Issue
To keep things short, I'm making a very simple file uploading script. What I need to do, is take the file that was just uploaded, save it to the directory that is specified, and make the file read only/non executable. Why? Well, if somebody were to upload a PHP script to show somebody, the script wouldn't be allowed to run, instead, it would just show the actual text of the file.
I've been trying to do this with chmod(), but nothing has worked.
$target_directory = "./" . $_POST["directory"] . "/"; // The target directory to put the file.
$file_name = $_FILES["file"]["name"]; // The name of the file being uploaded (Example: file.ext)
$target_file = $target_directory . $file_name; // The more compiled target file/location. (Example: /folder/file.ext)
if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {
echo "The file was uploaded. at <a href='" .$target_file ."'>".$target_file ."</a>";
chmod($target_file, 0644);
What kind of code would I need to write to make chmod()
work, or to set the directory/file to not execute?
Solution
I fixed it myself, using .htaccess
.
By using php_flag engine off
to turn off PHP processing, and ForceType text/plain
to force the server to serve .php files as if it was a text document.
Answered By - Pips Answer Checked By - Marie Seifert (WPSolving Admin)