![]() |
Can CI access directories above webroot ? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Can CI access directories above webroot ? (/showthread.php?tid=8796) |
Can CI access directories above webroot ? - El Forum - 05-31-2008 [eluser]charlie spider[/eluser] Proponents of maximum site security recommend placing any directories that you wish to save uploaded files to above the web root. So for instance, I am running XAMPP on my local system, and in order to follow these recommendations I would like to have a directory named "file_uploads" above the "htdocs" directory where I place the files for any site that is being worked on, like this: -xampp --apache --cgi-bin --file_uploads --htdocs ---website_being_worked_on ---another_website_being_worked_on --perl --php --tmp --etc So let's say I'm working on a "website_being_worked_on", and I want to display an image, how do I access the directory "file_uploads" from my view file ??? I've tried ../file_uploads/image.jpg ../../file_uploads/image.jpg ../../../file_uploads/image.jpg ../../../../file_uploads/image.jpg etc, etc and none of them have worked ? Is this a CI issue or something to do with PHP itself ? Can CI access directories above webroot ? - El Forum - 05-31-2008 [eluser]charlie spider[/eluser] How would I edit my htaccess to allow access to folders above the web root ? This is my current htaccess: Code: RewriteEngine on Can CI access directories above webroot ? - El Forum - 06-01-2008 [eluser]Rick Jolly[/eluser] You can't directly access files outside the web root. That's the point in putting files there. You have to write a script to serve the images. So instead of linking directly to your images in your view, you link to a script passing the image file name as a parameter. In the script, you could serve the image using readfile($filepath) or something. Be aware of the security implications. If you are going to serve the uploaded images to anyone, then there isn't a reason to store them outside the web root. However, if you want to conditionally allow access to logged in users, a certain ip, or whatever, then it's a good approach. |