Comments (4)
You can set unique_names
to true on client site to avoid overwriting. Otherwise it can just happen in the usual scenario, no need for edge cases like this. But - yes maybe we could address it in some way. Can you suggest something?
from plupload-handler-php.
Both 'allow_extensions' and 'target_dir' are hard coded into the server handler instance for security. Shouldn't we assume that post requests could be forged? If the 'unique_names' param is spoofed on the client side, the result could be an un-desirable overwrite. Anybody using this class could be susceptible to file-overwrite attacks from their competitors.
I realize this is unlikely and it complicates things. Since the file is split across multiple ajax requests and the unique file name would have to be remembered across those requests. Perhaps that could be stored in a php session.
In regard to the last file not being written, I would think it would overwrite the older file since that is the behavior in non simultaneous uploads.
Things get tricky here. We cannot cross-combine combine the parts of the files from different users either.
Perhaps the temp dir could be placed inside a session id folder, thereby eliminating any multi-user conflicts.
from plupload-handler-php.
You could use the actual session_id() as the temp dir and file name, so you don't also have to code in a unique file name function. Of course, at 32 characters, that's a long name. A simple _1, _2, etc appendage might be a better option.
from plupload-handler-php.
I do not think we should do this. We do expose both file_name and target_dir variables. I guess it's up to the user of the class and existing environment (be it framework of some kind or something self-written) to use them the way they find it appropriate.
from plupload-handler-php.
Related Issues (10)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plupload-handler-php.