[nycphp-talk] "Approach Review" for storing $_FILES in session variable and using later
Phillip Powell
phillip.powell at adnet-sys.com
Tue Jun 8 17:36:03 EDT 2004
Mark Armendariz wrote:
>>What I'm looking for is a "code review" or an "approach
>>review" as to whether or not I handled this request properly
>>inasmuch as storing $_FILES into a session variable and
>>retrieving it later to allow the user to upload a file and
>>submit data anytime they want to on it. This would help me
>>moreso than a solution at this point to the
>>is_uploaded_file() problem (though that's always welcomed too!)
>>
>>Thanx
>>Phil
>>
>>
>
>Well, from what I know, the temporary uploaded file is deleted as soon as
>the form request is finished, which would make the file info in the session
>no longer valid upon the next page load (I may be wrong in this). I'd
>recommend storing the file in your own temporary directory and adding it's
>location to your file db. Then once the user finishes the details form,
>move the file to the permanent location and update the meta data, or remove
>it accordingly.
>
>Mark
>
>
>
>
Cool thanx, I'll remember that next time. As it is in the interim I was
in a meeting with the client (being that they are a federal gov't
agency, it's already a miracle that you could do that) and this is what
happened:
What I did instead was to appeal to their governmental side (the client
is a federal government agency, this is DC!): I explained that replacing
an existing image w/o submittal was a security hole because it allowed
for files to just "float" in a temporary directory and not necessarily
be immediately accessible without CRON-based overhead.
Simpler solution: one page is for uploading only, the other for metadata
editing only. You cannot replace an existing image. You can still delete
the image (w/ metadata if found).
Phil
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>
>
--
---------------------------------------------------------------------------------
Phil Powell
Multimedia Programmer
BPX Technologies, Inc.
#: (703) 709-7218 x107
Fax: (703) 709-7219
More information about the talk
mailing list