http://www.plupload.com - "Allows you to upload files using HTML5 Gears, Silverlight, Flash, BrowserPlus or normal forms, providing some unique features such as upload progress, image resizing and chunked uploads." This is the uploader used in current WordPress v3.4.1 and the best one out there in my opinion.
It comes with upload.php file (full file: http://ideone.com/xbPUS).
I have doubts about its security: When I have upload.php on my server and even if I don't setup any Javascript for Plupload anyone is still able to relatively easy send request to upload.php file and upload anything, anytime... TRUE OR FALSE?
How do I prevent that?
It's not a security issue. Across the internet you can try to upload anything you want to servers (addresses) that support POST method. It's up to server-side software to accept or reject such upload - it's always been this way. Of course there can be some restrictions put onto who uploads what (using tokens, authorization etc), but that's up to you (as developer) to handle.
As to upload.php file from plupload, I think it's suppose to be just a quick and dirty example, that makes trying out plupload a little bit easier.
I think you want Wordpress to work with upload.php and not the other way arround. So if anyone would call upload.php directly it will fail. Can you set some specific information that will only be available from within your Wordpress functions. In upload.php you can ask for this information if not available it will stop. Hope this is what you need.
Related
I'm looking for examples (maybe on Github, blog, or elsewhere) that demonstrate how to upload files (videos) directly from a php http post form to AWS S3. The main requirement is to see the progress of the upload in action and trigger a response when complete (without reloading the page). jQuery File Upload Plugin could be a good solution, do you know of any code examples that do this? The files (videos) will be up to 1gb in size, so propose a different method if you think this won't work well.
You have checked this out, right?
Sadly, there's no progress involved by default. Probably you should do it yourself using AWS serverside API and ajax polling (or websockets), which would add workload for your server, though.
Here is a C# example of how to track the Multipart Upload Progress.
Otherwise you could go for a client-side approach with the Javascript SDK.
I am making an online tool for identifying certain file types. I need to access some byte values from the file header to do this.
The user selects the file on the client machine. Somehow, I need to get the key byte values from the file, and then these are looked up in a server side database to categorize the file.
How can I read bytes from a client-side file?
I know I could have the user upload the file to the server, but these files are very large, and I only need a few bytes, so it would be slow and wasteful to upload the whole file.
Could I somehow upload part of the file? It seems it is difficult to cancel a html form upload and the file-part is not available after cancel. Is this correct?
Is it possible to read a file in javascript? I have googled this, but the answer is unclear. I have read that it is possible with a java applet, but only if the applet is signed.
Is there some other way?
You can use html5, but will need to fallback on flash or some other non-javascript method for older browsers.
http://www.html5rocks.com/en/tutorials/file/dndfiles/
So. as Said above you must use non-javascript methodds. But each of this methods has some minus.
FLASH - bad work with proxy. Really bad. Of course you can use flash obly for get base64 code of file and give it to js. In this case this will be work greate.
Java Applet - greate work but not many users have JVM or versions of JVM may not be sasme (but if you will use JDK1.4 or 1.5 thi is no problem).
ActiveX - work only in IE and on Windows
HTML5 File Api - not cross browsers solution. Will be work only on last browsers and not in all.
of course much better use server side - in php for example getmimetype and other functions.
But I can manually change headers of my file. For example i can add to php file headers from jpeg or png - and your script will be think that is image.
So this is bad solution : use headers. For check filetype maybe simple use mimetype of file of trust to user and generate icon through file extension
So far I've figured out HOW to upload files asynchronously with Ajax and PHP, no problem there. But I want to get the percentage of the file that's already been uploaded, as it's uploading, and, after hours of research, I can't find a good way to do this without cheating.
Some implementations I've seen used Flash to upload, and getting the percentage in Flash is apparently fairly common, but I'd like to avoid this if I can.
Any ideas?
The core problem is that RFC 1867, the specification for file uploads over HTTP via the multipart/form-data MIME type, does not provide any method for providing file upload progress.
A file upload is actually just a fancy form submit. CGI scripts, PHP, and all other web technologies that rely on a front-end web server to first accept the request might not actually begin executing until the entire upload has completed. This means that they generally can't even know when the upload has started, only when it's been completed.
New versions of PHP's APC extension include a workaround for this problem that performs some level of black magic that allows it to know about uploads earlier. It only works as part of mod_php, though. The devs don't seem to have plans to support it under FastCGI.
