2

Presently I am using , type="file" for uploading files. But my use case is to upload from text box itself with given complete file path.

<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>

In submit form page: 

<?php move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; ?>

I want to specify file path in a textbox , from there i want upload the image. How can i accomplish it ?

Improve this question
3
  • 1
    Have you thought about vulnerabilities for paths including .. and being uploaded executable files? Commented Feb 23, 2014 at 16:28
  • @CertaiN: I will check file types before uploading the files Commented Feb 23, 2014 at 16:29
  • @CertaiN : do you have an idea to do this ? Actually i will be getting file paths from an excel. with that reference i will upload the files. So now i wanted to know whether it is achievable through textbox. if yes, then i can upload from file paths mentioned in excel Commented Feb 23, 2014 at 16:34

2 Answers 2

Reset to default
4

According to my knowledge you can't upload files with a textbox from the client's computer. Otherwise, it would be very easy to steal any file from the client, since textboxes are editable with JavaScript. I hope I understood your question correctly.

EDIT: Do you mean uploading from your computer, or from an URL? The second one can be accomplished.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

I dont understand. then every website is risk in today's world as every website has textbox.
No, I mean IF textboxes would be able to upload files from the computer of the client... but they can't.
I am asking textbox to upload. My Submit form page will do it. I just need to pass the path through textbox
That cannot be accomplished. If you don't pass the file in a file input, then the file won't be uploaded. So you can't upload a file from a computer from a textbox.
A phrase heard by many developers the world over. Usually from a project manager who has no scope of technical implementations. @icore is right. You can not upload a file without using type="file", otherwise its going to post just the piece of text.
|
-1

Try this:

<?php

function h($str) {
    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

if (
    isset($_POST['path'], $_FILES['upfile']['error']) &&
    is_int($_FILES['upfile']['error']) &&
    is_string($_POST['path'])
) {

    try {

        $deep = 0;
        foreach (explode('/', $_POST['path']) as $i => $hierarchy) {
            if ($deep > 9) {
                throw new RuntimeException('Hierarchy is too deep');
            }
            if ($hierarchy === '') {
                if ($_POST['path'] !== '' && $i === 0) { 
                    throw new RuntimeException('Absolute path is not allowed');
                }
                continue;
            }
            if ($hierarchy === '.') {
                continue;
            }
            if (!preg_match('/\A(?!\.)[\w.-]++(?<!\.)\z/', $hierarchy)) {
                throw new RuntimeException('Invalid directory name: ' . h($hierarchy));
            }
            if (!is_dir($hierarchy)) {
                if (!mkdir($hierarchy)) {
                    throw new RuntimeException('Failed to create directory: ' . h($hierarchy));
                }
                $msgs[] = 'Created directory "' . h($hierarchy) . '"';
                chmod($hierarchy, 0777);
            }
            chdir($hierarchy);
            ++$deep;
        }
        switch ($_FILES['upfile']['error']) {
            case UPLOAD_ERR_OK:
                break;
            case UPLOAD_ERR_NO_FILE:
                throw new RuntimeException('File is not choosed');
            case UPLOAD_ERR_INI_SIZE:
            case UPLOAD_ERR_FORM_SIZE:
                throw new RuntimeException('File is too large');
            default:
                throw new RuntimeException('Unknown error occurred');
        }
        if ($_FILES['upfile']['size'] > 1000000) {
            throw new RuntimeException('File is too large');
        }
        if (!$info = getimagesize($_FILES['upfile']['tmp_name'])) {
            throw new RuntimeException('Invalid image file');
        }
        if (false === array_search(
            $info['mime'],
            array(
                'jpg' => 'image/jpeg',
                'png' => 'image/png',
                'gif' => 'image/gif',
            ),
            true
        )) {
            throw new RuntimeException('Unsupported image format');
        }
        if (!preg_match('/\A(?!\.)[\w.-]++(?<!\.)\z/', $_FILES['upfile']['name'])) {
            throw new RuntimeException('Invalid filename: ' . h($_FILES['upfile']['name']));
        }
        if (!move_uploaded_file(
            $_FILES['upfile']['tmp_name'],
            $_FILES['upfile']['name']
        )) {
            throw new RuntimeException('Failed to save uploaded file');
        }

        $msgs[] = 
            'Uploaded successfully: ' .
            ($_POST['path'] === '' ? '.' : $_POST['path']) .
            '/' .
            $_FILES['upfile']['name']
        ;

    } catch (RuntimeException $e) {

        $msgs[] = $e->getMessage();

    }

}

header('Content-Type: text/html; charset=utf-8');

?>
<!DOCTYPE html>
<html>
<head>
  <title>Hierarchical Image Uploading</title>
</head>
<body>
<?php if (isset($msgs)): ?>
  <ul>
<?php foreach ($msgs as $msg): ?> 
    <li><?=$msg?></li>
<?php endforeach; ?>
  </ul>
<?php endif; ?>
  <form enctype="multipart/form-data" method="post" action="">
    <fieldset>
      <legend>Select file (Directory name and filename must match <strong>'/(?!\A\.*+\z)\A(?!\.)[\w.-]++(?&lt;!\.)\z/'</strong>)</legend>
      Directory path: <input type="text" name="path" value=""><br />
      Filename(JPEG, PNG, GIF): <input type="file" name="upfile"><br />
      <input type="submit" value="Upload">
    </fieldset>
  </form>
</body>
</html>
Improve this answer

3 Comments

Let me also try, Mine is Linux
Is this only form submit page data ?
still you are using <input type="file" name="upfile"> ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.