Reputation: 12955
Unable to save file above web root?
I am trying to save a user uploaded file below web root, to prevent it from being retrieved without permission or direct linked to.
The upload works perfectly when saving to a folder which is below web root.
For instance, the page is served from D:\xampp\htdocs\foo\, and the script runs at D:\xampp\htdocs\foo\library\. When I save to ../../uploads/ the page resolves to http://my.local/uploads/image.jpg.
When I save to $_SERVER['document_root'] . '../uploads/', however, the upload fails and no file is located at D:\xamp\htdocs\uploads, although I have verified that the path is resolving to the correct location in the script, and that the folders exist and have read/write/execute.
My local dev environment is windows based, but my production server will be a linux server.
Upvotes: 0
Views: 620
Answers (5)
Reputation: 12955
So, in actuality, the upload script that I found on the web had is not using the a variable which it purports to be using, which is why I received no error error message. Turns out the files were being saved, just to a different directory. I had to tweak the code in a few places but it runs now. Thanks.
Upvotes: 0
Reputation: 719
you say When I save to $_SERVER['document_root'] . '.../uploads/',
but I notice several things in there
1. you have three dots before /uploads and that won't resolve properly
2. you are using a mixture of windows ....\ notation and linux notation ../../ which might confuse xamp
3. if $_SERVER['document_root'] is D:\xamp\htdocs\
then $_SERVER['document_root'] . '..\uploads\' is D:\xamp\uploads
not D:\xamp\htdocs\uploads
since you don't say exactly what $_SERVER['document_root'] refers to I can't be sure.
Upvotes: 0
Reputation: 2424
A better solution might be to store it in a folder, withint your web root, that doesn't have world read permissions. This would prevent access in much the same way as you require.
Upvotes: -1
Reputation: 27478
Excellent news, Apache is saving you from a world of grief and pain!
Imagine if I renamed reallybad.exe to svchost.exe and uploaded it to C:\WINDOWS\system32\svchost.exe
You can achieve this by putting a symbolic link from a folder in your web directory to your desired directory.
Upvotes: 2
Reputation: 157872
It seems there are tons of typos in your code.
$_SERVER['DOCUMENT_ROOT']not$_SERVER['document_root']../uploads/not.../uploads/- who knows what else
There are some rules to follow.
- always have your
error reportingat E_ALL - always have
display_errorson on the development server - always pay attention to every error message you see.
and you'll be able yo solve most of the problems yourself
however, if you still can't - there are some other rules
- ALWAYS post the exact real code, not some stub you wrote in hurry. It just makes no sense to ask people to find an error not in the code you running! You're just wasting other people's time.
- Always post the error message. Programming is an exact science. To solve a problem, a programmer have to read the meaning of the error message and take sensible action. Not guessing of the reasons and take random actions.
Upvotes: 2
Related Questions
- Saving file to a different directory in php
- PHP doesn't save to files
- permission denied writing a file on a server
- Uploaded file is not saved in folder
- Unable to save a file due to file permissions
- PHP file doesn't write to current directory?
- php not writing files to subfolder but will to the webroot
- php apache root write permission
- Error on file saving
- PHP write outside document root