来源:蜘蛛抓取(WebSpider)
时间:2016-04-27 05:47
标签:
一般处理程序上传文件
某超大型商业CMS任意文件上传导致代码执行(涉及500强、工业、国企、电商、酒店集团、服务业等等领域)
(window.slotbydup=window.slotbydup || []).push({
id: '2611110',
container: s,
size: '240,200',
display: 'inlay-fix'
您当前位置: &
[ 所属分类
| 时间 2016 |
作者 红领巾 ]
某超大型商业CMS任意文件上传导致代码执行(涉及500强、工业、国企、电商、酒店集团、服务业等等领域)
北京易龙天网科技有限公司
文件上传导致任意代码执行
已交由第三方合作机构(cncert国家互联网应急中心)处理
前人有经验: WooYun: 某超大型商业CMS高危通用SQL注射+Getshell(涉及500强、工业、国企、电商、酒店集团、服务业等等领域)
提交给了Cncert得到很好的修复效果。
某超大型商业CMS通用任意文件上传导致代码执行
# 涉及500强、工业、国企、电商、酒店集团、服务业等等领域
这套CMS提供商是土豪级的,专为世界500强企业、国家A类大型企业、核工业、电商、高大上酒店行业、服务业、商业等各个领域几千个客户服务
国家电网、中国石化、中国石油、中粮、国机重工、国家核电等全部躺枪
各类电商、七星级酒店、世界500强就不例举了
七星迪曼·易龙天
七星迪曼易龙天,是一家为大型企业和组织提供互联网全案整合营销服务的专业企业;主要提供网络整合营销咨询、技术解决方案与产品、品牌营销推广、平台运营等服务。
公司成立于 2003 年,总部位于北京,现有员工超过 140 人。现公司下设 七星迪曼传媒 与 易龙天网科技 两家公司,以及一家独立事业平台 七星酒店网 。
七星迪曼易龙天,与超过 2500 家世界 500 强及高成长性企业深度合作,同时成为 7 家世界 500 强企业纳入优质供应商。
更多案例请戳这里,官网展示更加直观
/kehuanli/
漏洞证明:
CMS为易商宝,其前台存在任意文件上传
因为这个编辑器存在超级严重的问题:
参考链接:http:/*****5yk*****
/Article/zjbghdzj/62437.htm
Version &=2.4.2 For 在处理PHP 上传的地方并未对Media 类型进行上传文件类型的控制,导致用户上传任意文件!将以下保存为html文件,修改action地址。
&form id=&frmUpload& enctype=&multipart/form-data&
1.http://**.**.**
com/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media& method=&post&&Upload a new file:&br&
&input type=&file& name=&NewFile& size=&50&&&br&
&input id=&btnUpload& type=&submit& value=&Upload&&
案例(google随意抽取的20例)
1.http://**.**.**/
apply/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**
/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**
/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**
/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**
/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/framework_gb/
Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/fr
amework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/
framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**
/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/framework
_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
1.http://**.**.**/bln02/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php_
2.http://**.**.**/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php_
3.http://**.**.**/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php_
4.http://**.**.**/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php_
5.http://**.**.**/framework_gb/Web/UI/FCKeditor/editor/filemanager/upload/php/upload.php
测试其中的一例:
修复方案:
升级编辑器版本吧,希望CNCERT给个处置报告,也希望该公司继续积极响应修复该高危漏洞!
版权声明:转载请注明来源 路人甲@乌云
本文web安全相关术语:黑盒测试方法 黑盒测试和白盒测试 网站安全检测 360网站安全检测 网络安全知识 网络安全技术 网络信息安全 网络安全工程师
转载请注明本文标题:本站链接:
分享请点击:
1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
一切随心意!且行且珍惜!
手机客户端
,专注代码审计及安全周边编程,转载请注明出处:http://www.codesec.net
转载文章如有侵权,请邮件 admin[at]codesec.net上一章我们进行了CRUD的操作,很快速的实现了增删改查,是不是很简单呀。本章我们继续完善,增加上传功能以实现照片和简历的上传,为了适应上传的需求我们要调整一些东西,不要被调整的东西搞混乱呀,一定要认真阅读,很容易的哦!
