Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can i prevent uploaded file from being executed?
For example, someone could upload php file and use it to hack site, i want to prevent it.
Best that way that i know is using directory permissions, and set it to 666?
Is there some htaccess magic that i can do?
You can just put a .htaccess in your upload folder with the following line :
php_flag engine offIt will disable PHP execution in this directory.
Edited to answer comments :
chmod 666does not prevent PHP execution. It simply marks files as non-executable so you can’t run them directly as scripts or binaries. PHP does not care about the permissions of the file, as long as it is readable, it will get parsed and executed by the engine.So if your server has multiple engines (PHP, Jelly, whatever) you will have to manually build a configuration file that will prevent files within a folder from being interpreted. You could make a script that would generate that file based on what engines are installed on the machine.