I am writing an android app to connect to PHP web service and through my searches in internet I faced file_get_contents('php://input'); and I understood some parts of it's functionality but I still don't get it. What are php://input or php://stdin or stuff like that?
I've read http://php.net/manual/en/function.file-get-contents.php and I confused much more.
Please explain it completely.
The information comes from here: http://www.php.net/manual/en/wrappers.php.php
When information is sent to the server via a POST request, it is saved in a temporary file.
The command file_get_contents('php://input') reads the raw information sent to PHP -- unprocessed before it ever gets put into $_POST or $_REQUEST super globals.
This technique is often used when someone is uploading a file, such as an image.
EDIT: removed $_GET
Related
This is my first time developing this kind of system, so many of these concepts are very new to me. Any and all help would be appreciated. I'll try to sum up what I'm doing as efficiently as possible.
Background: I have a web application running AngularJS with Bootstrap. The app communicates with the server and DB through a web service programmed using C#. On the site, users can upload files and reference them later using direct links. There's no restriction to file type (yet), so just about anything is allowed.
My Goal: Having direct links creates a big security problem for me, since the documents/images are supposed to be private data. What I would prefer to do is validate a user's credentials when the link is clicked, then load the file in the browser using a more generic url path.
--Example--
"mysite.com/attachments/1" ---> (Image)
--instead of--
"mysite.com/data/files/importantImg.jpg"
Where I'm At: Not very far. My first thought was to add a page that sends the server request and receives a file byte stream along with mime type that I can reassemble and present to the user. However, I have no idea if this is possible using a web service that sends JSON requests, nor do I have a clue about how the reassembling process would work client-side.
Like I said, I'll take any and all advice. I'd love to learn more about this subject for future projects as well, but for now I just need to be pointed in the right direction.
Your first thought is correct, for it, you need to use the Response object, and more specifically the AddHeader and Write functions. Of course this will be a different page that will only handle file downloads, so it will be perfectly fine in your JSON web service.
I don't think you want to do this with a web service. Just use a regular IHttpHandler to perform the validation and return the data. So you would have the URL "attachments/1" get rewritten to "attachments/download.ashx?id=1". When you've verified access, write the data to the response stream. You can use the Content Disposition header to set the file name.
As I have been requested by my instructor to use AntiXss library in the development of my senior project, I am facing a lot of difficulties of using this library because of the lack of resources on the web. A part of my project I have an upload file function where the user will be able to upload files, and after uploading his files, he will be redirected to the same page to see some other information. Everything works fine, but when I added AntiXss library and use it with the following line only, I got this error
(HTTP 400 Error - Bad Request)
and I don't know why. Could anyone tell me why I am getting this error? And how to fix it?
C# Code:
Response.Redirect(Encoder.HtmlFormUrlEncode(Request.Url.PathAndQuery));
Break up your code and look at each step:
Take the incoming request's URL, and extract out the path and query.
Run that through a form-based encoder
Redirect to that string
What do you think a form-based encoder would do in order to prevent XSS attacks?
Try this:
Response.Write(Encoder.HtmlFormUrlEncode("http://www.stackoverflow.com"));
What is written out? Try putting that in a web browser, and you'll likely get a 400 (or a 502) error.
Request.Url.PathAndQuery
The above syntax returns `/Cambia3/Temp/Test.aspx?query=arg`
For further url references check this
HtmlFormUrlEncode gets string and encode as parameters. for further info on that see here
Another question from me. This wont be an easy one!
I'm having issues with handling a simple upload.
Pre Requirements to test with:
- No Flash (hijacking)
- Basic upload field usage + form to post
- Max file size is 20MB (web.config maxrequestlength)
- I'm running the web site with the build in IIS development tool in visual studio (i think)
- I'm using a MVC web project
Question: Is it possible to show a nice error message to the user when a file is larger than 20MB? (Without getting the whole file to the server first)
These links helped me the most:
http://www.telerik.com/community/forums/aspnet/upload/maximum-request-length-exceeded.aspx
ASP.NET MVC: Handling upload exceeding maxRequestLength
http://forums.whirlpool.net.au/archive/809909
http://forums.asp.net/t/1106579.aspx/1
Catching "Maximum request length exceeded"
But still i haven't been able to fix the issue. Atm i use the code of the accepted answer of the last link (Catching "Maximum request length exceeded"), but my code crashes when i run the code line below:
this.Server.Transfer("~/error/UploadTooLarge.aspx");
Error message: Error executing child request for ~/error/UploadTooLarge.aspx.
I think i get this message because i'm using VS.NET's build in web server (see: http://forums.asp.net/t/1106579.aspx/1 last post of that page).
I'm affraid i made the whole question a bit hard to read. In short:
How can i show a neat error message when i uploaded file is too large (using S.NET's build in web server)?
If you don't want to send to whole file to the server first, then your only option would be javascript.
The FileReader object would solve that for you
https://developer.mozilla.org/en-US/docs/DOM/FileReader
Problem being it won't work on older browsers.
Now, if older browsers are not a problem for you then you should find plenty of tutorials showing you how to use the FileReader object. With it you can do asynchronous uploads so you even add a nice progress bar considering is fairly large file.
Many might have had experience using File Upload widget from Yahoo User Interface library. The docs and community all know how to receive the files on the server using another server technology other than ASP.NET. If anyone has indeed used the widget in their asp.net pages could you share the code on
How to receive the uploaded files Stream/Bytes to a file.
How to check Integrity of the File
How to check if file was received correctly.
Also i would love to do it in single page because doing so i would learn how to differentiate between a normal webpage request and the one caused my file upload widget
Yahoo Upload Widget can be Found here: https://developer.yahoo.com/yui/uploader/.
Have you tried looking at postedfiles collection though? The API looks like it does a standard post. If it does, the just use that collection.
If it doesn't, then you need to use the inputstream property on the request object to read the incoming bytes.
Using something like Fiddler or firebug will tell you how it's making the request. Look for the request type being multipart/mime
edit
Checking the file integrity & whether it was uploaded correctly are pretty much impossible. The only way I can think to do it is to have the user generate a hash of the file then upload the file & the hash & you check the hash is valid. ie not really practical.
All you're getting is a stream of bytes. you have to assume when the stream ends, it ended cleanly & you got all the file.
I answered my own question with code over here.
http://labs.deeptechtons.com/asp-net-tuts/how-to-upload-files-asynchronously-using-yahoo-uploader/
I have a device that uses a custom scripting language. This language provides the capability to set http request headers then perform a post to a URL. The server that the device communicates with is running .net, and I would like the handler on the server to retrieve data from the device by simply pulling it from the Request.Files[] collection. To do this, does the device need to support multipart posting or is it possible for the uploaded content to show up in the Files collection by simply setting a number of headers then sending the data?
I'm not a linux guy, but I did a search and I found this. Does it help at all? (see section 4.3)
http://curl.haxx.se/docs/httpscripting.html
If you mean that at the server end you want the file(s) to be readable via HttpRequest.Files, then I believe so.
I think the format that this expects is based on the File Upload RFC and therefore if you follow the standard procedure for submitting a file upload then it'll work.
As to how you go about formatting the request from your device - I'm afraid I can't help on that one. Assuming you can format an Http Post, writing any headers you need and then formatting the Post body with the file content, it'll work, though.
In order for .Net to be able to read a file posted to a header it must be in the multipart posting format. Otherwise it will just be text noise in the header and .Net won't know what to do with it.