I’m using a jquery script that uploads files with ajax and PHP. It sends a request to upload_a_file.php which then uploads files.
Is there a way that I can make sure upload_a_file.php is not loaded directly in a browser?
I tried putting upload_a_file.php above my public_html folder. But can’t seem to get javascript to load upload_a_file.php.
Here is the url format I use in the javascript to request upload_a_file.php:
../upload_a_file.php
Is it even possible to access files above public_html with javascript?
JS cannot access anything on a server that you yourself as a user cannot. If a file is outside of the site’s document root, it is NOT accessible by a user, or by JS. Imagine the fun place the web would be if JS could magically bypass access restrictions on a server and grab any more. “Aww, I was going to grab this bank’s accounts list, but it’s not in the document root. Good thing I’ve got Javascript, it can do everything!”
It’d be like every episode of
24, where “patching into the subnet” can magically bypass any firewall and get data from machines which aren’t even online or (better yet) not even powered up. Amazing things, those subnets.