» Implementing Secure File Upload in PHP » Corpocrat Blog
Disable Script Execution with .htaccess
Just create .htaccess file with contents below and place it on the uploads folder to disable running malicious scripts.
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
Disabling executing of these files could give us an extra layer of protection.
Further if you are allowing your users only photos or picturer, you can restrict other files by placing the following code your your .htaccess file.
No comments:
Post a Comment