How to serve documents from outside the web root using PHP?

I think something like this would work:

<?php
$path = realpath(dirname(__FILE__) . '/../my_files/' . $_GET['file']);

$parts = explode("https://stackoverflow.com/", pathinfo($path, PATHINFO_DIRNAME));
if (end($parts) !== 'my_files') {
    // LFI attempt
    exit();
}

if (!is_file($path)) {
    // file does not exist
    exit();
}

header('Content-Type: ' . mime_content_type($path));
header('Content-Length: ' . filesize($path));

readfile($path);

More Related Contents:

How to Update one column (point) in php sql [duplicate]
Date format using dd/mm/yyyy using HTML
How verify if input is numeric
PHP Subtracting two number gives wrong values [closed]
How Can I add HTML And CSS Into PDF [closed]
How to Truncate a string in PHP to the word closest to a certain number of characters?
Getting checkbox values on submit
Does $_SERVER[‘HTTP_X_REQUESTED_WITH’] exist in PHP or not?
Best way to parse bbcode
Laravel blank white screen
Is there any way to detect strings like putjbtghguhjjjanika?
PHP UPDATE prepared statement
netbeans shows “Waiting For Connection (netbeans-xdebug)”
Converting HTML to PDF using PHP? [duplicate]
mysql_fetch_array() expects parameter 1 to be resource problem [duplicate]
PHP – split String in Key/Value pairs
Turn database result into array
What does this mean in PHP: -> or => [duplicate]
How to get file URL using Storage facade in laravel 5?
Update query with PDO and MySQL
PHP to clean-up pasted Microsoft input
Composer require local package
Calculate an IPv6 range from a CIDR prefix?
return one value from database with mysql php pdo
php send email with attachment
In PHP what does it mean by a function being binary-safe?
In PHP, how do I generate a big pseudo-random number?
Optional parameter in the middle of a route
Access object property with disallowed character in property name
Sort a multidimensional array descending by subarray count and preserve first level keys

More Related Contents:

Leave a Comment Cancel reply