How to safely prevent uploaded file from being run via PHP on any server?

Question

I noticed that it\'s possible to run a file via PHP even if its extension wasn\'t .php, for example file test.xyz.php.whatever.zyx can be still run wit

Answer 1

this is not really good answer but hope useful in some special cases ...

you can use mod_rewrite in .htaccess file like this :

RewriteRule ^(.+).xyz.php.whatever.zyx$ index.php?openfile=$1 [NC,L]

and inside your index.php file :

$file = secure_this_string($_GET['openfile']);
include($file.'.xyz.php.whatever.zyx');  # or some other files

remember to see this answer for security reasons StackOverFlow

and in test.xyz.php.whatever.zyx file :

now if client requests /test.xyz.php.whatever.zyx file , out put should be 'hello'