Home/ Questions/Q 9151641
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T11:51:08+00:00

I have a file sharing website in the making where I am allowing the

  • 0

I have a file sharing website in the making where I am allowing the visual and function part of pages work. This runs into a problem when I want to allow server side scripting like php pages to be uploaded. This php (etc.) page could easily back link and delete files which I obviously would not want. I have changed the permissions many times to test but this also stops my php files from uploading and renaming files to these folders. I do want to allow these file types but im not sure what I can do.

I was thinking I could do this through .htaccess but I wouldn’t know how.

Any suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I understand correctly from reading comments:

    You want users to be able to upload any file. Including code. Including .php, .asp etc.
    You want the users to be able to execute this code, but to limit the code to a “sandbox” environment.

    Seems to me you should write your files to a specific location, which has its own document root/vhost (http://exec.domain.tld).

    On that vhost you could set security, ie:

    AllowOverride None # disable rewriting and such
php value disable_functions dl,exec,passthru,system,shell_exec,popen # disable functions

    And to top it off (!important) set basedir restrictions to the vhosts document root

    <Directory /srv/www/exec.domain.tld/docroot>
  php_admin_value open_basedir /srv/www/exec.domain.tld/docroot 
</Directory>

    I haven’t actually set up this environment, but I feel this is your best starting point. And I do think it’ll work, if you fix the typo’s/parameter name errors i might have made 🙂

    • 0