第一步,为了适应上传的需要,我们要调整file和path字段,并调整相关联的变量名称和代码:
打开src\Nlc\InformationBundle\Entity\Employee.php,把以下代码
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
* @var string
* @ORM\Column(name="photo", type="string", length=255)
* @var string
* @ORM\Column(name="file", type="string", length=255)
* Set photo
* @param string $photo
* @return Employee
public function setPhoto($photo)
$this-&photo = $
* Get photo
* @return string
public function getPhoto()
return $this-&
* Set file
* @param string $file
* @return Employee
public function setFile($file)
$this-&file= $
* Get file
* @return string
public function getFile()
return $this-&
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
//src\Nlc\InformationBundle\Entity\Employee.php...&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="photo", type="string", length=255)&&&& */&&&&private $photo;&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="file", type="string", length=255)&&&& */&&&&private $file;&&&&&/**&&&& * Set photo&&&& *&&&& * @param string $photo&&&& * @return Employee&&&& */&&&&public function setPhoto($photo)&&&&{&&&&&&&&$this-&photo = $photo;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get photo&&&& *&&&& * @return string &&&& */&&&&public function getPhoto()&&&&{&&&&&&&&return $this-&photo;&&&&}&&&&&/**&&&& * Set file&&&& *&&&& * @param string $file&&&& * @return Employee&&&& */&&&&public function setFile($file)&&&&{&&&&&&&&$this-&file= $file;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get file&&&& *&&&& * @return string &&&& */&&&&public function getFile()&&&&{&&&&&&&&return $this-&file;&&&&}...
src\Nlc\InformationBundle\Entity\Employee.php
* @var string
* @ORM\Column(name="photopath", type="string", length=255)
* @var string
* @ORM\Column(name="jlpath", type="string", length=255)
* Set photopath
* @param string $photopath
* @return Employee
public function setPhotopath($photopath)
$this-&photopath = $
* Get photopath
* @return string
public function getPhotopath()
return $this-&
* Set jlpath
* @param string $jlpath
* @return Employee
public function setJlpath($jlpath)
$this-&jlpath = $
* Get Jlpath
* @return string
public function getJlpath()
return $this-&
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="photopath", type="string", length=255)&&&& */&&&&private $photopath; &&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="jlpath", type="string", length=255)&&&& */&&&&private $jlpath;&& &&&&&/**&&&& * Set photopath&&&& *&&&& * @param string $photopath&&&& * @return Employee&&&& */&&&&public function setPhotopath($photopath)&&&&{&&&&&&&&$this-&photopath = $photopath;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get photopath&&&& *&&&& * @return string &&&& */&&&&public function getPhotopath()&&&&{&&&&&&&&return $this-&photopath;&&&&}&&&&&/**&&&& * Set jlpath&&&& *&&&& * @param string $jlpath&&&& * @return Employee&&&& */&&&&public function setJlpath($jlpath)&&&&{&&&&&&&&$this-&jlpath = $jlpath;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get Jlpath&&&& *&&&& * @return string &&&& */&&&&public function getJlpath()&&&&{&&&&&&&&return $this-&jlpath;&&&&}
也就是说我们把原来的$photo替换成了$photopath,目的是来存储上传文件的路径到数据库。
第二步,在Doctrine中处理上传
在Doctrine处理文件上传整体思路是:(注意:具体操作和整体思路不是一一对应的)
表单提交(附件提交)
在入库或修改之前,获取上传文件信息并将路径信息入库(在PrePersist和PreUpdate事件中操作)
入库后将上传的文件移动到相应的路径完成上传步骤(在PostPersist和PostUpdate事件中操作)
删除信息时,本地附件也相应的清除(在PostRemove事件中操作)
下面我们一点一点操作:
1)首先添加photofile变量(获取上传的照片信息)和jlfile变量(获取上传的简历信息),并分别添加set和get方法,它的set和get方法和之前自动生成的略有不同,一定要注意。下面我们介绍不同在哪里?因为我们要获取上传文件的信息,在symfony2中方法是Entity中引入:
namespace Nlc\InformationBundle\E
use Symfony\Component\HttpFoundation\File\UploadedF
namespace Nlc\InformationBundle\Entity;....use Symfony\Component\HttpFoundation\File\UploadedFile;....
并在set和get中使用它来获取上传文件的信息,来看看新的代码:
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
namespace Nlc\InformationBundle\E
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as A
use Symfony\Component\HttpFoundation\File\UploadedF
* Employee
* @ORM\Table(name="employeetable")
* @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository")
class Employee
* @Assert\File(maxSize="6000000")
* @Assert\File(maxSize="6000000")
* Sets photofile.
* @param UploadedFile $photofile
public function setPhotofile(UploadedFile $photofile = null)
$this-&photofile = $
* Get photofile.
* @return UploadedFile
public function getPhotofile()
return $this-&
* Sets jlfile.
* @param UploadedFile $jlfile
public function setJlfile(UploadedFile $jlfile = null)
$this-&jlfile = $
* Get jlfile.
