Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,098
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Stop some scripts from running?

    I am working on a PHP script which allows users to upload their photo.

    In the PHP Manual, someone made the following vague suggestion...

    http://www.php.net/manual/en/functio...oaded-file.php

    You can use .htaccess to stop working some scripts as in example php file in your upload path.

    use :

    AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
    Options -ExecCGI

    Any idea what this person is recommending?

    Sincerely,


    Debbie

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    That registers all of those file extensions as cgi-script and disables the cgi execution.
    A better option would be to move files above the document root where they cannot be read directly with apache.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,098
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    That registers all of those file extensions as cgi-script and disables the cgi execution.
    A better option would be to move files above the document root where they cannot be read directly with apache.
    Well, on a related note...

    Not knowing anything about server admin stuff, what would I have to do in my PHP script - and on my VPS (Linux) - to allow me to save a user uploaded picture to a directory *above* the Web Root??

    Here is a snippet from my "upload.php" script which deals with this part of the entire operation...

    PHP Code:
        // Create New Image.

        /* imagegif
         *
         * Takes an "Image Resource Identifier", returned by one of the image creation functions,
         * such as imagecreatetruecolor(), and creates the actual GIF file in
         * the name and location specified in $newFilePath.
         *
         * Returns TRUE on success or FALSE on failure.
         */

        
    switch ($imageType){
            case 
    IMAGETYPE_GIF:
                
    $newPhoto = @imagegif($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_JPEG:
                
    $newPhoto = @imagejpeg($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_PNG:
                
    $newPhoto = @imagepng($newTrueColorImage$newFilePath);
                break;

            default:
                
    $newPhoto FALSE;
        } 

    Is it as simple as changing things from this...
    PHP Code:
        // Create New File Path.
        
    $newFilePath WEB_ROOT 'uploads/' $newFilename

    ...to something like this...
    PHP Code:
        // Create New File Path Outside Web Root.
        
    $newFilePath DIRECTORY_OUTSIDE_WEB_ROOT 'uploads/' $newFilename
    Sincerely,


    Debbie

    P.S. Are you gonna reply to my PM to you?

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Yep, it would be pretty much just that. So long as $newFilePath is the path you are writing to, which appears to be exactly that.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,098
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Yep, it would be pretty much just that. So long as $newFilePath is the path you are writing to, which appears to be exactly that.
    But wouldn't I have to change some settings on the Linux server, or in Apache, or in the PHP.ini file, or even in my PHP script to make sure my script at...

    Code:
    WEB_ROOT/upload.php

    ...could Read and Write files to...

    Code:
    DIRECTORY_OUTSIDE_WEB_ROOT/photos/

    Sincerely,


    Debbie

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Yep, you may need to change the mode on a directory above. The point is to remove the execution privilege from a directory above the document root. If its above the document root, than Apache should not execute it directly, and you would use PHP to read the directory and serve the images. This way if someone masquerades an executable as a jpeg, the worst case scenario is a garbled image.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •