dpxua26604 2010-11-18 17:37
浏览 15

使用symfony保护文件管理

By default, symfony uploades file to web/upload folder, so they are accessible for anyone. I need to check user credentials on every request to a file. How should I do this?

  • 写回答

1条回答 默认 最新

  • douyin8623 2010-11-18 19:20
    关注

    Move your uploads outside of your webroot, like in /data/uploads. In that case, you'll need to put this in your ProjectConfiguration file:

    sfConfig::set('sf_upload_dir' => sfConfig::get("sf_data_dir") . DIRECTORY_SEPARATOR . 'uploads');

    Provided that you always used sf_upload_dir to specify the uploads folder, all your files will get saved there.

    The second part of the solution needs a new action, that gets a filename, checks if the user has access to it, and returns:

    • either a 403 error
    • or the file contents via readfile(), after setting the correct Content-Type and Content-Lenght headers.
    评论

报告相同问题?

悬赏问题

  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 Macbookpro 连接热点正常上网,连接不了Wi-Fi。
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 linux驱动,linux应用,多线程
  • ¥20 我要一个分身加定位两个功能的安卓app
  • ¥15 基于FOC驱动器,如何实现卡丁车下坡无阻力的遛坡的效果
  • ¥15 IAR程序莫名变量多重定义
  • ¥15 (标签-UDP|关键词-client)
  • ¥15 关于库卡officelite无法与虚拟机通讯的问题