Hi Glen,
I posted this yesterday, and didn't get any flashcoder emails
yesterday....so I was hoping I was ignored!
I figured out my problem, and really it was me being an idiot. I
actually got text and images working, but when I went to the URL where
my text file was at, it just spit out the URL of where my browser was
pointing. I guess I should have actually checked the content of the
file through FTP, because it was working just fine all along....I guess
my browser doesn't understand the file I uploaded to be text...or something.
Anyway, yes, I'm aware of the security risk, and this is for my personal
website....which barely even registers in google, so I doubt there will
be any attacks. Once I get my test working and my website online, I'll
probably have some sort of password protection and file filter type of
thing only letting you put up certain types of files.
Thanks!
ben
Glen Pike wrote:
Hi,
I have not worked with RAW_POST data - just the $_FILES array in
PHP, but allowing people to set the path that a file is uploaded to is
a huge security risk - imagine someone uploaded a dodgy PHP script
that was inside your webroot and then called that script??? File
upload is a dodgy game and I would recommend posting text in a request
variable, along with a relative path, then saving that to a known file
outside your http root - you can always have an admin script to
approve images and stuff like this later.
Glen
ben gomez farrell wrote:
Hi, sorry if this is a PHP question....I'm trying to work with this
more on the Flash side, so I hope its a Flash question.
I have a PHP script online that serves to write binary image data
from my Flex/AIR app:
$f = fopen($path,"w"); fwrite($f, $GLOBALS[ 'HTTP_RAW_POST_DATA' ] );
fclose($f);
On the Flash side:
var jpgtosave:JPGEncoder = new JPGEncoder();
var rawdata:ByteArray = jpgtosave.encode(bitmap);
var header:URLRequestHeader = new URLRequestHeader
("Content-type", "application/octet-stream");
var myRequest:URLRequest = new URLRequest (path);
myRequest.requestHeaders.push (header);
myRequest.method = URLRequestMethod.POST;
myRequest.data = rawdata;
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.load(myRequest);
This works great, but now I want to use that same PHP script to
upload a text file. The reason I want to keep the PHP script the
same is because the end user actually sets the upload location, and I
think it would be overly complicated to have them choose two
different upload script locations.
Anyway, no matter what I try, the text file that's written to the
server is done correctly, except the contents of it are always the
file's URL instead of the text that I wanted. I realize there are
better ways to upload text through PHP, but as I said, I'd like to
use the same script as my JPG uploads.
Here's some things I tried:
1. Changing the request header to "Content-type", "text/plain"
2. Changing the URLLoaderDataFormat to TEXT
3. Writing out my text's string to binary through ByteArray.writeObj
4. Taking my binary data directly from a FileStream
So, as you guys can see I'm stabbing in the dark! I assume that I'm
somehow encoding the data wrong to get to the server. Maybe I need a
file header as the com.adobe JPGEncoder gives the JPG a header,
likewise I should give my text file a header. Does it have to be
binary data to use with my PHP script?
Thanks!
ben
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
