如何使用表单API验证临时文件 -- 7 领域 和 files 领域 和 forms 领域 drupal 相关 的问题

How to validate temporary files with form API


2
vote

问题

中文

问题

我有一个包含三个文件字段的自定义表单。选择文件,然后在提交时,它们附加到电子邮件中,并通过呼叫发送到 99887664

我非常确定文件没有保存到服务器,我不希望保存在文件可能是敏感信息时。

但我希望字段支持某些文件扩展。如何验证它们?

到目前为止

有一个函数: file_validate_extensions ,它可以验证,但它只适用于Drupal文件对象,因为它们永远不会上传,我不确定工作。

我尝试使用 file_save_upload ,因为在表单中选择文件(而不是立即上传)时,它的信息显示在$ _files中,因此我试图加载临时路径,但是它不起作用工作。

(路径是表单: C:XAMPP mpphpEDC6.tmp

  function mymodule_form_submit($form, $form_state) {     $coverincluded = file_save_upload($_FILES['files']['tmp_name']['cover_letter_included'],        array(           'file_validate_is_image' => array(), // Validates file is really an image.           'file_validate_extensions' => array('png gif jpg jpeg'), // Validate extensions.        ));       //unfortunately this dpm never shows, presumably because file_save_upload hasn't worked       dpm($coverincluded);  }   
英文原文

Problem

I have a custom form with three file fields. The files are selected, then on submit they're attached to an email and sent off with a call to hook_mail.

I'm pretty sure the files aren't saved to the server and I don't want them saved as the files might be sensitive information.

But I want the fields to support certain file extensions. How can I validate them?

So Far

There is a function: file_validate_extensions which can validate but it only works for Drupal file objects and since these are never uploaded I'm not sure that works.

I tried using file_save_upload, as when a file is selected in a form (and not immediately uploaded) it's information appears in $_FILES so I tried to load the temporary path given there however it doesn't work.

(The path is of the form: C:\XAMPP\tmp\phpEDC6.tmp)

function mymodule_form_submit($form, $form_state) {     $coverincluded = file_save_upload($_FILES['files']['tmp_name']['cover_letter_included'],        array(           'file_validate_is_image' => array(), // Validates file is really an image.           'file_validate_extensions' => array('png gif jpg jpeg'), // Validate extensions.        ));       //unfortunately this dpm never shows, presumably because file_save_upload hasn't worked       dpm($coverincluded);  } 
        

回答列表

1
 
vote
vote
最佳答案
 

这不是一个特别聪明的解决方案,但希望它没问题。据我所知,无法验证临时文件,必须上传。

所以我最终将它们上传到私有目录,然后立即删除它们。因为某些数据可能是敏感的我不想存储它们,并且此表单在安全页面上进行。

  function mymodule_form($form, &$form_state) {     $form['file1'] = array(      '#type' => 'file',      '#title' => t('File1'),    );     $form['file2'] = array(      '#type' => 'file',      '#title' => t('File2'),    );   }   

现在是重要的位。

  function mymodule_form_submit ($form, &$form_state) {     //check if any file was attached     if($_FILES['files']['tmp_name']['file1'] != '') {       //Save and validate the file to the private file area       $file1_included = file_save_upload('file1_included',                                      array(                                         'file_validate_is_image' => array(), // Validates file is really an image.                                         'file_validate_extensions' => array('png gif jpg jpeg'), // Validate extensions.                                       ), 'private://');       //This is set-up for the email. Mimemail stores attachments in $params.       $params['4'] =  array('uri'    => $file1_included->uri,                           'filename' => $file1_included->filename,);       //The file has been uploaded. So we'll set a variable which will be called later to delete it.       $del_files['file1'] = $file1_included;      }     if($_FILES['files']['tmp_name']['file2'] != '') {    //.... same as file 1...    }        //this will send an email. Note $params. We've put all our attachment information in    //there.   $message = drupal_mail('mymodule', 'notify', $email, language_default(), $params);    //This function will delete all the files we've just uploaded. We check if   //the variable has been set. And if it has then we call it and delete the relevant   //files.    if (isset($del_files)){     _tellafriend_filedelete($del_files);   }  }   

这是我们呼叫删除文件的函数

  function _mymodule_filedelete(&$del_files){    //we know the variable exists, but now we have to check which files were uploaded.    if(array_key_exists('file1' , $del_files)) {     //and if they were uploaded. We delete them.     file_delete($del_files['file1']);   }    if(array_key_exists('file2' , $del_files)) {     file_delete($del_files['file2']);   } }   
 

This isn't a particularly clever solution, but hopefully it's ok. As far as I could tell you can't validate temporary files, they have to be uploaded.

