访问位于服务器根目录之前/之外的文件? [英] Access a file which is located before / outside the server root directory?

问题描述

我正在为内网建立一个售后客户服务企业.员工需要能够将img文件上传到Intranet的服务器，我需要将它们存储在www之前的目录(网站的根目录)中.

I'm making an intranet for a post-sale customer service entreprise. Employee need to be able to upload img files to the intranet's server and i need to store them in a directory with is BEFORE www (the website's root directory).

使用php做到这一点非常容易，但是一旦上传这些img，如何在网站上包含这些img? 我尝试了这段代码

Doing this using php is pretty easy but how to include these imgs on the website once they're uploaded ? I tried this code

<img src="../img/img.png"/>

这不起作用，因为如果文件不在服务器的www目录之外，则无法发送文件...

This is not working because i can't send a file if it is OUTSIDE the server's www directory ...

有什么合适的方法吗?

当前树形视图:

server root directory
           |www
               |(all server files)
           |img
               |(all img files)

(服务器的index.php位于www中，文件位于img中)

(the server's index.php is located in www and the files are in img)

推荐答案

您不能直接访问Web目录之外的任何文件.由于您的问题还包括标记PHP，因此我想您可能要使用它.

You cannot directly access any file outside your web directory. As your question includes the tag PHP as well, I assume you may want to use it.

您可以执行以下操作:

在www目录中，创建一个"image.php"文件，其内容类似于:

Inside your www directory, create a "image.php" file, with a similar content to:

<?php
  header('Content-Type: image/png');
  readfile("../img/" . $_GET['img']);
?>

并使用来调用您的图片

<img src="image.php?img=myimage.png" />

请注意，您的PHP文件不是那么简单:)由于您可能想处理多种图像格式(并为其提供正确的标头)，因此请检查恶意文件的路径/包含内容(您不希望这样做).使用$ _GET而不验证/清除输入)，额外的缓存等，等等.

Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.

但是，这应该使您对如何解决问题有所了解.

But this should give you an idea on how you can target your issue.

这篇关于访问位于服务器根目录之前/之外的文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！