How to safely prevent uploaded file from being run via PHP on any server?

后端 未结 10 2121
独厮守ぢ
独厮守ぢ 2021-02-15 13:13

I noticed that it\'s possible to run a file via PHP even if its extension wasn\'t .php, for example file test.xyz.php.whatever.zyx can be still run wit

10条回答
  •  粉色の甜心
    2021-02-15 14:12

    for uploading by users I suggest that you upload a folder in a layer above the root path in this case Only You Have Access To upload folder( In direct addressing) and an attacker have not access to any files in this folder Thus you disable an attacker action to run malicious file

提交回复
热议问题