访问位于服务器根目录之前/之外的文件? [英] Access a file which is located before / outside the server root directory?
问题描述
我正在为内网建立一个售后客户服务企业.员工需要能够将img文件上传到Intranet的服务器,我需要将它们存储在www
之前的目录(网站的根目录)中.
I'm making an intranet for a post-sale customer service entreprise. Employee need to be able to upload img files to the intranet's server and i need to store them in a directory with is BEFORE www
(the website's root directory).
使用php做到这一点非常容易,但是一旦上传这些img,如何在网站上包含这些img? 我尝试了这段代码
Doing this using php is pretty easy but how to include these imgs on the website once they're uploaded ? I tried this code
<img src="../img/img.png"/>
这不起作用,因为如果文件不在服务器的www
目录之外,则无法发送文件...
This is not working because i can't send a file if it is OUTSIDE the server's www
directory ...
有什么合适的方法吗?
当前树形视图:
server root directory
|www
|(all server files)
|img
|(all img files)
(服务器的index.php位于www
中,文件位于img
中)
(the server's index.php is located in www
and the files are in img
)
推荐答案
您不能直接访问Web目录之外的任何文件.由于您的问题还包括标记PHP,因此我想您可能要使用它.
You cannot directly access any file outside your web directory. As your question includes the tag PHP as well, I assume you may want to use it.
您可以执行以下操作:
在www目录中,创建一个"image.php"文件,其内容类似于:
Inside your www directory, create a "image.php" file, with a similar content to:
<?php
header('Content-Type: image/png');
readfile("../img/" . $_GET['img']);
?>
并使用来调用您的图片
<img src="image.php?img=myimage.png" />
请注意,您的PHP文件不是那么简单:)由于您可能想处理多种图像格式(并为其提供正确的标头),因此请检查恶意文件的路径/包含内容(您不希望这样做).使用$ _GET而不验证/清除输入),额外的缓存等,等等.
Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.
但是,这应该使您对如何解决问题有所了解.
But this should give you an idea on how you can target your issue.
这篇关于访问位于服务器根目录之前/之外的文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!