我怎样才能给下载的文件访问public_html目录之外？

本文介绍了我怎样才能给下载的文件访问public_html目录之外？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我的的public_html文件夹外存储为安全起见文件。不过，我想以某种方式链接到特定的文件，其中用户可以下载这些文件中的一个。

I have files stored outside the public_html folder for security purposes. However, I would like to link to specific files somehow where a user could download one of these files.

我使用的是jQuery脚本，让我到指定服务器路径作为上传的文件夹，它并上传的public_html文件夹之外。

I am using a jquery script that allows me to specify a server PATH as an upload folder, and it does upload outside the public_html folder.

唯一的问题是它需要我指定的URL这是用来下载的文件的上传路径。我想我也许可以是这样的：

The only problem is it requires me to specify a URL to the "upload path" which is used to download the files. I thought I might be able to something like:

public_html/redirect (contains htaccess which forwards all requests to "hiding" folder)

hiding (outside public_html)

A user clicks /redirect/file.doc and they download a file located at hiding/file.doc

这可能吗？如果没有，我怎么可以给特定的文件下载文件访问我的public_html目录之外？我知道我已经看到过...它做对其他脚本

Is this possible? If not, how can I give specific file download access to files outside of my public_html directory? I know I've seen it done on other scripts before...

You can do this with "php download handler":

You can use method like this one to return file contents and file information headers to users browser, just make sure that nothing else is outputted before this.

我建议你把这个单独的文件和调用，例如的download.php 。

I suggest that you put this to separate file and call that for example download.php.

function returnFile( $filename ) {
    // Check if file exists, if it is not here return false:
    if ( !file_exists( $filename )) return false;
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    // Suggest better filename for browser to use when saving file:
    header('Content-Disposition: attachment; filename='.basename($filename));
    header('Content-Transfer-Encoding: binary');
    // Caching headers:
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    // This should be set:
    header('Content-Length: ' . filesize($filename));
    // Clean output buffer without sending it, alternatively you can do ob_end_clean(); to also turn off buffering.
    ob_clean();
    // And flush buffers, don't know actually why but php manual seems recommending it:
    flush();
    // Read file and output it's contents:
    readfile( $filename );
    // You need to exit after that or at least make sure that anything other is not echoed out:
    exit;
}

扩展它的基本用途：

// Added to download.php
if (isset($_GET['file'])) {
    $filename = '/home/username/public_files/'.$_GET['file'];
    returnFile( $filename );
}

警告：

这是基本的例子，并没有考虑到用户可能会尝试采取 $的一些邪恶的优点_ GET 未正确过滤。

这基本上意味着该用户可以例如，如果某些条件适用检索 passwd文件文件或其他敏感信息。

This means basically that user can for example retrieve passwd file or some other sensitive information if certain conditions apply.

例如，检索 / etc / passwd文件：

只需指向浏览器 http://server.com/download.php?file=../../../etc/passwd 和服务器回报文件。所以真正使用之前，你应该了解如何正确检查和消毒任何用户提供的参数。

Just point browser to http://server.com/download.php?file=../../../etc/passwd and server returns that file. So before real use you should find out how to properly check and sanitize any user supplied arguments.

这篇关于我怎样才能给下载的文件访问public_html目录之外？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！