anon
Reputation:
How Can I Allow Uploading PHP Files to the Server Without Executing Them
i want to make users to be able to upload PHP files and download them without executing them, i need to turn off PHP for a specific directory so it behaves as plain text.
i tried this but is it a proper solution ?
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
Upvotes: 3
Views: 215
Answers (1)
Praveen Kumar Purushothaman
Reputation: 167192
You can use a Proxy Script to handle this.
In your .htaccess file, you can redirect all the requests in the folder to change to this way:
http://example.com/uploads/myfilewithadminaccess.php
To
http://example.com/uploads/index.php?file=myfilewithadminaccess.php
Source of .htaccess
RewriteEngine On
RewriteRule ^([^/]*)$ ./index.php?file=$1 [L]
And in the index.php just parse the file and give the output.
Source of index.php:
<?php
header("Content-type: text/html");
$filename = (file_exists("uploads/" . $_GET["file"])) ? "uploads/" . $_GET["file"] : "error.txt";
$filecont = file_get_contents($filename);
echo htmlspecialchars($filecont);
?>
Fiddle: http://codepad.viper-7.com/68FSIU
Note: You need to sanitize the inputs before you allow URLs to pass. So, people might inject ../, etc. those should be taken care.
Hope this helps and it is perfectly fine.
Upvotes: 2
Related Questions
- PHP file manager upload / block PHP files
- How can I host PHP files on Apache without executing?
- prevent upload php script to be executed
- Block upload of executable images (PHP)
- Allow upload of PHP file
- Prevent upload shell files. php
- How to safely prevent uploaded file from being run via PHP on any server?
- Prevent execution of uploaded php files?
- How to prevent php from uploading files:
- How to handle upload of .php files without possibility of executing them?