* @return UploadedFile
public function getJlfile()
return $this-&
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
//src\Nlc\InformationBundle\Entity\Employee.phpnamespace Nlc\InformationBundle\Entity;&use Doctrine\ORM\Mapping as ORM;use Symfony\Component\Validator\Constraints as Assert;&use Symfony\Component\HttpFoundation\File\UploadedFile;&/** * Employee * * @ORM\Table(name="employeetable") * @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository") */class Employee{&&&&/**&&&& * @Assert\File(maxSize="6000000")&&&& */&&&&private $photofile;&&&&&/**&&&& * @Assert\File(maxSize="6000000")&&&& */&&&&private $jlfile;&&&&&/**&&&& * Sets photofile.&&&& *&&&& * @param UploadedFile $photofile&&&& */&&&&public function setPhotofile(UploadedFile $photofile = null)&&&&{&&&&&&&&$this-&photofile = $photofile;&&&&}&&&&&/**&&&& * Get photofile.&&&& *&&&& * @return UploadedFile&&&& */&&&&public function getPhotofile()&&&&{&&&&&&&&return $this-&photofile;&&&&}&&&&&&/**&&&& * Sets jlfile.&&&& *&&&& * @param UploadedFile $jlfile&&&& */&&&&public function setJlfile(UploadedFile $jlfile = null)&&&&{&&&&&&&&$this-&jlfile = $jlfile;&&&&&}&&&&&/**&&&& * Get jlfile.&&&& *&&&& * @return UploadedFile&&&& */&&&&public function getJlfile()&&&&{&&&&&&&&return $this-&jlfile;&&&&}
以上还加了一些验证,来控制文件上传大小。
2)修改src\Nlc\InformationBundle\Form\EmployeeType.php
public function buildForm(FormBuilderInterface $builder, array $options)
-&add('name')
-&add('age')
-&add('sex')
-&add('education')
-&add('photofile')
-&add('jlfile')
-&add('createtime')
-&add('updatetime')
-&add('category')
1234567891011121314
&&&&public function buildForm(FormBuilderInterface $builder, array $options)&&&&{&&&&&&&&$builder&&&&&&&&&&&&-&add('name')&&&&&&&&&&&&-&add('age')&&&&&&&&&&&&-&add('sex')&&&&&&&&&&&&-&add('education')&&&&&&&&&&&&-&add('photofile')&&&&&&&&&&&&-&add('jlfile')&&&&&&&&&&&&-&add('createtime')&&&&&&&&&&&&-&add('updatetime')&&&&&&&&&&&&-&add('category')&&&&&&&&;&&&&}
让表单能够正常显示上传控件。
3)创建文件的唯一名称
添加一个唯一的编码,来重命名上传的文件和图片让他们有一个唯一的名称避免重复。
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
namespace Nlc\InformationBundle\E
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as A
use Symfony\Component\HttpFoundation\File\UploadedF
* Employee
* @ORM\Table(name="employeetable")
* @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository")
class Employee
12345678910111213141516171819202122
//src\Nlc\InformationBundle\Entity\Employee.phpnamespace Nlc\InformationBundle\Entity;&use Doctrine\ORM\Mapping as ORM;use Symfony\Component\Validator\Constraints as Assert;&use Symfony\Component\HttpFoundation\File\UploadedFile;&/** * Employee * * @ORM\Table(name="employeetable") * @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository") */class Employee{....private $photouniqid;&private $jlfileuniqid;&....
以上photouniqid(照片唯一名称)和jlfileuniqid(简历文件的唯一名称)不用创建get和set。
4)创建文件上传的相关路径
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
protected function getRootDir()
// the absolute directory path where uploaded
// documents should be saved
return __DIR__.'/../../../../web/';
protected function getUploadRootDir()
// the absolute directory path where uploaded
// documents should be saved
return $this-&getRootDir().$this-&getUploadDir();
protected function getUploadDir()
// get rid of the __DIR__ so it doesn't screw up
// when displaying uploaded doc/image in the view.
