I am trying to save a user uploaded file below web root, to prevent

Question

0

Asked: May 30, 20262026-05-30T18:10:18+00:00 2026-05-30T18:10:18+00:00

I am trying to save a user uploaded file below web root, to prevent

0

I am trying to save a user uploaded file below web root, to prevent it from being retrieved without permission or direct linked to.

The upload works perfectly when saving to a folder which is below web root.

For instance, the page is served from D:\xampp\htdocs\foo\, and the script runs at D:\xampp\htdocs\foo\library\. When I save to ../../uploads/ the page resolves to http://my.local/uploads/image.jpg.

When I save to $_SERVER['document_root'] . '../uploads/', however, the upload fails and no file is located at D:\xamp\htdocs\uploads, although I have verified that the path is resolving to the correct location in the script, and that the folders exist and have read/write/execute.

My local dev environment is windows based, but my production server will be a linux server.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T18:10:19+00:00

Editorial Team

2026-05-30T18:10:19+00:00Added an answer on May 30, 2026 at 6:10 pm

Excellent news, Apache is saving you from a world of grief and pain!

Imagine if I renamed reallybad.exe to svchost.exe and uploaded it to C:\WINDOWS\system32\svchost.exe

You can achieve this by putting a symbolic link from a folder in your web directory to your desired directory.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to save a user uploaded file below web root, to prevent

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply