: How do I save user uploaded files outside of the web folder but use them on my page? I have read that one of the best things to do for security with user uploaded files is to store them
I have read that one of the best things to do for security with user uploaded files is to store them outside of the web folder, as there is very little you can do to ensure that that jpg image the user is uploading is really an upload (MIME can be faked, etc.)
I have not seen a good tutorial on how to achieve this objective, however. I have managed hosting on a linux box, and my web folder is /public_html/, so how can I save files to /useruploads/ but still serve up the files using PHP/html?
More posts by @BetL925
1 Comments
Sorted by latest first Latest Oldest Best
Put the files outside of the webroot. Then using PHP pass the file though a script.
Sample PHP:
<?php
$file = '/full/path/to/useruploads/secret.pdf';
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
?>
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.