return 'uploads/documents';
123456789101112131415161718192021
//src\Nlc\InformationBundle\Entity\Employee.php&&&&&protected function getRootDir()&&&&{&&&&&&&&// the absolute directory path where uploaded&&&&&&&&// documents should be saved&&&&&&&&return __DIR__.'/../../../../web/';&&&&}&&&&&protected function getUploadRootDir()&&&&{&&&&&&&&// the absolute directory path where uploaded&&&&&&&&// documents should be saved&&&&&&&&return $this-&getRootDir().$this-&getUploadDir();&&&&}&&&&protected function getUploadDir()&&&&{&&&&&&&&// get rid of the __DIR__ so it doesn't screw up&&&&&&&&// when displaying uploaded doc/image in the view.&&&&&&&&return 'uploads/documents';&&&&}
getRootDir()方法:获取web目录在硬盘上的路径,getUploadDir()方法:设置文件上传的相对路径。getUploadRootDir()方法:getRootDir()和getUploadDir()相加获得完整的上传路径;
5)添加唯一命名标识后,我们要添加重要的部分了HasLifecycleCallbacks来触发PrePersist、PreUpdate、PostPersist、PostUpdate、PostRemove。
* Employee
* @ORM\Table(name="employeetable")
* @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository")
* @ORM\HasLifecycleCallbacks()
class Employee
123456789101112
.....&/** * Employee * * @ORM\Table(name="employeetable") * @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository") * @ORM\HasLifecycleCallbacks() */class Employee{......
要在入库前要在PrePersist、PreUpdate进行文件重命名并创建文件相对路径
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
* @ORM\PrePersist
* @ORM\PreUpdate
public function preUpload()
$this-&photouniqid=uniqid();
$this-&jlfileuniqid=uniqid();
if (null !== $this-&getPhotofile()) {
$this-&photopath = $this-&getUploadDir()."/".$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension();
if (null !== $this-&getJlfile()) {
$this-&jlpath = $this-&getUploadDir()."/".$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension();
12345678910111213141516171819
//src\Nlc\InformationBundle\Entity\Employee.php&& ... &&&&/**&&&& * @ORM\PrePersist&&&& * @ORM\PreUpdate&&&& */&&&&public function preUpload()&&&&{&&&&&&&&$this-&photouniqid=uniqid();&&&&&&&&$this-&jlfileuniqid=uniqid();&&&&&&&&&if (null !== $this-&getPhotofile()) {&&&&&&&&&&&&$this-&photopath = $this-&getUploadDir()."/".$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension();&&&&&&&&}&&&&&&&&if (null !== $this-&getJlfile()) {&&&&&&&&&&&&$this-&jlpath = $this-&getUploadDir()."/".$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension();&&&&&&&&}&&&&}...
好我们要上传文件了,在哪个步骤上传呢,应该在信息入库之后,我们调用PostPersist、PostUpdate来完成上传工作,代码来了很简单的哦!
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
* @ORM\PostPersist
* @ORM\PostUpdate
public function photoupload()
//判断是否上传文件是否成功
if (null === $this-&getPhotofile()) {
//完成文件上传
$this-&getPhotofile()-&move(
$this-&getUploadRootDir(),
$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension()
$this-&setPhotofile(null);
* @ORM\PostPersist
* @ORM\PostUpdate
public function jlupload()
if (null === $this-&getJlfile()) {
$this-&getJlfile()-&move(
$this-&getUploadRootDir(),
$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension()
$this-&setJlpath(null);
1234567891011121314151617181920212223242526272829303132333435363738394041
//src\Nlc\InformationBundle\Entity\Employee.php...&&&&/**&&&& * @ORM\PostPersist&&&& * @ORM\PostUpdate&&&& */&&&&public function photoupload()&&&&{&&&&&&&&//判断是否上传文件是否成功&&&&&&&&if (null === $this-&getPhotofile()) {&&&&&&&&&&&&return;&&&&&&&&}&&&&&&&&&//完成文件上传&&&&&&&&$this-&getPhotofile()-&move(&&&&&&&&&&&&$this-&getUploadRootDir(),&&&&&&&&&&&&$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension()&&&&&&&&);&&&&&&&&&$this-&setPhotofile(null);&&&&}&&&&&/**&&&& * @ORM\PostPersist&&&& * @ORM\PostUpdate&&&& */&&&&public function jlupload()&&&&{&&&&&&&&if (null === $this-&getJlfile()) {&&&&&&&&&&&&return;&&&&&&&&}&&&&&&&&&&&&&&&&&$this-&getJlfile()-&move(&&&&&&&&&&&&$this-&getUploadRootDir(),&&&&&&&&&&&&$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension()&&&&&&&&);&&&&&&&&&$this-&setJlpath(null);&&&&}...
$this-&getPhotofile()主要判断图片是否进行了上传或者上传无误。$this-&getPhotofile()-&move()的意思是将上传的文件移动到指定的web指定的上传文件夹并把文件进行重命名。$this-&setPhotofile(null);清空上传的文件信息。
6)删除信息时文件自动清除
* @ORM\PostRemove
public function removeUpload()
if(file_exists($this-&photopath)) {
unlink($this-&getRootDir().$this-&photopath);
if(file_exists($this-&jlpath)) {
unlink($this-&getRootDir().$this-&jlpath);
123456789101112
&&&&/**&&&& * @ORM\PostRemove&&&& */&&&&public function removeUpload()&&&&{&&&&&&&&if(file_exists($this-&photopath)) {&&&&&&&&&&&&&&&&unlink($this-&getRootDir().$this-&photopath);&&&&&&&&}&&&&&&&&if(file_exists($this-&jlpath)) {&&&&&&&&&&&&unlink($this-&getRootDir().$this-&jlpath);&&&&&&&&}&&&&}
7)下面来看一下完整的src\Nlc\InformationBundle\Entity\Employee.php文件,你的思路会更清晰:
src\Nlc\InformationBundle\Entity\Employee.php
//src\Nlc\InformationBundle\Entity\Employee.php
namespace Nlc\InformationBundle\E
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as A
use Symfony\Component\HttpFoundation\File\UploadedF
* Employee
* @ORM\Table(name="employeetable")
* @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository")
* @ORM\HasLifecycleCallbacks()
class Employee
* @ORM\ManyToOne(targetEntity="Category",inversedBy="employees")
* @ORM\JoinColumn(name="categoryid", referencedColumnName="id")
* @var integer
* @ORM\Column(name="id", type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
* @var string
* @ORM\Column(name="name", type="string", length=255)
* @var integer
* @ORM\Column(name="age", type="integer")
* @var string
* @ORM\Column(name="sex", type="string", length=255)
* @var string
* @ORM\Column(name="education", type="string", length=255)
* @var string
* @ORM\Column(name="photopath", type="string", length=255)
* @Assert\File(maxSize="6000000")
* @var string
* @ORM\Column(name="jlpath", type="string", length=255)
* @Assert\File(maxSize="6000000")
* @var \DateTime
* @ORM\Column(name="createtime", type="datetime")
* @var \DateTime
* @ORM\Column(name="updatetime", type="datetime")
* @return integer
public function getId()
return $this-&
* Set name
* @param string $name
* @return Employee
public function setName($name)
$this-&name = $
* Get name
* @return string
public function getName()
return $this-&
* @param integer $age
* @return Employee
public function setAge($age)
$this-&age = $
* @return integer
public function getAge()
return $this-&
* @param string $sex
* @return Employee
public function setSex($sex)
$this-&sex = $
* @return string
public function getSex()
return $this-&
* Set education
* @param string $education
* @return Employee
public function setEducation($education)
$this-&education = $
* Get education
* @return string
public function getEducation()
return $this-&
* Set createtime
* @param \DateTime $createtime
* @return Employee
public function setCreatetime($createtime)
$this-&createtime = $
* Get createtime
* @return \DateTime
public function getCreatetime()
return $this-&
* Set updatetime
* @param \DateTime $updatetime
* @return Employee
public function setUpdatetime($updatetime)
$this-&updatetime = $
* Get updatetime
* @return \DateTime
public function getUpdatetime()
return $this-&
* @ORM\PrePersist
public function setCreatetimeValue()
if(!$this-&getCreatetime()) {
$this-&createtime = new \DateTime();
* @ORM\PreUpdate
public function setUpdatetimeValue()
$this-&updatetime = new \DateTime();
* Set category
* @param \Nlc\InformationBundle\Entity\Category $category
* @return Employee
public function setCategory(\Nlc\InformationBundle\Entity\Category $category = null)
$this-&category = $
* Get category
* @return \Nlc\InformationBundle\Entity\Category
public function getCategory()
return $this-&
* Set photopath
* @param string $photopath
* @return Employee
public function setPhotopath($photopath)
$this-&photopath = $
* Get photopath
* @return string
public function getPhotopath()
return $this-&
* Set jlpath
* @param string $jlpath
* @return Employee
public function setJlpath($jlpath)
$this-&jlpath = $
* Get Jlpath
* @return string
public function getJlpath()
return $this-&
* Sets photofile.
* @param UploadedFile $photofile
public function setPhotofile(UploadedFile $photofile = null)
$this-&photofile = $
* Get photofile.
* @return UploadedFile
public function getPhotofile()
return $this-&
* Sets jlfile.
* @param UploadedFile $jlfile
public function setJlfile(UploadedFile $jlfile = null)
$this-&jlfile = $
* Get jlfile.
