如何在不执行它们的情况下允许将PHP文件上载到服务器
i want to make users to be able to upload PHP files and download them without executing them, i need to turn off PHP for a specific directory so it behaves as plain text.
i tried this but is it a proper solution ?
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
我想让用户能够上传PHP文件并下载它们而不执行它们,
i需要转向 关闭特定目录的PHP 所以它的行为是纯文本 strong>。 p>
我试过这个,但这是一个合适的解决方案吗? p>
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
code> pre>
div>
You can use a Proxy Script to handle this.
In your .htaccess file, you can redirect all the requests in the folder to change to this way:
http://example.com/uploads/myfilewithadminaccess.php
To
http://example.com/uploads/index.php?file=myfilewithadminaccess.php
Source of .htaccess
RewriteEngine On
RewriteRule ^([^/]*)$ ./index.php?file=$1 [L]
And in the index.php just parse the file and give the output.
Source of index.php:
<?php
header("Content-type: text/html");
$filename = (file_exists("uploads/" . $_GET["file"])) ? "uploads/" . $_GET["file"] : "error.txt";
$filecont = file_get_contents($filename);
echo htmlspecialchars($filecont);
?>
Fiddle: http://codepad.viper-7.com/68FSIU
Note: You need to sanitize the inputs before you allow URLs to pass. So, people might inject ../, etc. those should be taken care.
Hope this helps and it is perfectly fine.