Trying to upload using flash swf on my local machine running Windows with IIS and PHP 5.3 installed.
var selected_file:FileReference = GetSelectedFile();
var url:String = 'http://localhost.com/upload.php';
var req:URLRequest = new URLRequest(url);
req.data = new URLVariables('source=' + 'computer');
req.method = URLRequestMethod.POST;
selected_file.upload(req, 'file', false);
selected_file.addEventListener(DataEvent.UPLOAD_COMPLETE_DATA, UploadComplete, false, 0, true);
selected_file.addEventListener(ProgressEvent.PROGRESS, UploadProgress, false, 0, true);
selected_file.addEventListener(IOErrorEvent.IO_ERROR, UploadError, false, 0, true);
selected_file.addEventListener(SecurityErrorEvent.SECURITY_ERROR, UploadSecurityError, false, 0, true);
I've set breakpoints on all the handler functions. I hit a breakpoint on UploadProgress handler. However, the file isn't being uploaded. When looking at network traffic there is no call to upload.php.
Looking at documentation for FileReference upload function I see this:
Uploads and downloads are not allowed if the calling SWF file is in
the local-with-filesystem sandbox
Looking at definition of local-with-filesystem sandbox I found this:
From this sandbox, executable code can read local files (by using the
URLLoader class, for example), but cannot communicate with the network
in any way. This assures the user that local data cannot be leaked out
to the network or otherwise inappropriately shared.
Does this mean there isn't a way to test uploads on local machine?
update: Supposedly I need to have Security.sandboxType as LOCAL_TRUSTED. I've been trying to set security type by adding configuration file for user and globally. Configuration file has cfg extension and contains one line, path to folder where my swf file resides.
Still after adding this configuration, Security.sandboxType is set to "remote".
According to Adobe:
The local-with-filesystem sandbox—For security purposes, Flash Player places all local SWF files and assets in the local-with-file-system sandbox, by default. From this sandbox, SWF files can read local files (by using the URLLoader class, for example), but they cannot communicate with the network in any way. This assures the user that local data cannot be leaked out to the network or otherwise inappropriately shared.
You cannot access the file system and network within one SWF instance in normal situations.
However, it appears to be possible to grant this ability to a specific SWF by adding the file to the local trusted sandbox. According to Senocular, this may be accomplished in three different ways...
SWFs run within Flex Builder 2 or the Flash Authoring environment
SWFs located in a directory the user has granted permissions for from the (online only) Global Security Settings Panel.
SWFs located in a directory specified in a Flash Player trust configuration (.cfg) file on the local system
For the Configuration File Option:
You need to compile your SWF with the local playback setting selected.
This means you need to place your configuration file in
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\
If the folder doesn't exist you must create it.
Then create your configuration file (naming it whatever you
please.cfg) Finally, type C:\ into the file and save it.
Now your whole C:\ directory should be declared local_trusted and shouldn't have any issues contacting your server and accessing your files.
Related
Im creating a web extension and porting from XUL. I used to be able to easily read files with
var dJsm = Components.utils.import("resource://gre/modules/Downloads.jsm").Downloads;
var tJsm = Components.utils.import("resource://gre/modules/Task.jsm").Task;
var fuJsm = Components.utils.import("resource://gre/modules/FileUtils.jsm").FileUtils;
var nsiPromptService = Components.classes["#mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
....
NetUtil.asyncFetch(file, function(inputStream, status) {
if (!Components.isSuccessCode(status)) {
return;
}
var data = NetUtil.readInputStreamToString(inputStream, inputStream.available());
var data = window.btoa(data);
var encoded_data_to_send_via_xmlhttp = encodeURIComponent(data);
...
});
This above will be deprecated.
I can use the downloads.download() to know what was the last download but I can NOT read the file and then get the equivalent for encoded_data_to_send_via_xmlhttp
Also in Firefox 57 onwards, means that I have to try to fake a user action by a button click or something, or upload a file.
Access to file:// URLs or reading files without any explicit user input
isnt there an easy way to read the last downloaded file?
The WebExtension API won't allow extensions to read local files anymore. You could let the extension get CORS privilege and read the content directly from the URL via fetch() or XMLHttpRequest() as blob and store directly to IndexedDB or memory, then encode and send to server. This comes with many restrictions and limitations such as to which origin you can read from and so forth.
