atom feed2 messages in org.apache.hc.httpclient-usersHelp with Multipart file uploading
FromSent OnAttachments
Cole KelleySep 28, 2007 12:53 pm 
Cole KelleySep 28, 2007 12:59 pm 
Subject:Help with Multipart file uploading
From:Cole Kelley (ckel@irishgrin.com)
Date:Sep 28, 2007 12:53:38 pm
List:org.apache.hc.httpclient-users

I'm trying to upload files to a PHP script on my server.

Here's the java code: /* * UploadDialog.java * * Created on September 10, 2007, 11:42 AM */

package com.irishgrin.fileuploader;

import java.io.*; import java.net.*; import java.lang.Integer; import java.lang.String; import java.util.*; import java.text.NumberFormat;

import org.apache.commons.httpclient.*; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.methods.multipart.FilePart; import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity; import org.apache.commons.httpclient.methods.multipart.Part; import org.apache.commons.httpclient.params.HttpMethodParams;

/** * * @author Cole */ public class UploadDialog extends javax.swing.JDialog {

File[] files; // Keep track of failed uploads ArrayList<String> failed_uploads = new ArrayList<String>();

long totalBytes = 0; long totalBytesTransfered = 0;

private NumberFormat nf = NumberFormat.getInstance();

Thread m_thread;

String url; String filenameVarName;

Integer tempServerPort; public void myError(String message) { System.out.println(message); }

/** Creates new form UploadDialog */ public UploadDialog(java.awt.Frame parent, boolean modal, File[] files, String url, String filenameVarName) { super(parent, modal); this.files = files; initComponents();

url = "http://www.irishgrin.com/javatest/upload.php";

m_thread = Thread.currentThread();

m_status.setText("Calculating upload size: "); for(int i = 0; i < files.length; i++) { totalBytes += files[i].length(); m_status.setText("Calculating upload size: " + totalBytes); }

int kbytes = (int)(totalBytes/1024L); progressTotal.setMaximum(kbytes);

this.filenameVarName = filenameVarName; this.url = url; //beginUpload(url, filenameVarName); }

public void upload() { beginUpload(); }

private void beginUpload() { m_status.setText("Starting upload...");

for(int i = 0; i < files.length; i++) { PostMethod filePost = new PostMethod(url);

filePost.getParams().setBooleanParameter(HttpMethodParams.USE_EXPECT_CONTINUE, false);

try { Part[] parts = { new FilePart("userfile", files[i]) };

filePost.setRequestEntity( new MultipartRequestEntity(parts, filePost.getParams()) );

HttpClient client = new HttpClient(); client.getHttpConnectionManager(). getParams().setConnectionTimeout(5000); m_status.setText("Uploading " + files[i].getName()); int status = client.executeMethod(filePost); if (status == HttpStatus.SC_OK) { System.out.println( files[i].getName() + " - Upload complete, response=" + filePost.getResponseBodyAsString() ); //ta.append("Transfer resulted: " + filePost.getResponseBodyAsString() + "\n\n"); } else { System.out.println( files[i].getName() + " - Upload failed, response=" + HttpStatus.getStatusText(status) ); //ta.append("Transfer resulted: " + HttpStatus.getStatusText(status) + "\n\n"); } totalBytesTransfered += files[i].length(); progressTotal.setValue((int)(totalBytesTransfered/1024L));

} catch (Exception ex) { System.out.println("ERROR: " + ex.getClass().getName() + " "+ ex.getMessage()); ex.printStackTrace(); } finally { filePost.releaseConnection(); }

} }

... }

And the PHP: <?php

$uploaddir = '$_SERVER[DOCUMENT_ROOT]/javastuff/';

$logfile = fopen("$_SERVER[DOCUMENT_ROOT]/javastuff/written.html", "w+");

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) { $content = "File is valid, and was successfully uploaded.\n"; fwrite($logfile, $content); echo "OK"; } else { $content = "Possible file upload attack!\n"; fwrite($logfile, $content); echo "ERROR"; } fclose($logfile);

?>

When I upload a file, it returns this: mountain.png - Upload complete, response=<br /> <b>Warning</b>: move_uploaded_file($_SERVER[DOCUMENT_ROOT]/javatest/mountain.png) [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: failed to open stream: No such file or directory in <b>/home/irishgri/public_html/javatest/upload.php</b> on line <b>7</b><br /> <br /> <b>Warning</b>: move_uploaded_file() [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: Unable to move '/tmp/phpxrtMEx' to '$_SERVER[DOCUMENT_ROOT]/javatest/mountain.png' in <b>/home/irishgri/public_html/javatest/upload.php</b> on line <b>7</b><br /> ERROR

And the log file naturally says: Possible file upload attack!

Is there something I am missing?