* @return UploadedFile
public function getJlfile()
return $this-&
* @ORM\PrePersist
* @ORM\PreUpdate
public function preUpload()
$this-&photouniqid=uniqid();
$this-&jlfileuniqid=uniqid();
if (null !== $this-&getPhotofile()) {
$this-&photopath = $this-&getUploadDir()."/".$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension();
if (null !== $this-&getJlfile()) {
$this-&jlpath = $this-&getUploadDir()."/".$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension();
* @ORM\PostPersist
* @ORM\PostUpdate
public function photoupload()
if (null === $this-&getPhotofile()) {
// you must throw an exception here if the file cannot be moved
// so that the entity is not persisted to the database
// which the UploadedFile move() method does
$this-&getPhotofile()-&move(
$this-&getUploadRootDir(),
$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension()
$this-&setPhotofile(null);
* @ORM\PostPersist
* @ORM\PostUpdate
public function jlupload()
if (null === $this-&getJlfile()) {
// you must throw an exception here if the file cannot be moved
// so that the entity is not persisted to the database
// which the UploadedFile move() method does
$this-&getJlfile()-&move(
$this-&getUploadRootDir(),
$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension()
$this-&setJlpath(null);
* @ORM\PostRemove
public function removeUpload()
if(file_exists($this-&photopath)) {
unlink($this-&getRootDir().$this-&photopath);
if(file_exists($this-&jlpath)) {
unlink($this-&getRootDir().$this-&jlpath);
protected function getRootDir()
return __DIR__.'/../../../../web/';
protected function getUploadRootDir()
// the absolute directory path where uploaded
// documents should be saved
return $this-&getRootDir().$this-&getUploadDir();
protected function getUploadDir()
// get rid of the __DIR__ so it doesn't screw up
// when displaying uploaded doc/image in the view.
return 'uploads/documents';
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486
//src\Nlc\InformationBundle\Entity\Employee.php&?php&namespace Nlc\InformationBundle\Entity;&use Doctrine\ORM\Mapping as ORM;use Symfony\Component\Validator\Constraints as Assert;&use Symfony\Component\HttpFoundation\File\UploadedFile;&/** * Employee * * @ORM\Table(name="employeetable") * @ORM\Entity(repositoryClass="Nlc\InformationBundle\Entity\EmployeeRepository") * @ORM\HasLifecycleCallbacks() */class Employee{&&&&/**&&&& * @ORM\ManyToOne(targetEntity="Category",inversedBy="employees")&&&& * @ORM\JoinColumn(name="categoryid", referencedColumnName="id")&&&& */&&&& public $category;&&&&&/**&&&& * @var integer&&&& *&&&& * @ORM\Column(name="id", type="integer")&&&& * @ORM\Id&&&& * @ORM\GeneratedValue(strategy="AUTO")&&&& */&&&&private $id;&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="name", type="string", length=255)&&&& */&&&&private $name;&&&&&/**&&&& * @var integer&&&& *&&&& * @ORM\Column(name="age", type="integer")&&&& */&&&&private $age;&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="sex", type="string", length=255)&&&& */&&&&private $sex;&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="education", type="string", length=255)&&&& */&&&&private $education;&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="photopath", type="string", length=255)&&&& */&&&&private $photopath;&&&&&/**&&&& * @Assert\File(maxSize="6000000")&&&& */&&&&private $photofile;&&&&private $photouniqid;&&&&&&/**&&&& * @var string&&&& *&&&& * @ORM\Column(name="jlpath", type="string", length=255)&&&& */&&&&private $jlpath;&&&&&/**&&&& * @Assert\File(maxSize="6000000")&&&& */&&&&private $jlfile;&&&&private $jlfileuniqid;&&&&&&&&&/**&&&& * @var \DateTime&&&& *&&&& * @ORM\Column(name="createtime", type="datetime")&&&& */&&&&private $createtime;&&&&&/**&&&& * @var \DateTime&&&& *&&&& * @ORM\Column(name="updatetime", type="datetime")&&&& */&&&&private $updatetime;&&&&&&/**&&&& * Get id&&&& *&&&& * @return integer &&&& */&&&&public function getId()&&&&{&&&&&&&&return $this-&id;&&&&}&&&&&/**&&&& * Set name&&&& *&&&& * @param string $name&&&& * @return Employee&&&& */&&&&public function setName($name)&&&&{&&&&&&&&$this-&name = $name;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get name&&&& *&&&& * @return string &&&& */&&&&public function getName()&&&&{&&&&&&&&return $this-&name;&&&&}&&&&&/**&&&& * Set age&&&& *&&&& * @param integer $age&&&& * @return Employee&&&& */&&&&public function setAge($age)&&&&{&&&&&&&&$this-&age = $age;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get age&&&& *&&&& * @return integer &&&& */&&&&public function getAge()&&&&{&&&&&&&&return $this-&age;&&&&}&&&&&/**&&&& * Set sex&&&& *&&&& * @param string $sex&&&& * @return Employee&&&& */&&&&public function setSex($sex)&&&&{&&&&&&&&$this-&sex = $sex;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get sex&&&& *&&&& * @return string &&&& */&&&&public function getSex()&&&&{&&&&&&&&return $this-&sex;&&&&}&&&&&/**&&&& * Set education&&&& *&&&& * @param string $education&&&& * @return Employee&&&& */&&&&public function setEducation($education)&&&&{&&&&&&&&$this-&education = $education;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get education&&&& *&&&& * @return string &&&& */&&&&public function getEducation()&&&&{&&&&&&&&return $this-&education;&&&&}&&&&&&&&&/**&&&& * Set createtime&&&& *&&&& * @param \DateTime $createtime&&&& * @return Employee&&&& */&&&&public function setCreatetime($createtime)&&&&{&&&&&&&&$this-&createtime = $createtime;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get createtime&&&& *&&&& * @return \DateTime &&&& */&&&&public function getCreatetime()&&&&{&&&&&&&&return $this-&createtime;&&&&}&&&&&/**&&&& * Set updatetime&&&& *&&&& * @param \DateTime $updatetime&&&& * @return Employee&&&& */&&&&public function setUpdatetime($updatetime)&&&&{&&&&&&&&$this-&updatetime = $updatetime;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get updatetime&&&& *&&&& * @return \DateTime &&&& */&&&&public function getUpdatetime()&&&&{&&&&&&&&return $this-&updatetime;&&&&}&&&&&/**&&&& * @ORM\PrePersist&&&& */&&&&public function setCreatetimeValue()&&&&{&&&&&&&&if(!$this-&getCreatetime()) {&&&&&&&&&&&&$this-&createtime = new \DateTime();&&&&&&&&}&&&&}&&&&&/**&&&& * @ORM\PreUpdate&&&& */&&&&public function setUpdatetimeValue()&&&&{&&&&&&&&$this-&updatetime = new \DateTime();&&&&}&&&&&/**&&&& * Set category&&&& *&&&& * @param \Nlc\InformationBundle\Entity\Category $category&&&& * @return Employee&&&& */&&&&public function setCategory(\Nlc\InformationBundle\Entity\Category $category = null)&&&&{&&&&&&&&$this-&category = $category;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get category&&&& *&&&& * @return \Nlc\InformationBundle\Entity\Category &&&& */&&&&public function getCategory()&&&&{&&&&&&&&return $this-&category;&&&&}&&&&&/**&&&& * Set photopath&&&& *&&&& * @param string $photopath&&&& * @return Employee&&&& */&&&&public function setPhotopath($photopath)&&&&{&&&&&&&&$this-&photopath = $photopath;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get photopath&&&& *&&&& * @return string &&&& */&&&&public function getPhotopath()&&&&{&&&&&&&&return $this-&photopath;&&&&}&&&&&/**&&&& * Set jlpath&&&& *&&&& * @param string $jlpath&&&& * @return Employee&&&& */&&&&public function setJlpath($jlpath)&&&&{&&&&&&&&$this-&jlpath = $jlpath;&&&&&&&&&return $this;&&&&}&&&&&/**&&&& * Get Jlpath&&&& *&&&& * @return string &&&& */&&&&public function getJlpath()&&&&{&&&&&&&&return $this-&jlpath;&&&&}&&&&&&&/**&&&& * Sets photofile.&&&& *&&&& * @param UploadedFile $photofile&&&& */&&&&public function setPhotofile(UploadedFile $photofile = null)&&&&{&&&&&&&&$this-&photofile = $photofile;&&&&}&&&&&/**&&&& * Get photofile.