Another server-side option would be the "uploadprogress" PECL extension. I'm not entirely sure what kind of black magic it uses. The source suggests that it actually hooks into the processing of the multipart MIME parts. (This suggests that at least some SAPIs stream form data to PHP as the client uploads it. I know that at least some FastCGI servers buffer the entire request before passing it along, so this might not work for you. YMMV.)
Both of these options are for normal file uploads. Ajax -- or rather, XMLHttpRequest -- does not support file upload operations. Most of the workarounds in this area involve creating an iframe and submitting a form there, and that also implies someone else's client-side work. If you're going to go through that level of hoop jumping, you'd may as well use one of the modern file upload widgets.
Personally, I use Plupload, a Javascript widget that can work with everyone's favorite Javascript library, jQuery. Some others swear by Uploadify. Regardless, both of these widgets offer a high degree of user feedback as to upload progress. They are likely to be easier for you to implement than APC or uploadprogress and have the advantage of being built and tested thoroughly by other people.
Plupload supports multiple upload engines, including HTML5, Gears, Flash, Silverlight, oldschool HTML4 and more. Between HTML5, Flash and Silverlight, you've pretty much just covered 100% of your audience. It also allows you to subscribe to events and have your own code perform magic. For example, if you need server-side file upload progress information, you can have the client regularly send updates to a different script. This would be useful if you regularly have clients uploading huge files and you want to know about it in real time.
tl;dr: Uploading is hard, let's go client-side!
Yeah,I dont like that "cheating" method either, In my opinon, the best method is to use APC , and its method, apc_fetch
Using ajax to make a apc_fetch, with a unique key specifying the upload, will return what you need .. ie bytes uploaded / total bytes.
Then simply do a progress bar with javascript.
I have heard chrome and safari dont allow you to do ajax calls during post upload, the work arround includes using an iframe to do the calls with the apc identifier.
I'm trying to figure out if there's a way to get the progress of a file upload with PHP and/or Kohana. My script can upload images, videos, zip, exe, whatever I want really. However the larger the file the longer the user has to wait without any indication.
I was hoping to use some AJAX here to initialise the upload and then report back the progress.
Is this possible with PHP... and can anyone give me an indication of where to start looking.
there is a file upload progress extension for php, see http://www.ultramegatech.com/blog/2010/10/create-an-upload-progress-bar-with-php-and-jquery/ for how to use it.
I like to use a server module to do this sort of thing, mainly because it makes my life as a web developer easier if all I need to do is grab upload statistics from a URL. Nothing has to be changed in your website.
For Nginx there is the Upload Progress module and it should work on all recent releases. You can find code examples on the Nginx Wiki: http://wiki.nginx.org/HttpUploadProgressModule
For Apache there is the Upload Progress too. I haven't used it myself, but it seems fairly straight forward.
If you don't have access to the server configuration, then you might want to fall back onto a pure flash / javascript solution. For this I had good luck with Uploadify in the past, but it requires a bit more work as you now have to upload files in a separate request. Someone should be able to suggest a good HTML5 upload progress plugin too.
you could do this also with apache and APC example
When the user selects a file to be uploaded, is there a way I can get the exact size of this file before the upload even begins? I'm guessing this needs to be done on the client side with jQuery or JavaScript. Any ideas how?
This cannot be done in pure Javascript in current browsers.
Instead, you can use Uploadify, which uses Flash.
In non-IE browsers, you can also use HTML5 to read files on the client.
$("#file_input_selector").bind('change', function(){
alert(this.files[0].size);
});
Not sure of all the compatibility issues, but this seems to be working just fine for me.
Take a look at this post:
http://forums.digitalpoint.com/showthread.php?t=6704
Javascript doesn't have the ability to check file sizes (or access the file system for that matter). You'll need to upload the file to get the size
I suggest you look at the HTML5 File API. This, combined with some JS might be able to help you. I only say might because I have not yet had a chance to browse at this part of the HTML5 standard.
http://www.w3.org/TR/FileAPI/#dfn-filereader
The way PHP file uploads work, it is very hard to check file details before, or during a file upload (since the file is uploaded before your code even gets loaded).
I know it is possible to do some fancy things in some other languages (possibly Perl or Python) that handle the file uploading directly with the script (where the script opens the socket and handles the whole transfer itself), however PHP does this for you and accepts any file on your script's behalf. The file gets discarded if it is not within PHP's acceptable limits, but only after the file is completely uploaded.
There have also been several file upload implementations made using Flash, but not being an ActionScript coder, I can't really help too much there either.