Posted by Jochem Maas on 09/28/92 11:34
Philip Hallstrom wrote:
>> I'm writing a content management application which saves file paths in
>> a database and allows users to search the database for those files.
>> Problem I'm having is that although the PHP script that handles the
>> database queries works fine, when the search results get to the
>> browser, all the paths are off limits.
>>
>> I can't just move the photos inside the web folder as we're talking
>> tens of thousands of images that are already organized into a folder
>> structure that must be maintained as is.
>>
>> Is there a way to allow the web page to see these photos?
>>
>> The images are stored on a Windows box and all the web server stuff is
>> on a G5 Macintosh running OS 10.4 3 (in case that has any bearing on
>> the matter).
>
>
> Depending on security issues you have two options.
>
> Put a webserver on the Windows box and modify your search results to
> link to the images using something like this:
>
> <img src="http://windowsbox/getimage.php?path=/path/to/img.jpg">
>
> Then put a "getimage.php" script on the windows box that does something
> like:
>
> <?php
> readfile($_GET[path]);
> ?>
I would just like to add that you _must_ sanitize $_GET['path'], otherwise
stuff you don't want will get read.... like a passwd file or the secret collection
of pr0n you have been hosting on the server at work ;-)
http://windowsbox/getimage.php?path=/etc/passwd">
>
> If you can't (or don't want to) put the windows box on the internet,
> then still do the above and then also do the same on the mac. Assuming
> the mac can get to the windows box. If that mac can't, then you're hosed.
>
> good luck
>
> -philip
>
[Back to original message]
|