都必须是可写的。 If not specified PHP will use the system's default.如果未指定 PHP 将使用系统默认值。

If the directory specified here is not writable, PHP falls back to the system default temporary directory.如果此处指定的目录不可写,则 PHP 回退到系统默认临时目录。 If open_basedir is on, then the system default directory must be allowed for an upload to succeed.如果 open_basedir 打开,则必须允许系统默认目录才能成功上传。

However, this merely decides the directory but not the filename itself.但是,这仅决定目录,而不是文件名本身。

I think there is pretty solid reasoning why you can't do that:我认为你不能这样做的理由很充分:

  1. Concurrency: How would you know if multiple users / multiple processes are trying to write to the same filename that your application logic decides on?并发:您如何知道多个用户/多个进程是否正在尝试写入您的应用程序逻辑决定的相同文件名? This would cause a lot of race conditions if handled differently.如果处理方式不同,这将导致很多竞争条件。
  2. Depending on your operating system and filename escaping, it could also be a huge security risk to have the file named based on user input or application logic.根据您的操作系统和文件名 escaping,根据用户输入或应用程序逻辑命名文件也可能带来巨大的安全风险。 For example, one could try to overwrite the password file /etc/shadow on a Linux-based system and hook into system access.例如,可以尝试覆盖基于 Linux 的系统上的密码文件/etc/shadow并挂接到系统访问权限。

Furthermore, I personally don't really see any reason why using the process with move_uploaded_file() would be bothersome.此外,我个人并不认为将进程与move_uploaded_file()一起使用会很麻烦。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 tmp_name的PHP文件上传问题 - PHP file upload issue with tmp_name PHP 文件上传错误 tmp_name 为空 - PHP file upload error tmp_name is empty PHP codeigniter 文件上传 $_FILES['pic']['tmp_name']; - PHP codeigniter file upload $_FILES['pic']['tmp_name']; 在Linux中使用php上传,tmp_name为空 - Upload with php in Linux, the tmp_name is empty PHP文件上载错误(UPLOAD_ERR_PARTIAL)/ $ _FILES为空或具有空“tmp_name” - PHP file upload error (UPLOAD_ERR_PARTIAL) / $_FILES is null or has empty“tmp_name” _FILES['file1']['tmp_name'] 尝试在 php 中上传文件时为空 - _FILES['file1']['tmp_name'] is empty when tried to upload file in php PHP和Ajax文件上传-无法通过$ _FILES获得tmp_name - PHP and Ajax file upload - Can't get the tmp_name with $_FILES 角度图像上传到PHP服务器tmp_name丢失 - Angular image upload to PHP server tmp_name missing 使用AJAX发送的PHP中的App引擎将$ _FILES [“ file”] [“ tmp_name”]上传到Cloud Storage - Upload $_FILES[“file”][“tmp_name”] to Cloud Storage with App engine in PHP sent from AJAX 使用iOS Safari的PHP图片上传未提供TMP_NAME - PHP Image upload with iOS Safari not providing TMP_NAME
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM