我使用的上传与阿贾克斯和PHP文件的jQuery脚本。它发送一个请求到upload_a_file.php然后上传文件。
I'm using a jquery script that uploads files with ajax and PHP. It sends a request to upload_a_file.php which then uploads files.
有没有一种方法,我可以确保upload_a_file.php不直接在浏览器中加载?
Is there a way that I can make sure upload_a_file.php is not loaded directly in a browser?
我试图把upload_a_file.php上面我的public_html文件夹中。但似乎无法得到的JavaScript加载upload_a_file.php。
I tried putting upload_a_file.php above my public_html folder. But can't seem to get javascript to load upload_a_file.php.
下面是我使用的JavaScript要求upload_a_file.php的URL格式:
Here is the url format I use in the javascript to request upload_a_file.php:
../upload_a_file.php
它甚至有可能访问上面的public_html文件的JavaScript?
Is it even possible to access files above public_html with javascript?
JS不能在服务器上访问任何东西,你自己作为一个用户不能。如果文件是网站的文档根目录之外,它不是由用户访问,或通过JS。想象一下,好玩的地方网站是,如果JS能神奇地绕过访问限制的服务器上,并抓住了。 噢,我要抓住这个银行的帐户列表,但它不是在文档根目录下。还好我有Javascript中,它可以做的一切!
JS cannot access anything on a server that you yourself as a user cannot. If a file is outside of the site's document root, it is NOT accessible by a user, or by JS. Imagine the fun place the web would be if JS could magically bypass access restrictions on a server and grab any more. "Aww, I was going to grab this bank's accounts list, but it's not in the document root. Good thing I've got Javascript, it can do everything!"
这将会是像 24
,其中打补丁到子网能神奇地绕过任何防火墙,并从机器这是数据甚至没有在网上或每个情节(更好的)甚至没有通电。令人惊奇的事情,这些子网。
It'd be like every episode of 24
, where "patching into the subnet" can magically bypass any firewall and get data from machines which aren't even online or (better yet) not even powered up. Amazing things, those subnets.