0
    uploading web file outside doc-root issues

    I uploaded my file oustside the root directory while leaving
    only index.php in the public_html

    here is my directory structure


    /home/user
    /myweb_application ----> my uploaded files
    /access_log 
    /etc 
    /mail 
    /public_htm 
    /public_ftp 
    /tmp 
    /www 

    Here is how i configured it

    1: inside /public_html I have index.php with the content as follow

    <?php
    require '../myweb_application/web_index.php';
    ?>

    2: Inside /myweb_application i created 2 files for testing along with web_index.php making it 3 php files

    web_index.php


    <html><body>

    <li> <a href="test1.php">Connect test1</a><br><br>
    </li>

    <li> <a href="test2.php">Connect test2</a><br><br>
    </li> 


    </ul>
    </body></html>



    test1.php

    <html>
    I am test 1
    </html>


    test2.php


    <html>
    I am test 2
    </html>




    Finally, the directory becomes

    /home/user
       /myweb_application ----> my uploaded files
          web_index.php
           test1.php
           test2.php

      /access_log 
      /etc 
      /mail 
      /public_htm 
           index.php

      /public_ftp 
      /tmp 
      /www 



    when i load the page as http://example.com
    index.php loads web_index.php from outside the root


    Look at my problem now

    when i click on link CONNECT TEST1 of test1.php from web_index.php it says


    The requested URL /test1.php was not found on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


    what could be the problem. is it because test1.php, test2.php is outside the root. 
    can anyone help me 
2
Contributors
1
Reply
9
Views
3 Years
Discussion Span
Last Post by hag++
0

The problem is here:

when i click on link CONNECT TEST1 of test1.php from web_index.php it says
The requested URL /test1.php was not found on this server.

In a directory sense you are not in the myweb_application directory. When you go to http://example.com and the index.php file is called, it loads web_index.php via a require/include statement. That does not change the current working directory. You're document root is still set to public_htm.

In order to get index1.php you need to call index1.php from the index.php script. You will probably want to do this via URL params but be warned, do not just pass a url parameter directly into an include/require statement. That is a huge security risk. What you need to do is have a whitelist of available param options. If the params passed in do not match the whitelist then reject it.

Something like this would work:
http://example.com/index.php?action=someActionHere

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.