使用 PHP 从外部 public_html 读取图像?
这真的很愚蠢,但我一直在尝试几十种不同的事情,但我一生都无法弄清楚我做错了什么。
我安装了 cpanel,具有通常的 public_html 目录并可以访问该目录下面的目录(将该目录称为“USER”)。我正在用图像测试一些东西。
我已将图像文件放在 public_html 之上,放入 USER 目录中。
我写了一个测试 php 脚本,只有几行:
if(is_file("../1.jpg")){
echo "<img src=\"../1.jpg\" />";
}else{
echo "not there";
}
is_file 总是可以找到该文件。还尝试了 file_exists 和 is_read,这些也都找到了该文件。
但即使脚本看到该文件,我也无法弄清楚如何将该文件输出到浏览器。或者即使可以这样做。
我已将文件的权限更改为所有可读。
我尝试过从根开始设置绝对路径。
我尝试使用 imagejpeg。
这些都不起作用。
您可能想知道为什么我不只是将图像放在 public_html 中,但这个脚本是我正在做的一个测试,因为我需要弄清楚在同一服务器上提供来自其他域/帐户的图像时可能发生什么(它是一个专用服务器)。
我可以理解,也许这是一个权限问题或其他问题 - 在这种情况下,我不明白为什么脚本可以找到该文件 - 无论如何,我可能忽略了一些非常愚蠢或基本的东西。因此,如果有人能指出我正确的方向,我将不胜感激。
非常感谢
this is really stupid, but I been trying dozens of different things and I can't for the life of me work out what I am doing wrong.
I have a cpanel installation, with the usual public_html directory and access to the directory below that (call that directory "USER"). I am testing out some things with images.
I have put an image file above the public_html, into the USER directory.
I have written a test php script which has just a few lines:
if(is_file("../1.jpg")){
echo "<img src=\"../1.jpg\" />";
}else{
echo "not there";
}
The is_file can always find the file. Also tried file_exists and is_readable, these all find the file too.
But even though the script sees the file, I can't work out how to output that file to the browser. Or even if it is possible to do it this way.
I've changed the permissions on the file to all readable.
I've tried putting an absolute path from the root.
I tried using imagejpeg.
None of these things work.
You may wonder why I don't just put the image within public_html, but this script is a test I'm doing coz I need to figure out what is possible when it comes to serving images from other domains / accounts on the same server (it is a dedicated server).
I can understand that maybe it's a permissions thing or something - in which case I don't understand why the script can find the file - well anyway I am probably overlooking something very stupid or basic. So if anyone could point me in the right direction I would appreciate it.
Many thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
那是不可能的。当您输出 img 标签时,这只是服务器上的一些文本。它被发送到浏览器,浏览器尝试获取
src="..."部分中列出的文件。这是通过 HTTP 请求完成的,因此如果图像位于文档根目录之外,则根据定义您无法直接获取文件。如果您可以简单地执行
src="../../../../picture.jpg"并获取文档根目录之外的图像,则可以获取服务器上的任何文件,包括你的配置文件,你的密码文件,等等等等。这将是一个大到足以被称为疯狂的安全漏洞。如果您想提供对文档根目录之外的文件的访问,则必须通过脚本来完成。最简单的方法是:
image.php:
并在你的 html:
还有其他更讨厌的选项,例如使用 Apache 别名指令将外部目录映射到“内部”目录,重写 url 等...但这只会使事情变得更平衡更复杂。
That cannot be done. When you output an img tag, that's simply some text on the server. It's sent to the browser and the browser is what attempts to fetch the file listed in the
src="..."portion. That's done via an HTTP request, so if the image is outside of the document root, you cannot by definition fetch the file directly.If you could simply do
src="../../../../picture.jpg"and get an image outside of the document root, you could fetch ANY file on the server, including your config files, your password files, blah blah blah. It'd be a security hole big enough to qualify as insane.if you want to provide access to a file outside of the document root, you'll have to do it via a script. The simplest method is to have:
image.php:
and in your html:
There's other nastier options, such as using Apache alias directives to map external directories into "internal" ones, rewriting urls, etc... but that just makes things even more complicated.