So I ended up uploading them to the private directory and then immediately deleting them. Because some of the data might be sensitive I don't want to store them and this form takes place on a secure page.

function mymodule_form($form, &$form_state) {     $form['file1'] = array(      '#type' => 'file',      '#title' => t('File1'),    );     $form['file2'] = array(      '#type' => 'file',      '#title' => t('File2'),    );   } 

Now for the important bit.

function mymodule_form_submit ($form, &$form_state) {     //check if any file was attached     if($_FILES['files']['tmp_name']['file1'] != '') {       //Save and validate the file to the private file area       $file1_included = file_save_upload('file1_included',                                      array(                                         'file_validate_is_image' => array(), // Validates file is really an image.                                         'file_validate_extensions' => array('png gif jpg jpeg'), // Validate extensions.                                       ), 'private://');       //This is set-up for the email. Mimemail stores attachments in $params.       $params['4'] =  array('uri'    => $file1_included->uri,                           'filename' => $file1_included->filename,);       //The file has been uploaded. So we'll set a variable which will be called later to delete it.       $del_files['file1'] = $file1_included;      }     if($_FILES['files']['tmp_name']['file2'] != '') {    //.... same as file 1...    }        //this will send an email. Note $params. We've put all our attachment information in    //there.   $message = drupal_mail('mymodule', 'notify', $email, language_default(), $params);    //This function will delete all the files we've just uploaded. We check if   //the variable has been set. And if it has then we call it and delete the relevant   //files.    if (isset($del_files)){     _tellafriend_filedelete($del_files);   }  } 

This is the function we call to delete the files

function _mymodule_filedelete(&$del_files){    //we know the variable exists, but now we have to check which files were uploaded.    if(array_key_exists('file1' , $del_files)) {     //and if they were uploaded. We delete them.     file_delete($del_files['file1']);   }    if(array_key_exists('file2' , $del_files)) {     file_delete($del_files['file2']);   } } 
 
 

相关问题

3  db_select条件与子查询导致PDOException  ( Db select condition with subquery causes pdoexception ) 
我想在其条件下使用子查询构建一个相对简单的选择查询。我想要实现的是在给定时间戳之后获得更新的用户列表。 我想要构建的工作SQL查询作为动态查询是: files[] = tests/module.test 3 我写了以下代码以使用Drupal的数据库API构建上面的查询: files[] = tests/...

0  field_attach_form在提交时删除映像字段默认值  ( Field attach form removes image field default value when submit ) 
我需要获取节点编辑表单的某些字段,因为我使用 field_attach_form()获取我想要的字段,以使用节点的值。 这是我表单函数的代码的示例: function my_form($form, &$form_state, $node_id, $fields) { $node = node_load($no...

0  如何将现有的分类术语添加到节省节点上  ( How to add existing taxonomy terms to node on saving ) 
我是一个字段组织,它是具有无限值的术语引用。每当某人保存节点时,我要在此字段中附加几个条款。 我尝试过使用hook_presave以及使用表单API的提交处理程序进行执行。 但问题表明他们都希望术语填充有限的其他值如下。我在哪里获得这些价值?来自Taxonomy_term_load? 这是表单中的form_state...

3  用其兄弟姐妹的分类术语获取物品的标题  ( Fetching title of articles with taxonomy terms which are its siblings ) 
我正在制作一个赋予文章标题的视图。它有一个术语参考字段。分类树有点像: a a b c b 1 2 3 所以我想让一个看法,以这样的方式工作,当一个人在分类学期页面"a" 时,他可以看到分类学术语"a" ,'b'和'c'的所有相关标题。 这是视图生成的查询。 SELEC...

0  来自WebForm的电子邮件的问题  ( Problem with emails from webform ) 
我有传入电子邮件的问题。从模块WebForm(并使用SMTP模块)发送, 邮件目标是"domain.com" 的目标。我报告收到所有数据可读的第一封电子邮件。但是,第二封电子邮件包含以下内容: op: insert, sid: 4, components: nombre: value: REMOVED, comp...

2  做实体关系的方法  ( Approach for doing entity relationships ) 
我正在寻找使用Drupal 7接近建立关系的最佳方法。我正在寻找关于创建以下内容的建议: 1)"字母" 内容类型(如在旧式字母中) a)来自人(即"John Doe" ) b)与地址相关联("12348街" ) c)对人 d)与地址相关联 e)邮资日期 f)扫描字母的文件附件 2)一个人可...

0  如何让表单字段隐藏,同时该值能够使用JavaScript获取ID?  ( How to let a form field be hidden and at the same time the value be able to acce ) 
如何在javscript中获取#value在javscript中的隐藏表单字段,如隐藏的形式,我无法在(检查元素)HTML中获得其ID。 如何使用Ajax为隐藏字段提取字段的值(#Value) ...

