By default (and as far as I know this can't be changed) files are uploaded to /assets at all times and folders beneath assets. I have a secure set of files that need to be uploaded, as I can't find a way to change where they are uploaded to, I figured on after write I could try and move the file to a secure directory. I have tried using
move_uploaded_file($file->Name, '\/secret\/');
to move the file to a root folder called 'secret' but this doesn't seem to change anything. Perhaps I am doing something wrong on that behalf or it just doesn't work. If anyone has done this before or knows how, I would appreciate any help I can get. Thanks.
In SilverStripe it is not currently possible to move a CMS controlled file or folder outside of the assets folder.
An alternative is to use the Secure Assets module to add access restrictions to folders that mirror the access restrictions of SiteTree pages.
Once this module is installed you can change the permissions of your secure folder so that only certain logged in users can access the folder and the files in it.
Related
I have an external PHP placed in a plugin which must work in all Wordpress configurations. Including those where the plugin folder has been moved outside Wordpress root.
The external PHP needs to bootstrap wp-load.php and thus need to know the location of that file. The location of the file is passed through the querystring (relative location from plugin folder to Wordpress root), which is obviously unsafe. If a hacker somehow has gained access to upload php files (wp-load.php) to for example wp-content, she will be able to run a malicious wp-load.php through the external script.
The external PHP is "called" by way of a RewriteRule in an .htaccess (which I have control of). On Apache I can block direct access, but not on Nginx.
As the purpose is to load Wordpress, note that using Wordpress functions is out of the question.
I am thinking that perhaps some secret or hash can be passed to the script from the .htaccess.
To validate that the root looks real, the .htaccess in the root could be examined.
With control over the .htaccess, you could put any comment into the .htaccess. To decide whether to accept a proposed root folder, the script can look for a .htaccess in that folder, read it, and see if it contains the magic comment.
To exploit this, the hacker would need to be able to store a file named ".htaccess" as well as "wp-load.php".
The solution could be improved by inserting a hash of something in the magic comment (but hash of what?)
To avoid running a php located in ie "/var/www/example.com/wp-content/uploads/wp-load.php", you could check if any of the parent folders contains "wp-load.php" and exit if they do.
This protection can unfortunately not stand by itself as it will not protect installations where the wp-content folder has been moved out of the root. But it will shield typical installations against running a malicious "wp-load" which has been uploaded in a subfolder.
The plugin could try to create a symlinked folder in the plugins folder, linking to root. Or it could create a php file there, which defines the path to root. It will only be necessary when system is detected as Nginx.
The uploads folder will be write protected on many systems. Instruction needs to be provided for creating such file manually. In this case, this is not a deal breaker as users on Nginx already need to insert the rewrite rules manually.
So I created a couple of directories and files with FTP, thus the owner is the username I use to login to the server. Now I'd like to allow users of the website to upload images to those directories. Unfortunately for the website to store images, it should be owned by Apache. How can I fix this? I've been reading around on this but can't directly find an answer.
I don't have SSH, so I guess all command-line-things are not applicable for me.
Edit
I tried to then make the folders again using apache, but now ofcourse I can't write any files using ftp into those directories.
Provided that at least the one directory is writeable by the apache user (lets call this directory 'writeabledir', it may be your root dir '/'), you must delete the folders you created via ftp and create a php script to create the directories you need.
If for example you want a directory called users and inside it another directory called upload
Create file makedirs.php on your server.
<?php
$oldumask = umask(0);
mkdir("writeabledir/users/upload",0777,true); // or even 01777 so you get the sticky bit set
umask($oldumask);
?>
Now run your makedirs.php once, by calling your.serv.er/makedirs.php on your browser
EDIT:
If you don't want to delete and recreate your directories,you could always try to change file permissions from ftp.
For exampe with FileZilla, just right click on the desired folder and set permissions to 777. If your ftp user does not have permission to do this, then there is no other way, except from asking an administrator to do this for you.