Also, this would add potentially many unneeded steps. If the purpose is, as it seem to be in the question at the moment, to share the downloaded file with a server, I would instead suggest that you obtain the last DownloadItem object, extract the URL (.url) from that object and send the URL back to server.
This way the server can load directly from that URL (and encode it on server if needed). The network load will be about the same (a little less actually since there is no Base64 encoding involved which adds 33% to the size), and much less load on the client. The server would read the data as a binary/byte data stream; about the same as if the data was sent directly from the extension.
To obtain the last downloaded file you would do the following from a privileged script:
browser.downloads.search({
limit: 1,
orderBy: ["-startTime"]
})
.then(getLastDownload);
function getLastDownload(downloads) {
if (downloads.length) {
var url = downloads[0].url;
// ... send url to the server and let server fetch the data from it directly
}
}
According to this support mozilla question.
(2) Local file security
Firefox limits access from pages on web servers to pages on local disk or UNC paths. [...]).
Which solution ?
Use local-filesystem-links firefox addon (not tested)
and/or
run a small local webserver on client side, supposing server was run with sufficient privileges, you may finally access any local content via http:// (but still cannot with file:///)
The following code:
Dim url
url = fso.GetAbsolutePathName(objFile)
gives me
C:\KB\Dev\Java.htm
Then, when I write it as an href:
Response.Write("<a href='" + url + "'>" + objFile.Name + "</a><br>")
the link is translated in browser into:
file:///C:/KB/Dev/Java/Java.htm
whereas I will need it to be
file://172.20.4.107/c$/KB/Dev/Java/Java.htm
or else, the link won't be valid for navigation.
I was trying:
url = Replace(url, "///", "//172.20.4.107/")
url = Replace(url, "c:", "c$")
Response.Write(url & "<br>")
but nothing seems to be changed.
What #Keith suggested is absolutely fine but you will encounter issue with various degrees in most modern browsers due to hyper linking from local file links being blocked as they're a security risk.
A more robust solution is to not use local file links and negate the risk completely. If you have access to IIS (If you are using Classic ASP you likely have access to IIS in some form) you can do this by creating a Virtual Directory that points to your remote computer share and lock down the permissions as you see fit.
Say you set-up a Virtual Directory to point to alias KB you could then access it;
http://yourhost/KB/dev/java.htm
If the Virtual Directory was mapped to
\\172.20.4.107\c$\KB\
However we can take it a stage further, Admin Shares such as c$ are not configurable and there for the system to use. To have better control over the mapped directory create a share KB for example on the remote computer and set the NTFS permissions as appropriate then point the Virtual Directory to;
\\172.20.4.107\KB\
You can also call the share KB$ to hide the share from network browsers.
\\172.20.4.107\KB$\
Useful Links
How to create a virtual directory on an existing Web site to a folder that resides on a remote computer
You're trying to replace /// but these characters are not in your url variable. url is C:\KB\Dev\Java.htm.
Try this instead:
url = Replace(url, "\", "/")
url = Replace(url, "C:/", "file://172.20.4.107/c$/")
Also keep in mind that it is the end user's browser that is converting your C:\... path to the file://... format. That is not happening in your ASP code.
I am going through http://developer.xamarin.com/guides/cross-platform/xamarin-forms/working-with/images/
and trying to get the Local Images working with Android however I am experiencing some issues when attempting to do something in normal monodroid just as a further test. I'm using a SharedProject, just for reference.
I have added the test image at Resources/drawable (test1.png), and also setting the Build Action as AndroidResource as it describes, and if I do the following in Xamarin.Forms it works:-
Xamarin.Forms.Image myimage = new Image();
myimage.Source = ImageSource.FromFile("test1.png");
However, if I try and retrieve the same file via the following it comes back as null.
Android.Graphics.Bitmap objBitmapImage = Android.Graphics.BitmapFactory.DecodeFile("test1.png")
Does anyone know why this is null and how to correct?
The Xamarin.Forms FileImageSource has a fallback mode as it covers two different scenarios.
First it will check whether the file exists in the file system via the BitmapFactory.DecodeFile.
Should the file not exist as specified in the File property, then it will use BitmapFactory.DecodeResource to try and load the resource content as a secondary alternative.
FileImageSource for Android therefore isn't only just for files that exist in the file system but also for retrieving named resources also.
