Welcome Guest, Not a member yet? Register   Sign In
Can CI access directories above webroot ?
#1

[eluser]charlie spider[/eluser]
Proponents of maximum site security recommend placing any directories that you wish to save uploaded files to above the web root.

So for instance, I am running XAMPP on my local system, and in order to follow these recommendations I would like to have a directory named "file_uploads" above the "htdocs" directory where I place the files for any site that is being worked on, like this:

-xampp
--apache
--cgi-bin
--file_uploads
--htdocs
---website_being_worked_on
---another_website_being_worked_on
--perl
--php
--tmp
--etc

So let's say I'm working on a "website_being_worked_on", and I want to display an image, how do I access the directory "file_uploads" from my view file ???

I've tried
../file_uploads/image.jpg
../../file_uploads/image.jpg
../../../file_uploads/image.jpg
../../../../file_uploads/image.jpg
etc, etc
and none of them have worked ?

Is this a CI issue or something to do with PHP itself ?
#2

[eluser]charlie spider[/eluser]
How would I edit my htaccess to allow access to folders above the web root ?


This is my current htaccess:

Code:
RewriteEngine on
RewriteCond $1 !^(index\.php|images|includes|javascript|style|uploads|flash|robots\.txt|favicon\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]
#3

[eluser]Rick Jolly[/eluser]
You can't directly access files outside the web root. That's the point in putting files there. You have to write a script to serve the images. So instead of linking directly to your images in your view, you link to a script passing the image file name as a parameter. In the script, you could serve the image using readfile($filepath) or something. Be aware of the security implications.

If you are going to serve the uploaded images to anyone, then there isn't a reason to store them outside the web root. However, if you want to conditionally allow access to logged in users, a certain ip, or whatever, then it's a good approach.




Theme © iAndrew 2016 - Forum software by © MyBB