使用symfony安全的文件管理 [英] Secure file management with symfony
问题描述
默认情况下,symfony将文件上传到web / upload文件夹,以便任何人都可以访问该文件。我需要根据对文件的每个请求检查用户凭据。我应该怎么做?
将您的上传文件移动到您的webroot之外,如/ data / uploads。在这种情况下,您需要将其放在您的ProjectConfiguration文件中:
sfConfig :: set('sf_upload_dir'=> ; sfConfig :: get(sf_data_dir)。DIRECTORY_SEPARATOR。'uploads');
如果您始终使用sf_upload_dir指定uploads文件夹,则所有文件都将保存在该文件夹中。 / p>
解决方案的第二部分需要一个新的操作,它将获取文件名,检查用户是否可以访问它,并返回:
- 403错误
- 或文件内容通过
readfile()
在设置正确的Content-Type和Content-Lenght标题后。
By default, symfony uploades file to web/upload folder, so they are accessible for anyone. I need to check user credentials on every request to a file. How should I do this?
Move your uploads outside of your webroot, like in /data/uploads. In that case, you'll need to put this in your ProjectConfiguration file:
sfConfig::set('sf_upload_dir' => sfConfig::get("sf_data_dir") . DIRECTORY_SEPARATOR . 'uploads');
Provided that you always used sf_upload_dir to specify the uploads folder, all your files will get saved there.
The second part of the solution needs a new action, that gets a filename, checks if the user has access to it, and returns:
- either a 403 error
- or the file contents via
readfile()
, after setting the correct Content-Type and Content-Lenght headers.
这篇关于使用symfony安全的文件管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!