美好的一天)我正在构建一个WordPress插件LMS,允许用户通过AJAX将他们完成的家庭作业文件附加到他们的答案.一切正常,但用户文件超过允许的最大大小的情况除外.在这种情况下,我的AJAX调用返回HTML,并带有以下警告:
Warning: POST Content-Length of XXXXX bytes exceeds the limit of XXXXX bytes in Unknown on line 0
由于在我的脚本的字符串0上生成了这种警告,它会死掉并忽略任何其他指令,因为我的调用留下了这个丑陋的字符串.
你基本上可以忍受它,因为最终用户不会看到它(只是AJAX调用没有期望的结果),但我仍然想知道是否有机会跳过它并很好地处理它?
好的,我已经做过什么样的研究:
>我找到了Andrew Curioso的this教程,并尝试从中做出类似的东西:
if (isset($_SERVER['CONTENT_LENGTH'])) {
if ($_SERVER['CONTENT_LENGTH'] > (substr(ini_get('post_max_size'), -1) * 1024 * 1024)) {
echo 'php errors is so much fun';
}
}
它没有产生预期的效果,因为我的脚本仍然只有从IF语句回显附加字符串的积极效果而死(此外,如果你尝试做类似wp_send_json(errorsArray)的事情,它将不会被执行).
>使用display_errors,error_reporting关闭显示错误.好吧,这不是我需要的,因为它仍然不允许我继续使用脚本并创建自定义错误处理程序.
>我的WP_DEBUG设置为FALSE
我不想要的是什么样的建议是手动编辑max_upload_size,max_post_size等.因为手动编辑服务器文件不符合插件的原则.无论如何,即使您将最大上传大小设置为10GB,一旦最终用户尝试上传11GB.
总而言之,众所周知,这种机制是在数千个网站和应用程序上实现的,我想知道如何最大限度地提高我的脚本质量,处理这个问题而不会出现过度杀伤和糟糕的用户体验.
感谢分享您的想法:)
UPD1
如果它有帮助,这是我的AJAX调用:
$('#post-assignment-answer').on('click', function (event) {
event.preventDefault();
tinymce.triggerSave();
var answerContent = tinymce.get('assignment_user_input_textarea').getContent();
var answerFile = $('#assignment-file-upload')[0].files[0];
var formData = new FormData();
formData.append('action', 'post_assignment_answer');
formData.append('security', lucid_single_assignment_params.post_assignment_answer_nonce);
formData.append('post_id', lucid_single_assignment_params.post_id);
formData.append('answer_content', answerContent);
formData.append('answer_file', answerFile);
$.ajax({
url: lucid_single_assignment_params.ajax_url,
type: 'post',
data: formData,
contentType: false,
processData: false,
success: function (result) {
console.log(result);
}
});
});
UPD2:
添加了AJAX处理php
/**
* Post Assignment Answer
*
* @version 1.0.0
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
} // Exit if accessed directly
// Create AJAX call $result
$result = array(
'fileTypeError' => false,
'fileSizeError' => false,
'uploadError' => false
);
// Retrieving current post ID
$post_id = $_POST['post_id'];
// Retrieving WYSIWYG content
$answer_content = '';
if (! (trim($_POST['answer_content']) == '') ) {
$answer_content = wp_kses_post($_POST['answer_content']);
}
// Updating WYSIWYG meta field
update_post_meta($post_id, '_answer_content', $answer_content);
// Check if user intends to upload a file
if (!empty($_FILES['answer_file'])) {
// Adding timestamp to file name
$_FILES['answer_file']['name'] = round(microtime(true)) . '_' . $_FILES['answer_file']['name'];
$answer_file = $_FILES['answer_file'];
// Setting up uploaded file type validation
$supported_types = array(
'text/plain' // .txt
);
$arr_file_type = wp_check_filetype(basename($answer_file['name']));
$uploaded_type = $arr_file_type['type'];
// Setting up uploaded file size validation // TODO: This should be optimized
$allowed_size = 8388608;
$uploaded_size = $answer_file['size'];
// Validating, and in a case of success completing upload
if (!in_array($uploaded_type, $supported_types)) {
$result['fileTypeError'] = __('The type of file you\'ve provided is not allowed', 'lucidlms');
} elseif ($uploaded_size > $allowed_size) {
$result['fileSizeError'] = __('The size of file you\'ve provided is exceeding the maximum upload size', 'lucidlms');
} else {
/**
* Override the default upload path.
*
* @param array $dir
* @return array
*/
function lucidlms_assignment_upload_dir( $dir ) {
global $user_ID;
return array(
'path' => $dir['basedir'] . '/lucidlms/assignment/user' . $user_ID,
'url' => $dir['baseurl'] . '/lucidlms/assignment/user' . $user_ID,
'subdir' => ''
) + $dir;
}
// Register path override
add_filter( 'upload_dir', 'lucidlms_assignment_upload_dir' );
$upload = wp_handle_upload($answer_file, array( 'test_form' => false ));
// Set everything back to normal
remove_filter( 'upload_dir', 'lucidlms_user_upload_dir' );
if (isset($upload['error']) && $upload['error'] != 0) {
$result['uploadError'] = sprintf(__('There was an error uploading your file. The error is: %s', 'lucidlms'), $upload['error']);
} else {
// Check if there is an old version of file on the server and delete it
$existing_answer_file = get_post_meta($post_id, '_answer_file', true);
if (! empty($existing_answer_file)) {
global $user_ID;
$upload_dir = wp_upload_dir();
$existing_answer_file_name = pathinfo($existing_answer_file['file'], PATHINFO_BASENAME);
$unlink_path = $upload_dir['basedir'] . '/lucidlms/assignment/user' . $user_ID . '/' . $existing_answer_file_name;
unlink($unlink_path);
}
// Updating post meta
update_post_meta($post_id, '_answer_file', $upload);
}
}
}
wp_send_json($result);
解决方法:
请阅读并理解错误消息告诉您的内容:
exceeds the limit of XXXXX bytes in Unknown on line 0
错误报告在第0行,因为它是在PHP代码执行之前抛出的.因此,您无法更改接收PHP脚本中的行为.
正确的方法是检查数据的大小BEFORE you upload it(即在Javascript中).但要注意:
> Javascript在编码之前报告单个文件的大小 – Base64编码增加了大约三分之一的开销,加上其他POST属性值和名称的空间.
>为post_max_size配置的值是PHP接受的最大值.网络服务器(例如apache)将接受的最大值可能更低.对于插件,最合适的解决方案可能是允许管理员配置上限.
>试图破坏您的安全性的人可以轻松绕过Javascript中的任何检查
标签:wordpress,php,ajax
来源: https://codeday.me/bug/20190608/1201215.html