问题描述
我在 PHP 中使用 apache 服务器,linux 有 Web 应用程序.出于某些安全原因,我将文档和图像保留在 Web 根目录之外.当用户登录时,我如何显示这些图像.
I have web application in PHP using apache server, linux. For some security reason i am keeping the documents and images outside web root. How can i show these images, when the user login.
推荐答案
PHP 默认已经可以访问 web 根目录之外的文件,除非受到 open_basedir
指令(或安全模式,但希望你不在那个笼子里).
PHP by default can already access files outside the web root, unless restricted with an open_basedir
directive (or safe mode, but hope you're not in that cage).
在 VirtualHost 配置中插入 open_basedir
限制通常是一个好习惯.你可以指定多个目录,在 Linux 上用 :
分隔,在 Windows 上用 ;
分隔.
It's normally a good practice to insert within a VirtualHost configuration an open_basedir
restriction. You can specify multiple directories separated by :
on Linux and ;
on windows.
php_admin_value open_basedir /var/www/s/stage:/usr/share/php:/your/dir
要访问这些文件,请使用绝对路径或相对于调用的 PHP 文件位置的路径.(因此,您必须../
才能达到以上级别).
To access those files either use an absolute path or a path relative to the position of the PHP file called. (So you'll have to ../
to reach levels above).
还要确保您要写入的目录已分配给网络服务器用户并具有写入权限.
Also be sure that directories in which you want to write to are assigned to the webserver user and have write permission.
否则你有第二个选择:
在您的 www 目录中,创建一个image.php"文件,其内容类似于:
Inside your www directory, create a "image.php" file, with a similar content to:
<?php
header('Content-Type: image/png');
readfile("../img/" . $_GET['img']);
?>
并调用您的图像
<img src="image.php?img=myimage.png" />
请注意,您的 PHP 文件不应该那么简单 :) 因为您可能想要处理多种图像格式(并为它们提供正确的标题),检查恶意文件路径/包含(您不希望使用 $_GET 而不验证/清理输入),额外的缓存等等等等
Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.
但这应该能让您了解如何定位您的问题.
But this should give you an idea on how you can target your issue.
这篇关于如何在我的 php 应用程序中显示 web 根目录之外的图像?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!