HTML form action using a php file outside of root directory?
I am wondering, there are a few files I have kept outside of the root directory in a different directory and I am trying to use a HTML form to post info to a php file that s
-
Make a proxy script... something which is inside the web directory, but all it does is include the appropriate "protected" file:
DOCROOT/form_handler.php
<?php include "../secret/form_handler.php";DOCROOT/form.html
... <form action="form_handler.php"> ...This is, in fact, how many sites are setup (in essence at least). It is typical to place most of your scripts outside the DOCROOT like this for in the rare case where Apache or similar does not parse your PHP (i.e. if it is misconfigured), it doesn't inadvertently send your source code.
讨论(0) -
On my website, every form I start with this code:
<form action="action" method="post"> <input type="hidden" name="i-action" value="do-whatever" />This avoids the need for multiple proxy scripts because
action.phpwill use the value of the hidden field to determine which php file should be called. Don't call the hidden fieldactionif you post the form using Ajax because it can cause a conflict. Also, I have set the.htaccessfile to remove the php extension, so you may need to add.phptoactionin your HTML code.Here is
action.php:if (!empty($_POST['i-action'])) { $action = str_replace('.', '', $_POST['i-action']); $action = str_replace('/', '', $action); if (file_exists("../secret/directory/structure/$action".'.php')) require_once("../secret/directory/structure/$action".'.php'); }I used
str_replaceto ensure hackers can't traverse to a different directory.讨论(0) -
Yes it is posible. That directory should be hosted as separate site and then you can give absolute URL of the file as form action
讨论(0) -
The file must be accesible from the web.
If "outside of Root" directory means outside of DocumentRoot, this wont be possible.You could have a basic Controller in DocumentRoot which includes or dispatchs the action.
讨论(0)
加载中...
- 热议问题