1  如何大量更新实体? [关闭]  ( How do i mass update entities ) 
关闭。这个问题需要详细信息或清晰度。它目前不接受答案。 想要改进这个问题?添加详细信息并通过编辑此帖的问题。 关闭 7年前。 ...

1  以编程方式保存节点不会向DBLOG添加任何记录  ( Programmatically saving a node doesnt add any record to dblog ) 
当我呼叫 node_save 保存节点时,没有记录"新节点已保存。" 。 是正常的吗?如果是,我如何添加看门狗记录? (如果直接调用 watchdog 函数) ...

1  用户无法重置密码  ( User cant reset password ) 
我在Drupal和仍然建筑工地中很新。 所以,我想通过点击下面测试新用户。 输入新的用户名和电子邮件地址。 重定向到网站的家并获得了这个成功的消息。 我以管理员身份登录并激活用户。 我收到了确认电子邮件,然后单击已发送的链接以重置用户密码。 然后...

1  将wysiwyg的javascript设置值  ( Set wysiwygs value with javascript ) 
如何使用javascript设置wysiwyg的值? wysiwyg 模块为此提供了一个api? 我不知道哪个编辑器用户正在使用,因此我不能使用编辑器的API。 ...

1  将TINYMCE分配给文本格式  ( Assign tinymce to text formats ) 
只是为了从代码(安装配置文件)中尝试这样做,而不是在Drupal本身中执行此操作。 在我的安装配置文件中,我创建了三种文本格式。由于润滑,请制作文件天气也被自动安装。现在WYSIWYG为您提供将编辑器分配给文本格式的选项。请参阅下面选项在Drupal中查找的图像。 现在我想知道如何在我的安装配置文件中将"无编辑...

7  如何以表单更改/隐藏输入元素的标签(创建/编辑)?  ( How to alter hide the label of the input element in form create edit ) 
我们可以在TPL中的任何字段的标签甚至简单地通过更改管理显示选项,但是想知道如何以表单(创建或编辑内容的同时)? 我正在寻找适当的方法来改变/隐藏标签,尤其是创建或编辑内容时的现场收集字段。 ...

0  添加span内部视图寻呼机  ( Add span inside views pager ) 
我需要在视图寻呼机的列表项中添加单个跨度。即使列表项未包含链接,也需要存在这种情况(当您在当前寻呼机的页面上)。 我无法看到任何tpl文件(我的首选方法作为一个主题。) ive寻找主题覆盖,我发现了以下内容。问题是我不能在哪里添加跨度。 function theme_views_mini_pager($va...

2  钩子或规则事件,以确定Drupal Commerce中的付款失败  ( Hook or rules event to identify payment failure in drupal commerce ) 
有没有任何钩子或规则事件,有助于在Drupal Commerce中捕获付款失败? 谢谢 ...

0  I18N翻译词汇字段描述  ( I18n translate vocabulary field description ) 
我想本地化词汇字段,尤其是描述字段。它是否存在于 i18n_taxonomy_localize_terms( taxonomy_term_load($tid) taxonomy_vocabulary_load($vid) 的函数或者可能是一些不同的方法。 感谢 ...

3  如何获取给出其节点ID的节点的内容类型?  ( How can i get the content type of a node given its node id ) 
我有一个像 track-new / 15/51 的URL。 arg(2) 返回 51 。 如何检查ID为 51 的节点的内容类型( 99887663 返回的值)是 'artist' ?< / p> ...

0  面部块呼叫错误页面  ( Facet blocks called on wrong pages ) 
问题 我在我的网站上有两个面部搜索。它们都使用数据库搜索模块。小平面仅在相关的搜索页面上显示。 (我用块接口限制了我的路径。) 但我只是跑了: function mymodule_block_view_alter(&$data, $block) { dpm($block); } ,我得到9个搜索方面...

1  每天登录的用户数  ( Count of users who are logged in per day ) 
我搜索找到一种方法来显示每天登录的用户数。 我想使用上个月的视图显示图表,以显示网站的登录统计信息。 任何建议? ...

0  禁用面包屑视图在Drupal Commerce Kickstart  ( Disable breadcrumb on view in drupal commerce kickstart ) 
我正在使用Drupal Commerce Kickstart。我能够通过禁用硬编码菜单这个建议 - 特别是我自己的帖子。不幸的是,这在我创建的某些视图上没有禁用面包屑。有问题的观点显示单一产品。其中一个视图显示内容:完整内容,另一个只是绘制了来自产品的节点字段。我有一个观点,没有呼叫任何产品,这没有显示面包屑。 面...




© 2021 it.wenda123.org All Rights Reserved. 问答之家 版权所有


Licensed under cc by-sa 3.0 with attribution required.