{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我欲成王,谁敢阻挡 的问题《Giving upload folder these permissions safe or not》','https://www.manongdao.com/q-879036.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a classifieds website with a picture script for uploading pics onto the ads.
The pics are uploaded to the "images" dir.
The php code which does this requires write access to the directory I am guessing...
So, what permissions would you set to the php upload file, and the images directory?
I am thinking like this:
drwxr-xr-x
Safe/good or not?
Thanks
ALSO, another short Q: Should I have my websites files owned by the username I have, or should I keep them owned by root?
drw-r--r-- (644). Be careful with users being able to push php/other scripting and executable files up to your server.
Be careful with users being able to push js and html files up to your website.
Owned by the username you have for your webserver. Don't make root own files it has no business owning. Root is the adminstrator, not your webserver.
Have a look in your php.ini file for
upload_tmp_dir =make a .htaccess with
to allow only this files to be uploaded. And check with php function before upload in your code.
Moving the folder outside the www-root is good to. You can make apache the owner also.
source