This link indicates that Android Resources are compiled into the application and therefore wouldn't be part of the file system as physical files.
Since test1.png is a Drawable you should use BitmapFactory.DecodeResource ()
string scr = "#drawable/test1.png";
ImageView iv = new ImageView(context);
Bitmap bm = BitmapFactory.DecodeFile(src);
if (bm != null)
iv.SetImageBitmap(bm);
I have an external hosting server.
On that server I have 2 domains:
www.dom1.com
www.dom2.com
On www.dom1.com I have my whole web page (in Codeigniter). One of the functionalities is upload (users can upload their files.)
On www.dom2.com there is only one folder called upload_dom2. www.dom2.com is otherwise empty and not visible anywhere on the Internet. I would like to use it exclusively for upload. I imagine that this is a much safer way than letting the users upload their files on www.dom1.com where all my other files are (by the way, let me know if I'm wrong, please).
So, how do I do that? How do I upload a file - that user has uploaded in the framework of Codeignitors system (webpage) on www.dom1.com - in a folder called upload-dom2 on www.dom2.com
I know how to upload a file in a folder called uplod_dom1 that is located on www.dom1.com. This is a code that I use.
$pathd=$_SERVER['DOCUMENT_ROOT'];
$config['upload_path'] = $pathd.'/upload_dom1';
But as said, that is not what I want. I want to upload to www.dom2.com (in its uplod-dom2 folder).
May I know what is the correct way to achieve my objective?
Take a look at the Codeigniter FTP class. You can do this with any external website/server that supports FTP: http://ellislab.com/codeigniter/user-guide/libraries/ftp.html
Example code:
$this->load->library('ftp');
$config['hostname'] = 'ftp.example.com';
$config['username'] = 'your-username';
$config['password'] = 'your-password';
$config['debug'] = TRUE;
$this->ftp->connect($config);
$this->ftp->upload('/local/path/to/myfile.html', '/public_html/myfile.html', 'ascii', 0775);
$this->ftp->close();
I want to add validation in filefield of ExtJs4 , so that user can only browse .png , .jpeg image files..How should I do it ?
{
xtype: 'filefield',
id:'photoUpload',
buttonOnly:true,
buttonText: 'Photo'
}
I think it is important to understand how file upload works, so to prevent yourself from troubles in the future...
For security reasons, the following applies:
Browsers cannot access the file system unless the user has explicitly clicked on an upload field.
Browser has minimal access to the file being uploaded, in particular - you JS code may be able to see the file name (the browser has to display it in the field), but nothing else (the path itself on most browsers is not the correct one).
The upload process itself happens in these steps:
The user clicks on an upload field, initiating the file select dialog.
The browser implements access to the file system through the dialog, allowing the user to select a file.
Upon OK click, the browser sends the file to the server.
The server places the file in its temp directory (configured per server).
Once upload is complete, the upload script on the server is called with the file details, and that script will have full access to the uploaded file.
The last step is the only point where you have full access to the file details, including the real actual name, its size, and its content.
Anything the browser gives javascript is browser depended. Even the file name will vary between browsers although all the browsers I know do keep the actual file name (but not the real actual path), you cannot rely on this to work with future versions. The reason for this is that the file name is displayed on the client side.
So the recommendation is this:
Do all file upload checks on the server side.
Again, you may get away with the file name on the JS client side, particularly if you know and can test what browsers your clients will use, but I'd strongly recommend to to this test on the server.
The last thing you have to remember is that users might upload a file ending with .png, but the file itself is a .zip with the extension changed - so to really confirm that the file is .png you need to actually look into the file data, which only the server can do.
{
xtype: 'filefield',
id:'photoUpload',
buttonOnly:true,
vtype:'fileUpload',
buttonText: 'Photo'
}
And Vtype which I have use..
Ext.apply(Ext.form.VTypes, {
fileUpload: function(val, field) {
var fileName = /^.*\.(gif|png|bmp|jpg|jpeg)$/i;
return fileName.test(val);
},
fileUploadText: 'Image must be in .gif,.png,.bmp,.jpg,.jpeg format'
});
Try following snippet in your 'filefield' xtype config
regex : (/.(gif|jpg|jpeg|png)$/i),
regexText : 'Only image files allowed for upload',
msgTarget : 'under'