Geek Answers Handbook

Drupal Filefield will not load javascript files?

I have a website where some pages may require some javascript or CSS files connected to them. I try to keep everything on the client side when it comes to managing this process, instead of going to FTP and sorting everything in the code, so I need to be able to upload css and js files.

I have a CCK file field and it works, and it works with css files, but it refuses to load .js files. Instead, it seems to treat each .js as ".js.txt" and then the file appears on the server as thisismyfile.js.txt

Not perfect...

Does anyone know how to get around this. This is a mime type issue with Drupal or the server, or Drupal is configured to avoid script downloads and n00b hacker attacks.

After downloading the files, I intend to use the PHP mode on the page or node to call drupal_add_css and drupal_add_js .

+5
source share
6 answers

Looking at the function field_file_save_file()in field_file.incfrom the file field module, you can find the following fragment

// Rename potentially executable files, to help prevent exploits.
if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
  $file->filemime = 'text/plain';
  $file->filepath .= '.txt';
  $file->filename .= '.txt';
}

So yes, this is a “security thing,” as Jeremy guessed.

You can fix this RegEx for an immediate “fix”, but it will completely remove this useful security check for all file fields used on the site.

, . drupal_add_js() , , , , "" (, , ).

: ( ) drupal_add_js():

  • , file_move(). , , , . ( "fid" , "fid" "filename", "filepath" "filemime" /)
  • *.js.txt "inline" drupal_add_js(). "" , , .
  • : *.js.txt drupal_add_js(), "". , ( , firefox). " ", "jnamed ".
+5

Drupal javascript , , .txt. , js php, pl, py, cgi, asp. , Drupal , , , . , .

+2

, .js ( .txt mimetype /javascript ) . , Drupal core... .

, hook_file_presave(). Multiupload File Widget, file_save().

, MYMODULE_NAME MYFIELD_NAME .

function MYMODULE_NAME_file_presave($file) {

    // Bypass secure file extension for .js for field_additional_js field only
    if((isset($file->source) && strpos($file->source, "MYFIELD_NAME") !== FALSE) && substr($file->filename, strlen($file->filename) - 7) == ".js.txt") {

        // Define new uri and save previous
        $original_uri = $file->uri;
        $new_uri = substr($file->destination, null, -4);

        // Alter file object
        $file->filemime = 'application/javascript';
        $file->filename = substr($file->filename, null, -4);
        $file->destination = file_destination($new_uri, FILE_EXISTS_RENAME);
        $file->uri = $file->destination;

        // Move fil (to remove .txt)
        file_unmanaged_move($original_uri, $file->destination);

        // Display message that says that
        drupal_set_message(t('Security bypassed for .js for this specific field (%f).', array('%f' => $file->filename)));
    }
}
+2

, , allow_insecure_uploads, hook_install:

 variable_set('allow_insecure_uploads', 1);


/**
 * Implementation of FileField hook_file_insert().
 */
function MODULE_NAME_file_insert(&$file) {
  //look for files with the extenstion .js.txt and rename them to just .js
  if(substr($file->filename, -7) == '.js.txt'){
  $file_path = $file->filepath;
  $new_file_path = substr($file_path, 0, strlen($file_path)-4);
  file_move($file_path, $new_file_path);

  $file->filepath = $file_path;
  $file->filename = substr($file->filename, 0, strlen($file->filename)-4);
  $file->filemime = file_get_mimetype($file->filename);
  $file->destination = $file->filepath;
  $file->status = FILE_STATUS_TEMPORARY;
  drupal_write_record('files', $file);
}

, hook_insert , ".js.txt". . , . , , js , files/js. , .

+1

Drupal "munges" javascript . Drupal , , , "munged".

1 ( REGEX include/file.inc).

, . Javascript , php, py, pl, cgi asp.

, php .

:

variable_set ('allow_insecure_uploads', 1);

: http://api.drupal.org/api/function/file_munge_filename/6

0

, .js .

.js, .

js, , , drupal_clear_js_cache().

http://api.drupal.org/api/function/drupal_clear_js_cache/6

, Drupal .js, .

, ".txt", .

, , , .js ( FTP) /misc.: (

0

More articles:


All Articles