EDIT2:
Added umask to ensure that folders created by apache are writeable by everyone. (taken from http://us3.php.net/manual/en/function.mkdir.php#1207 )
Friend looks I work in php, some versions change the way of solution, however the most common is already that you want to store it would be necessary to create a database and import it to esu code that also serves to some images you want to come place, plus the wisest thing to do and you create a database with the fields necessary for its realization, import, put in a file directory of your schedule, you also advise using aptana Studio 3 greatly facilitates the creation of codes among many things and low xampp it already comes with apache integrated in one place will help you a lot any questions on installation just look at youtube he will describe
In CI user guide there is such line:
You'll need a destination folder for your uploaded images. Create a
folder at the root of your CodeIgniter installation called uploads and
set its file permissions to 777.
How secure is it when I am developing real web application? For example: social network and I want to upload user's profile pictures. I think I will have privacy problems when user's will want to upload private pictures.
depending on the level of security you want, 777 might not be the best option (it's the simplest). The user the webserver runs as much have rwx to the folder, and if you want to be truly secure, the folder should not be under your webroot.
That means, if the web files are in /home/mysite/ ( eg /home/mysite/index.html maps to http://mydomain.com/index.html ) then the upload folder should be /home/uploads .
You application can use code to access the files via the system path ( /home/uploads ) but noone from the internet can directly access it that way.
Alternatively, if you cannot do the above ( eg because you're on a shared host ) you can use .htaccess (placed in the upload folder) for the same effect, by placing these rules :
Deny from all
Options None
Options +FollowSymLinks
( note that again, your app will need to use the system path, since Apache wont be able to serve these files directly ).
You could also use .htaccess to deny access to folders except those that you permit. At least I did same with mine and directories that are not listed for access in the .htaccess are not available to users.
Another safe way is to use a folder outside /public_html/
Directories outside this folder can hardly be accessed externally.
GoDaddy does not a give FTP root access to my account, meaning I can only access the public_html folder and not the includes folder.
Is there any way I can include the config files in that public folder but somehow make it so only the server can access them in a secure way? How does Wordpress do it?
You could use a .htaccess file to restrict Website Access.
Take a look of this article.
just make sure they have a .php extension.
(and actually contain PHP code of course)
Wordpress keeps the config file in the main folder. Just make sure you have a .php extension and you dont echo anything from that. (I know you wont.)
People really cant get the details inside your php file unless you echo something, or the chmod of the file is set wrong so that people may be able to actually download the file.
As xdazz said, you can also restrict access to your config files, but I think its just for MORE protection, and you are still safe without that.
I have a script that allows only authorised users to upload files to a certain folder.
However I do not know how to prevent people from downloading freely without login.
I need the solution in php.
I have googled around but nothing straight forward as yet.
Currently in my document root I have a folder called admin and a subfolder called uploads inside the admin. So only admin role can upload. Both editor and admin can download. What should I do in this case?
Please advise.
Put the files somewhere outside the public webroot directory, or configure your server to not serve the files. As long as your server will happily serve everything with a valid URL, there's nothing you can do with PHP to prevent that.
If your files are in the /public_html/ folder, take them out of that folder and place them in e.g. /secret_files/, so your directory structure looks something like this:
public_html/
index.html
admin/
admin_index.php
secret_files/
my_secret_file.txt
The webserver is only configured to serve files in the /public_html/ directory, so nobody will have access to directories outside (technical term above) it.
To still enable somebody to download those files, do as cletus suggests and use readfile to "manually serve" the files via a PHP script. PHP will still have access to these other parts of the file system, so you can use it as a gatekeeper.
Don't store the files in a directory under the document root.
Instead move them somewhere else and then a PHP script can programmatically determine if someone can download them and then use readfile() or something similar to stream them to the user.
You could also configure the Web server to not serve files from this directory but then you need PHP to serve them anyway. It's cleaner simply not to put them under the document root.
Answering question on how to password protect with PHP:
This should solve your problem.