Name of upload file is easy to guess, how to give it a random name?

Name of upload file is easy to guess, how to give it a random name?

mfmf Posts: 41Questions: 11Answers: 0

Hello,

I am using the file upload but when I use ID the file is easy to guess. Suppose you do not want everyone to see (or guess) all file names, how could I for example give it a random number or hash?

    /**
     * Apply macros to a user specified path
     *
     * @param  string $name File path
     * @param  int $id Primary key value for the file
     * @return string Resolved path
     */
    private function _path ( $name, $id )
    {
        $extn = pathinfo( $name, PATHINFO_EXTENSION );
        $to = $this->_action;
        $to = str_replace( "__NAME__", md5($name), $to   );
        $to = str_replace( "__ID__",   $id,   $to   );
        $to = str_replace( "__EXTN__", $extn, $to );

        return $to;
    }

this attempt has actually no affect at all. And to be clear I don't even like to use NAME because I don't want to overwrite duplicate names.

I hope someone can help me in the right direction thanks!

Answers

  • mfmf Posts: 41Questions: 11Answers: 0

    Never mind, I found a way

        ->join(
            Mjoin::inst( 'files' )
                ->link( 'contracts.contracts_id', 'contracts_files.contracts_id' )
                ->link( 'files.id', 'contracts_files.file_id' )
                ->fields(
                    Field::inst( 'id' )
                        //->upload( Upload::inst( $_SERVER['DOCUMENT_ROOT'].'/upload/__ID__.__EXTN__' )
                        ->upload( Upload::inst( $_SERVER['DOCUMENT_ROOT'].'/upload/__ID__'.md5(uniqid(mt_rand(), true)).'.__EXTN__' )
                            ->db( 'files', 'id', array(
                                'filename'    => Upload::DB_FILE_NAME,
                                'filesize'    => Upload::DB_FILE_SIZE,
                                'web_path'    => Upload::DB_WEB_PATH,
                                'system_path' => Upload::DB_SYSTEM_PATH
                            ) )
                            ->validator( Validate::fileSize( 5000000, 'Files must be smaller that 5000K' ) )
                            ->validator( Validate::fileExtensions( array( 'pdf', 'jpg', 'jpeg', 'docx', 'doc' ), "Please upload pdf, docx or jpg" ) )
                        )
                )
        )
    
This discussion has been closed.