问题
I have been manipulating image files after uploading in the usual way like moving the file from the /tmp folder to a preferred folder of the site.
Now i want to manipulate images by keeping them in the temp folder and once i have done with it then i want to move it to the preferred folder.
What i am trying to do is ...
- Showing a very simple custom file upload dialog.
- Select an image and click upload.
- The form is submitted to an iframe so i can show a progressing bar.
- The php script will echo the javascript code which will call a parent window function from the iframe to notify that the image has been uploaded.
- I wanted to show another dialog which will display the image from the tmp folder so that the user can resize and crop.
- When the user selects a region on the image to crop i will send the coordinates to the server and will manipulate the image in the tmp folder.
- When the image manipulation has been done i want the final image to be moved to my target folder.
here are my doubts.
- How long will the temp image be there in the tmp folder.
- How do i display the image in the temp folder in my dialog box because i only have its physical path.
- I think i can do it like
<img src='fetchfromtmp.php?filename>. isn't it? and in the php script i can readfile the image like readfile('tmp/tmpfile').
So, finally, will manipulating from temp folder holds good?. will it be effective/suggestive?. What could be the complications? if any.
I would like to have suggestions and alternatives for my idea. Thank you.
回答1:
I don't think you should use the temp folder like this, unfortunately, you will have to create your own (or use a database to store the images). The reasons are your point 1 & 2:
- An image is only guaranteed to stay in the temp folder until the script that uploaded it is finished running. This means that whatever script your form submits it to should move it somewhere safe
- Usually, this temp folder will be somewhere that isn't visible to the user. You can hack something like you've suggested, but then you have to be very sure of what you're doing to avoid creating any security leaks.
回答2:
The short answer is , this is not a good idea. Files in the tmp folder can be deleted without ur intervention, so move them to a temp folder inside your own application, process it there and once done, move it to its final location.
回答3:
- The image will be in the tmp folder until it is deleted. It's possible your host clears this out routinely, but probably not, so it will remain there unless you delete it.
- In order to display an image from the tmp folder you'd have to read it in with a script and serve it (or use X-Sendfile).
- PHP can read from the tmp directory without any problems
However, you can solve all of these problems by simply moving the image to a tmp directory within your application after upload. That way you know it won't be deleted, you can easily serve it to the user and you know you'll be able to read the file.
Alternatively if you have access to your php.ini file you can change upload_tmp_dir and get the images uploaded to the tmp directory in your application in the first place.
回答4:
the docs are quite clear about this
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.
so your idea won't work. On the other side, renaming a file is a very cheap operation in most OS'es, so there are no good reasons NOT to move the temp file immediately.
回答5:
I think i can do it like <img src='fetchfromtmp.php?filename>. isn't it?
This would introduce a vulnerability to your server. Don't forget that the temporary folder holds the session files too by default.
来源:https://stackoverflow.com/questions/3642070/php-manipulating-uploaded-images-files-from-the-tmp-folder-before-moving-to-anot