Data
/
tinymce-docs
mirror of https://github.com/tinymce/tinymce-docs.git
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

DOC-717: Improved the postAcceptor.php script to actually work for cross origin requests (#1753) 

* DOC-717: Improved the postAcceptor.php script to actually work for cross origin requests

* Fixed a typo

Co-authored-by: Tyler Kelly <tyler.kelly@tiny.cloud>
pull/1765/head
Lee Newson 5 years ago
committed by GitHub
parent
4074fbceb4
commit
7d721ccff0
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      advanced/php-upload-handler.md

32
advanced/php-upload-handler.md
View File

@ -25,19 +25,25 @@ The following PHP script creates a server-side upload handler suitable for {{sit
*********************************************/ *********************************************/
$imageFolder = "images/"; $imageFolder = "images/";
if (isset($_SERVER['HTTP_ORIGIN'])) {
// same-origin requests won't set an origin. If the origin is set, it must be valid.
if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
} else {
header("HTTP/1.1 403 Origin Denied");
return;
}
}
// Don't attempt to process the upload on an OPTIONS request
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
header("Access-Control-Allow-Methods: POST, OPTIONS");
return;
}
reset ($_FILES); reset ($_FILES);
$temp = current($_FILES); $temp = current($_FILES);
if (is_uploaded_file($temp['tmp_name'])){ if (is_uploaded_file($temp['tmp_name'])){
if (isset($_SERVER['HTTP_ORIGIN'])) {
// same-origin requests won't set an origin. If the origin is set, it must be valid.
if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
} else {
header("HTTP/1.1 403 Origin Denied");
return;
}
}
/* /*
If your script needs to receive cookies, set images_upload_credentials : true in If your script needs to receive cookies, set images_upload_credentials : true in
the configuration and enable the following two headers. the configuration and enable the following two headers.
@ -61,10 +67,14 @@ The following PHP script creates a server-side upload handler suitable for {{sit
$filetowrite = $imageFolder . $temp['name']; $filetowrite = $imageFolder . $temp['name'];
move_uploaded_file($temp['tmp_name'], $filetowrite); move_uploaded_file($temp['tmp_name'], $filetowrite);
// Determine the base URL
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? "https://" : "http://";
$baseurl = $protocol . $_SERVER["HTTP_HOST"] . rtrim(dirname($_SERVER['REQUEST_URI']), "/") . "/";
// Respond to the successful upload with JSON. // Respond to the successful upload with JSON.
// Use a location key to specify the path to the saved image resource. // Use a location key to specify the path to the saved image resource.
// { location : '/your/uploaded/image/file'} // { location : '/your/uploaded/image/file'}
echo json_encode(array('location' => $filetowrite));
echo json_encode(array('location' => $baseurl . $filetowrite));
} else { } else {
// Notify editor that the upload failed // Notify editor that the upload failed
header("HTTP/1.1 500 Server Error"); header("HTTP/1.1 500 Server Error");

Write Preview
Loading…
Cancel
Save