&&&& *&&&& * @return UploadedFile&&&& */&&&&public function getPhotofile()&&&&{&&&&&&&&return $this-&photofile;&&&&}&&&&&&/**&&&& * Sets jlfile.&&&& *&&&& * @param UploadedFile $jlfile&&&& */&&&&public function setJlfile(UploadedFile $jlfile = null)&&&&{&&&&&&&&$this-&jlfile = $jlfile;&&&&&}&&&&&/**&&&& * Get jlfile.&&&& *&&&& * @return UploadedFile&&&& */&&&&public function getJlfile()&&&&{&&&&&&&&return $this-&jlfile;&&&&}&&&&&&&/**&&&& * @ORM\PrePersist&&&& * @ORM\PreUpdate&&&& */&&&&public function preUpload()&&&&{&&&&&&&&$this-&photouniqid=uniqid();&&&&&&&&$this-&jlfileuniqid=uniqid();&&&&&&&&&if (null !== $this-&getPhotofile()) {&&&&&&&&&&&&$this-&photopath = $this-&getUploadDir()."/".$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension();&&&&&&&&}&&&&&&&&if (null !== $this-&getJlfile()) {&&&&&&&&&&&&$this-&jlpath = $this-&getUploadDir()."/".$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension();&&&&&&&&}&&&&}&&&&&/**&&&& * @ORM\PostPersist&&&& * @ORM\PostUpdate&&&& */&&&&public function photoupload()&&&&{&&&&&&&&if (null === $this-&getPhotofile()) {&&&&&&&&&&&&return;&&&&&&&&}&&&&&&&&&// you must throw an exception here if the file cannot be moved&&&&&&&&// so that the entity is not persisted to the database&&&&&&&&// which the UploadedFile move() method does&&&&&&&&$this-&getPhotofile()-&move(&&&&&&&&&&&&$this-&getUploadRootDir(),&&&&&&&&&&&&$this-&photouniqid.'photo.'.$this-&getPhotofile()-&guessExtension()&&&&&&&&);&&&&&&&&&$this-&setPhotofile(null);&&&&}&&&&&/**&&&& * @ORM\PostPersist&&&& * @ORM\PostUpdate&&&& */&&&&public function jlupload()&&&&{&&&&&&&&if (null === $this-&getJlfile()) {&&&&&&&&&&&&return;&&&&&&&&}&&&&&&&&&// you must throw an exception here if the file cannot be moved&&&&&&&&// so that the entity is not persisted to the database&&&&&&&&// which the UploadedFile move() method does&&&&&&&&$this-&getJlfile()-&move(&&&&&&&&&&&&$this-&getUploadRootDir(),&&&&&&&&&&&&$this-&jlfileuniqid.'jlfile.'.$this-&getJlfile()-&guessExtension()&&&&&&&&);&&&&&&&&&$this-&setJlpath(null);&&&&}&&&&&&&/**&&&& * @ORM\PostRemove&&&& */&&&&public function removeUpload()&&&&{&&&&&&&&if(file_exists($this-&photopath)) {&&&&&&&&&&&&&&&&unlink($this-&getRootDir().$this-&photopath);&&&&&&&&}&&&&&&&&if(file_exists($this-&jlpath)) {&&&&&&&&&&&&unlink($this-&getRootDir().$this-&jlpath);&&&&&&&&}&&&&}&&&&&protected function getRootDir()&&&&{&&&&&&&&return __DIR__.'/../../../../web/';&&&&}&&&&&protected function getUploadRootDir()&&&&{&&&&&&&&// the absolute directory path where uploaded&&&&&&&&// documents should be saved&&&&&&&&return $this-&getRootDir().$this-&getUploadDir();&&&&}&&&&protected function getUploadDir()&&&&{&&&&&&&&// get rid of the __DIR__ so it doesn't screw up&&&&&&&&// when displaying uploaded doc/image in the view.&&&&&&&&return 'uploads/documents';&&&&}&}
很容易吧!下面我们调整一些上传后,模板显示的细节。
第三步,调整页面细节
需要调整两个页面
1)src\Nlc\InformationBundle\Resources\views\Employee\show.html.twig上传后会跳转到此页显示,我们要让照片能够显示出来、让简历能够下载,而不是只显示URL。
将此页面的
&td&{{ entity.photo }}&/td&
&td&{{ entity.file }}&/td&
&td&{{ entity.photo }}&/td&&&td&{{ entity.file }}&/td&
&td&&img src="{{ asset(entity.photopath) }}" /&&/td&
&td&&a href="{{ entity.jlpath }}" target="_blank" &{{ entity.name }}简历下载&/a& &/td&
&td&&img src="{{ asset(entity.photopath) }}" /&&/td&&&td&&a href="{{ entity.jlpath }}" target="_blank" &{{ entity.name }}简历下载&/a& &/td&
看看上传后这个页面的效果:
虽然很简单但是功能已经实现,后面我们再美化模板。
2)在调整一下列表页以免他报错
src\Nlc\InformationBundle\Resources\views\Employee\index.html.twig
&td&{{ entity.photo }}&/td&
&td&{{ entity.file }}&/td&
&td&{{ entity.photo }}&/td&&td&{{ entity.file }}&/td&
&td&{{ entity.photopath }}&/td&
&td&{{ entity.jlpath }}&/td&
&td&{{ entity.photopath }}&/td&&td&{{ entity.jlpath }}&/td&
剩余的页面细节,会在整体功能完成后,更换我们自己制作的模板时,整体调整,不要着急哦。所以说下面几章也不会将我们之前的模板渲染到这个程序中,只有最后完成了主要功能我们才会进行模板的渲染。
