Home/ Questions/Q 6942543
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T13:02:04+00:00

My site uses bookmarklets to gather data from external sites, kinda like Pinterest. I’m

  • 0

My site uses bookmarklets to gather data from external sites, kinda like Pinterest. I’m concerned about security and want to move the images the bookmarklet gathers from the doc root up one level. My script has some hefty security checks in place, but I want to add this as a last line of defense.

How do I access my images within my script? Obviously using ../userimages/id/image.jpg wont work. I’m using Apache.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Proxy the image

    You would use a proxy script to feed the images through like the following example:

    // open the file in a binary mode
$name = '../userimages/id/image.jpg';
$fp = fopen($name, 'rb');

// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));

// you  may like to set some cache headers here

// dump the picture and stop the script
fpassthru($fp);
exit;

    This example is from the PHP manuals fpassthru() page. You would save this script somewhere in your servers document root/httpdocs folder.

    “Spoofing” the URL to the image

    The easiest way to give the PHP file the appearance of being an image file to a user/browser is to use Apaches mod_rewrite. Usually I use a URL structure something like this:

    http://www.example.org/image-id/image.png

    Where image-id is the unique identifier for that particular image. This way the file has the correct extensions of an image instead of .php.

    • 0