我想将文件发布到服务器中,文件Content-Disposition
头中提供了一个相对路径,该路径提供了文件的文件名(在带有curl 7.47的Ubuntu上使用PHP 7.0):
curl server/index.php -F "[email protected];filename=a/b/c.txt"
应用该--trace-ascii /dev/stdout
选项显示:
0000: POST /index.php HTTP/1.1
0031: Host: server
004a: User-Agent: curl/7.47.0
0063: Accept: */*
0070: Content-Length: 111511
0088: Expect: 100-continue
009e: Content-Type: multipart/form-data; boundary=--------------------
00de: ----e656f77ee2b4759a
00f4:
...
0000: --------------------------e656f77ee2b4759a
002c: Content-Disposition: form-data; name="file"; filename="a/b/c.txt
006c: "
006f: Content-Type: application/octet-stream
0097:
...
现在,我的简单测试脚本<?php print_r($_FILES["file"]); ?>
输出:
Array
(
[name] => c.txt
[type] => application/octet-stream
[tmp_name] => /tmp/phpNaikad
[error] => 0
[size] => 111310
)
但是,我期望[name] => a/b/c.txt
。我的逻辑缺陷在哪里?
根据https://stackoverflow.com/a/3393822/1647737,文件名可以包含相对路径。
在PHP手册也意味着这并建议用消毒basename()
。
正如我们从php-解释器源中看到的那样,_basename()
出于安全原因和/或为了修复某些特定浏览器的缺点而调用了filter。
档案:php-src / main / rfc1867.c
〜1151行及以下:
/* The \ check should technically be needed for win32 systems only where
* it is a valid path separator. However, IE in all it's wisdom always sends
* the full path of the file on the user's filesystem, which means that unless
* the user does basename() they get a bogus file name. Until IE's user base drops
* to nill or problem is fixed this code must remain enabled for all systems. */
s = _basename(internal_encoding, filename);
if (!s) {
s = filename;
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句