处理得很好"POST内容 - 字节长度超过"警告限制

Question

美好的一天)我正在构建一个WordPress插件LMS,允许用户通过AJAX将他们完成的家庭作业文件附加到他们的答案.一切正常,但用户文件超过允许的最大大小的情况除外.在这种情况下,我的AJAX调用返回HTML,并带有以下警告:

<b>Warning</b>:  POST Content-Length of XXXXX bytes exceeds the limit of XXXXX bytes in <b>Unknown</b> on line <b>0</b><br />

由于在我的脚本的字符串0上生成了这种警告,它会死掉并忽略任何其他指令,因为我的调用留下了这个丑陋的字符串.你基本上可以忍受它,因为最终用户不会看到它(只是AJAX调用没有预期的结果),但我仍然想知道是否有机会跳过它并很好地处理它？

好的,我已经做过什么样的研究:

1. 我发现Andrew Curioso的这个教程,并尝试从中做出类似的东西:

   if (isset($_SERVER['CONTENT_LENGTH'])) {
       if ($_SERVER['CONTENT_LENGTH'] > (substr(ini_get('post_max_size'), -1) * 1024 * 1024)) {
           echo 'php errors is so much fun';
       }
   }
   

它没有产生预期的效果,因为我的脚本仍然只有从IF语句回显附加字符串的积极效果而死(此外,如果你尝试做类似wp_send_json(errorsArray)的事情,它将不会被执行).

2. 使用display_errors,error_reporting关闭显示错误.好吧,这不是我需要的,因为它仍然不允许我继续使用脚本并创建自定义错误处理程序.

3. 我的WP_DEBUG设置为FALSE

我不想要的是什么样的建议是手动编辑max_upload_size,max_post_size等.因为手动编辑服务器文件不符合插件的原则.无论如何,即使您将最大上传大小设置为10GB,一旦最终用户尝试上传11GB.

总而言之,众所周知,这种机制是在数千个网站和应用程序上实现的,我想知道如何最大限度地提高我的脚本质量,处理这个问题而不会出现过度杀伤和糟糕的用户体验.

感谢分享您的想法:)

UPD1 如果有帮助,这是我的AJAX调用:

$('#post-assignment-answer').on('click', function (event) {
    event.preventDefault();

    tinymce.triggerSave();
    var answerContent = tinymce.get('assignment_user_input_textarea').getContent();

    var answerFile = $('#assignment-file-upload')[0].files[0];

    var formData = new FormData();

    formData.append('action', 'post_assignment_answer');
    formData.append('security', lucid_single_assignment_params.post_assignment_answer_nonce);
    formData.append('post_id', lucid_single_assignment_params.post_id);
    formData.append('answer_content', answerContent);
    formData.append('answer_file', answerFile);

    $.ajax({
        url: lucid_single_assignment_params.ajax_url,
        type: 'post',
        data: formData,
        contentType: false,
        processData: false,
        success: function (result) {
            console.log(result);
        }
    });
});

UPD2:添加了AJAX处理php

<?php

/**
 * Post Assignment Answer
 *
 * @version       1.0.0
 */

if ( ! defined( 'ABSPATH' ) ) {
    exit;
} // Exit if accessed directly

// Create AJAX call $result
$result = array(
    'fileTypeError' => false,
    'fileSizeError' => false,
    'uploadError' => false
);

// Retrieving current post ID
$post_id = $_POST['post_id'];

// Retrieving WYSIWYG content
$answer_content = '';

if (! (trim($_POST['answer_content']) == '') ) {

    $answer_content = wp_kses_post($_POST['answer_content']);

}

// Updating WYSIWYG meta field
update_post_meta($post_id, '_answer_content', $answer_content);

// Check if user intends to upload a file
if (!empty($_FILES['answer_file'])) {

    // Adding timestamp to file name
    $_FILES['answer_file']['name'] = round(microtime(true)) . '_' . $_FILES['answer_file']['name'];
    $answer_file = $_FILES['answer_file'];

    // Setting up uploaded file type validation
    $supported_types = array(
        'text/plain' // .txt
    );

    $arr_file_type = wp_check_filetype(basename($answer_file['name']));

    $uploaded_type = $arr_file_type['type'];

    // Setting up uploaded file size validation // TODO: This should be optimized
    $allowed_size = 8388608;
    $uploaded_size = $answer_file['size'];

    // Validating, and in a case of success completing upload
    if (!in_array($uploaded_type, $supported_types)) {

        $result['fileTypeError'] = __('The type of file you\'ve provided is not allowed', 'lucidlms');

    } elseif ($uploaded_size > $allowed_size) {

        $result['fileSizeError'] = __('The size of file you\'ve provided is exceeding the maximum upload size', 'lucidlms');

    } else {

        /**
         * Override the default upload path.
         *
         * @param   array   $dir
         * @return  array
         */
        function lucidlms_assignment_upload_dir( $dir ) {
            global $user_ID;

            return array(
                'path'   => $dir['basedir'] . '/lucidlms/assignment/user' . $user_ID,
                'url'    => $dir['baseurl'] . '/lucidlms/assignment/user' . $user_ID,
                'subdir' => ''
            ) + $dir;
        }

        // Register path override
        add_filter( 'upload_dir', 'lucidlms_assignment_upload_dir' );

        $upload = wp_handle_upload($answer_file, array( 'test_form' => false ));

        // Set everything back to normal
        remove_filter( 'upload_dir', 'lucidlms_user_upload_dir' );

        if (isset($upload['error']) && $upload['error'] != 0) {

            $result['uploadError'] = sprintf(__('There was an error uploading your file. The error is: %s', 'lucidlms'), $upload['error']);

        } else {

            // Check if there is an old version of file on the server and delete it
            $existing_answer_file = get_post_meta($post_id, '_answer_file', true);
            if (! empty($existing_answer_file)) {

                global $user_ID;
                $upload_dir = wp_upload_dir();
                $existing_answer_file_name = pathinfo($existing_answer_file['file'], PATHINFO_BASENAME);
                $unlink_path = $upload_dir['basedir'] . '/lucidlms/assignment/user' . $user_ID . '/' . $existing_answer_file_name;
                unlink($unlink_path);

            }

            // Updating post meta
            update_post_meta($post_id, '_answer_file', $upload);
        }
    }
}

wp_send_json($result);

Answer 1

请阅读并理解错误消息告诉您的内容:

超过第0行的Unknown中XXXXX字节的限制

错误报告在第0行,因为它是在 PHP代码执行之前抛出的.因此,您无法更改接收PHP脚本中的行为.

正确的方法是在上传数据之前检查数据的大小(即在Javascript中).但要注意:

1. Javascript 在编码之前报告单个文件的大小--Base64编码增加了大约三分之一的开销,加上其他POST属性值和名称的空间.

2. 为post_max_size配置的值是PHP接受的最大值.Web服务器(例如apache)将接受的最大值可能更低.对于插件,最合适的解决方案可能是允许管理员配置上限.

3. 试图破坏您的安全性的人可以轻松绕过Javascript中的任何检查