php - XAMPP centos 通过 PHP 上传的文件不显示

Question

我在 Centos 7 专用机器上运行 xampp 5.6.8。 我开发了简单的脚本来通过机器上的 PHP 将任何文件上传到服务器，PHP 代码:

<?php
if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) {
   echo "File ". $_FILES['uploadfile']['name'].'-'.$_FILES['uploadfile']["tmp_name"]." - uploaded successfully.<br>";
   echo disk_free_space('/');
}
?>

<html>
<head>
    <title>test</title>
</head>
<body>
    <div style="text-align:center;">
        <form action="" method="post" enctype="multipart/form-data">
            <input name="uploadfile" type="file">
            <input name="sendfile" value="upload" type="submit">
        </form>
    </div>
</body>
</html>

当我发送示例文件时回显返回:

File sample.txt - /opt/lampp/temp/phpD58n0L - uploaded successfully.

一些信息和事实:

• 当我打开 xampp 由 daemon 用户运行时
• /opt/lampp/temp/ 目录属于 daemon:daemon 通过 chown 命令
• /opt/lampp/temp/设置为770权限
• php.ini 设置为允许最大 128mb 的文件，上传目录为 /opt/lampp/temp/

Answer 1

使用 is_uploaded_file() 只是检查它是否是上传的文件。它不会将它从您的/temp/目录移动到任何地方。您可能想看看 manual on POST uploads .示例:

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

也就是说，您应该使用 move_uploaded_file() 将上传文件移动到它所属的位置。否则，手册上说，解释了为什么在/temp/目录中找不到这些文件:

The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.

函数is_uploaded_file()是对文件来源的安全检查，仅此而已。您可以将它与 move_uploaded_file() 一起使用，例如:

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { 
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $destination_file)) {
        // Was moved
    }
    else {
        // Wasn't moved
    }
else {
    // Wasn't valid
}

虽然这对于常规文件上传和移动来说可能是多余的，但我在手册的评论中注意到 move_uploaded_file() 会在任何情况下进行检查。