tags:

views:

6033

answers:

6

Here is the directory structure /domain.com /public_html /functions /image /mobile /www

the /domain.com/public_html/www folder has a file index.php the default web directory is /user/public_html/www in the index file is an include that includes the functions with include"../functions/function.inc" this works without problem when I want to link to a picture in the image folder I don't get any results for example

Does anybody has any idea why the link to the image does not work and how to link correctly to the image file ?

I tried ../image/graphic/logo.gif" alt="alt text"/>

but that gives me the same result when I build a link around the image to get to the properties I get this as path http://domain.com/image/pc/tattoo_small/small_2008_10_22_001.JPG the path should be http://domain.com/public_html/image/pc/tattoo_small/small_2008_10_22_001.JPG when I try to browse directly to this url http://domain.com/public_html/image/pc/tattoo_small/small_2008_10_22_001.JPG I get an 404 file not found error because the default web directory is /domain.com/public_html/www I tried http://domain.com/../image/pc/tattoo_small/small_2008_10_22_001.JPG to get to the image folder but that does not help neither.

Anybody any ideas or is it impossible to html link to graphical files outside the default web directory ?

thanks for reading this far

Thanks for the answers so far. I will try to solve my problem with one of the recommended solutions and report my working solution back here. I wanted to have the image folder at the same level as the www and mobile folder because some of the images used for the pc (www) version and the mobile version are the same. Of course it is easier to just get an image folder in the www and in the mobile folder and I think that is what I am going to do.

thank you everybody for the advice. The main reason why I am not going to work with a script is that a script will be a difficult solution to an easy problem and also because I don't really see how you can wrap your image in a css class and how to provide alt text for an image.

+4  A: 

You can't serve a page that's outside of the web directory because the path doesn't work, i.e. http://mydomain.com/../page.html simply refers to an inaccessible location.

If you really want to serve (static) files that are outside the webroot, you could write a small PHP script to read them and output them. Thus you would redirect requests to the PHP script, and the PHP would read the appropriate file from disk and return it back.

JamShady
And you'd want to do that REALLY carefully or you'll introduce a massive security hole :)
Bobby Jack
+1  A: 

It's impossible to link directly to a file outside of the web-accessible area of the web server.

However, you can write a PHP script that will proxy images for you

<img src="my_php_proxy.php">

because PHP can send image data as well as HTML. This PHP "image" isn't restricted to the same folder as the web accessible stuff, it can access any readable file on the server. See http://www.electrictoolbox.com/image-headers-php/ for more info

Gareth
+2  A: 

It is not possible to directly access files outside of the webroot; this is a builtin security restriction that is there for good reason.

It is however possible to use a PHP-script to serve these images for you. This way you can call an image like:

/image.php?file=myfile.jpg

and use file_get_contents() to get the file contents and print them to your browser. You should also send the headers to the client, in this case using PHP's header() function. A short example:

<?php

    $file = $_GET['file'];
    $fileDir = '/path/to/files/';

    if (file_exists($fileDir . $file))
    {
        // Note: You should probably do some more checks 
        // on the filetype, size, etc.
        $contents = file_get_contents($fileDir . $file);

        // Note: You should probably implement some kind 
        // of check on filetype
        header('Content-type: image/jpeg');

        echo $contents;
    }

?>

Using a script to this has some more advantages:

  • You can track your downloads and implement a counter, for example
  • You can restrict files to authenticated users
  • ... etc
Aron Rotteveel
Your script has a major security hole: it should use something like $file = basename(urldecode($_GET['file'])) . Otherwise, this might work: /image.php?file=../../../../../../../../etc/passwd
Piskvor
A: 

You can either make a link to the image directory inside the public___html, move the image directory to public_html or, if you have a particular liking towards convoluted solutions, you can write a script that reads the image file and outputs it to the user (Of course, unless you make a whitelist of all the images, you might have a potential security problem in your hands).

Nouveau
+4  A: 

If you are using Apache as the server, you can set it to alias a directory in httpd.conf...

<IfModule mod_alias.c>

    Alias /images/ "/User/Public_html/Image/"

    <Directory "/User/Public_html/Image">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

</IfModule>

IIRC, the aliased folder does not need to be within the webroot.

ZombieSheep
A: 

Create symlink inside web root that points to directory you want.

cd public_html
ln -s ../images

Apache needs Options +FollowSymlinks configuration directive for this to work (you may place it in .htaccess in your web root).

Writing PHP script that serves files from outside web root defeats the purpose of web root. You'd have to verify paths very carefully to avoid exposing entire disk to the web.

porneL