Originally Posted by Fou-Lu
That registers all of those file extensions as cgi-script and disables the cgi execution.
A better option would be to move files above the document root where they cannot be read directly with apache.
Well, on a related note...
Not knowing anything about server admin stuff, what would I have to do in my PHP script - and on my VPS (Linux) - to allow me to save a user uploaded picture to a directory *above* the Web Root??
Here is a snippet from my "upload.php" script which deals with this part of the entire operation...
// Create New Image.
* Takes an "Image Resource Identifier", returned by one of the image creation functions,
* such as imagecreatetruecolor(), and creates the actual GIF file in
* the name and location specified in $newFilePath.
* Returns TRUE on success or FALSE on failure.
$newPhoto = @imagegif($newTrueColorImage, $newFilePath);
$newPhoto = @imagejpeg($newTrueColorImage, $newFilePath);
$newPhoto = @imagepng($newTrueColorImage, $newFilePath);
$newPhoto = FALSE;
Is it as simple as changing things from this...
// Create New File Path.
$newFilePath = WEB_ROOT . 'uploads/' . $newFilename;
...to something like this...
// Create New File Path Outside Web Root.
$newFilePath = DIRECTORY_OUTSIDE_WEB_ROOT . 'uploads/' . $newFilename;
P.S. Are you gonna reply to my PM to you?