reference/filesystem/functions/move-uploaded-file.xml
0c9c2dd669fe9395eaa73d487fbd160f9057429a
...
...
@@ -1,6 +1,6 @@
1
1
<?xml version="1.0" encoding="utf-8"?>
2
2
<!-- $Revision$ -->
3
-
<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.move-uploaded-file">
3
+
<refentry xml:id="function.move-uploaded-file" xmlns="http://docbook.org/ns/docbook">
4
4
<refnamediv>
5
5
<refname>move_uploaded_file</refname>
6
6
<refpurpose>Moves an uploaded file to a new location</refpurpose>
...
...
@@ -10,15 +10,15 @@
10
10
&reftitle.description;
11
11
<methodsynopsis>
12
12
<type>bool</type><methodname>move_uploaded_file</methodname>
13
-
<methodparam><type>string</type><parameter>filename</parameter></methodparam>
14
-
<methodparam><type>string</type><parameter>destination</parameter></methodparam>
13
+
<methodparam><type>string</type><parameter>from</parameter></methodparam>
14
+
<methodparam><type>string</type><parameter>to</parameter></methodparam>
15
15
</methodsynopsis>
16
16
<para>
17
17
This function checks to ensure that the file designated by
18
-
<parameter>filename</parameter> is a valid upload file (meaning
18
+
<parameter>from</parameter> is a valid upload file (meaning
19
19
that it was uploaded via PHP's HTTP POST upload mechanism). If
20
20
the file is valid, it will be moved to the filename given by
21
-
<parameter>destination</parameter>.
21
+
<parameter>to</parameter>.
22
22
</para>
23
23
<para>
24
24
This sort of check is especially important if there is any chance
...
...
@@ -33,7 +33,7 @@
33
33
<para>
34
34
<variablelist>
35
35
<varlistentry>
36
-
<term><parameter>filename</parameter></term>
36
+
<term><parameter>from</parameter></term>
37
37
<listitem>
38
38
<para>
39
39
The filename of the uploaded file.
...
...
@@ -41,7 +41,7 @@
41
41
</listitem>
42
42
</varlistentry>
43
43
<varlistentry>
44
-
<term><parameter>destination</parameter></term>
44
+
<term><parameter>to</parameter></term>
45
45
<listitem>
46
46
<para>
47
47
The destination of the moved file.
...
...
@@ -58,13 +58,13 @@
58
58
Returns &true; on success.
59
59
</para>
60
60
<para>
61
-
If <parameter>filename</parameter> is not a valid upload file,
61
+
If <parameter>from</parameter> is not a valid upload file,
62
62
then no action will occur, and
63
63
<function>move_uploaded_file</function> will return
64
64
&false;.
65
65
</para>
66
66
<para>
67
-
If <parameter>filename</parameter> is a valid upload file, but
67
+
If <parameter>from</parameter> is a valid upload file, but
68
68
cannot be moved for some reason, no action will occur, and
69
69
<function>move_uploaded_file</function> will return
70
70
&false;. Additionally, a warning will be issued.
...
...
@@ -83,7 +83,9 @@ $uploads_dir = '/uploads';
83
83
foreach ($_FILES["pictures"]["error"] as $key => $error) {
84
84
if ($error == UPLOAD_ERR_OK) {
85
85
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
86
-
$name = $_FILES["pictures"]["name"][$key];
86
+
// basename() may prevent filesystem traversal attacks;
87
+
// further validation/sanitation of the filename may be appropriate
88
+
$name = basename($_FILES["pictures"]["name"][$key]);
87
89
move_uploaded_file($tmp_name, "$uploads_dir/$name");
88
90
}
89
91
}
...
...
@@ -98,11 +100,11 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
98
100
&reftitle.notes;
99
101
<note>
100
102
<para>
101
-
<function>move_uploaded_file</function> is both &safemode;
102
-
and <link linkend="ini.open-basedir">open_basedir</link>
103
+
<function>move_uploaded_file</function> is
104
+
<link linkend="ini.open-basedir">open_basedir</link>
103
105
aware. However, restrictions are placed only on the
104
-
<parameter>destination</parameter> path as to allow the moving
105
-
of uploaded files in which <parameter>filename</parameter> may conflict
106
+
<parameter>to</parameter> path as to allow the moving
107
+
of uploaded files in which <parameter>from</parameter> may conflict
106
108
with such restrictions. <function>move_uploaded_file</function> ensures
107
109
the safety of this operation by allowing only those files uploaded
108
110
through PHP to be moved.
...
...
@@ -126,7 +128,6 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
126
128
</para>
127
129
</refsect1>
128
130
</refentry>
129
-

130
131
<!-- Keep this comment at the end of the file
131
132
Local variables:
132
133
mode: sgml
133
134