dflow Posted November 22, 2011 Share Posted November 22, 2011 im using this script to upload files i want to use it inside an iframe but get an error it looks like a path to root issue it works fine with no errors NOt in an iframe if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/'; // $fileTypes = str_replace('*.','',$_REQUEST['fileext']); // $fileTypes = str_replace(';','|',$fileTypes); // $typesArray = split('\|',$fileTypes); // $fileParts = pathinfo($_FILES['Filedata']['name']); $tempName = $_FILES['Filedata']['name']; //$tempNameEnd = explode('.',$tempName); //$tempNameEnd = $tempNameEnd[1]; $tempName = basename($tempName); if (isset($_POST['apartmentID']) && is_numeric($_POST['apartmentID'])) { $tempName = $_POST['apartmentID'].'-'.rand(0,999999).'-'.$tempName; //.$tempNameEnd; } else { $tempName = rand(0,999999).'-'.$tempName; //.$tempNameEnd; } $targetFile = str_replace('//','/',$targetPath) . $tempName; // if (in_array($fileParts['extension'],$typesArray)) { // Uncomment the following line if you want to make the directory if it doesn't exist // mkdir(str_replace('//','/',$targetPath), 0755, true); $dbTargetFile = $targetFile; $targetFile = '/srv/disk1/744444/www/example.com'.$targetFile; $success = move_uploaded_file($tempFile,$targetFile); echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile); if (isset($_POST['apartmentID']) && is_numeric($_POST['apartmentID'])) { $query = 'INSERT INTO images SET ID = \''.mysql_real_escape_string($_POST['apartmentID']).'\', ImageURL = \''.$dbTargetFile.'\', InternalSupplierID = \'100\''; fwrite($fp,$query.PHP_EOL); mysql_query($query); fwrite($fp,var_export(mysql_error(),true).PHP_EOL); //security risk!! //can only fix if we change image uploading script $query = 'UPDATE apartments SET mainImage = \''.$dbTargetFile.'\' WHERE ID = \''.mysql_real_escape_string($_POST['apartmentID']).'\''; mysql_query($query); } // } else { // echo 'Invalid file type.'; // } } fclose($fp); ?> Link to comment https://forums.phpfreaks.com/topic/251646-path-to-root-inside-iframes/ Share on other sites More sharing options...
dflow Posted November 22, 2011 Author Share Posted November 22, 2011 im using this script to upload files i want to use it inside an iframe but get an error it looks like a path to root issue it works fine with no errors NOt in an iframe if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/'; // $fileTypes = str_replace('*.','',$_REQUEST['fileext']); // $fileTypes = str_replace(';','|',$fileTypes); // $typesArray = split('\|',$fileTypes); // $fileParts = pathinfo($_FILES['Filedata']['name']); $tempName = $_FILES['Filedata']['name']; //$tempNameEnd = explode('.',$tempName); //$tempNameEnd = $tempNameEnd[1]; $tempName = basename($tempName); if (isset($_POST['apartmentID']) && is_numeric($_POST['apartmentID'])) { $tempName = $_POST['apartmentID'].'-'.rand(0,999999).'-'.$tempName; //.$tempNameEnd; } else { $tempName = rand(0,999999).'-'.$tempName; //.$tempNameEnd; } $targetFile = str_replace('//','/',$targetPath) . $tempName; // if (in_array($fileParts['extension'],$typesArray)) { // Uncomment the following line if you want to make the directory if it doesn't exist // mkdir(str_replace('//','/',$targetPath), 0755, true); $dbTargetFile = $targetFile; $targetFile = '/srv/disk1/744444/www/example.com'.$targetFile; $success = move_uploaded_file($tempFile,$targetFile); echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile); if (isset($_POST['apartmentID']) && is_numeric($_POST['apartmentID'])) { $query = 'INSERT INTO images SET ID = \''.mysql_real_escape_string($_POST['apartmentID']).'\', ImageURL = \''.$dbTargetFile.'\', InternalSupplierID = \'100\''; fwrite($fp,$query.PHP_EOL); mysql_query($query); fwrite($fp,var_export(mysql_error(),true).PHP_EOL); //security risk!! //can only fix if we change image uploading script $query = 'UPDATE apartments SET mainImage = \''.$dbTargetFile.'\' WHERE ID = \''.mysql_real_escape_string($_POST['apartmentID']).'\''; mysql_query($query); } // } else { // echo 'Invalid file type.'; // } } fclose($fp); ?> I'm including it like this <script type="text/javascript"> $(document).ready(function() { $('#file_upload').uploadify({ 'uploader' : '/uploadify/uploadify.swf', 'script' : '/uploadify/uploadify.php', 'cancelImg' : '/uploadify/cancel.png', 'folder' : '/uploads', 'auto' : true }); }); </script> Link to comment https://forums.phpfreaks.com/topic/251646-path-to-root-inside-iframes/#findComment-1290601 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.