i want to make users to be able to upload PHP files and download them without executing them, i need to turn off PHP for a specific directory so it behaves as plain text.
i tried this but is it a proper solution ?
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
分享 In your .htaccess file, you can redirect all the requests in the folder to change to this way:
http://example.com/uploads/myfilewithadminaccess.php
To
http://example.com/uploads/index.php?file=myfilewithadminaccess.php
.htaccess
RewriteEngine On
RewriteRule ^([^/]*)$ ./index.php?file=$1 [L]
And in the index.php just parse the file and give the output.
index.php:<?php
header("Content-type: text/html");
$filename = (file_exists("uploads/" . $_GET["file"])) ? "uploads/" . $_GET["file"] : "error.txt";
$filecont = file_get_contents($filename);
echo htmlspecialchars($filecont);
?>
Note: You need to sanitize the inputs before you allow URLs to pass. So, people might inject ../, etc. those should be taken care.
Hope this helps and it is perfectly fine.
分享
