Open catharsis71 opened 1 year ago
@catharsis71 Why is .htaccess
needed in tmp
?
If you want to hide files with the extension .dat
, there is already a .htaccess file with that description in the upper directory.
<files ~ "(^config\.php$|\.(ini|log|dat|json)$)">
order allow,deny
deny from all
</files>
If you want to control something other than .dat
files, could you tell me how you wanted to set it up?
Or is the .dat
file control not working?
It's technically possible to modify potiboard.php
so that it doesn't delete the .htaccess
in the tmp
directory, but I'd like to understand why this is necessary before proceeding.
thank you.
I use .htaccess in different directories for various purposes but in this specific case I use Options +Indexes
because I want directory listing to be enabled in that directory. I use the same .htaccess file in /tmp/, /src/, and /thumb/ because I want directory listing enabled for all of them however the .htaccess file in /tmp/ keeps getting deleted
Supported in v5.28.0. .htaccess files are not deleted.
sorry.
It is not supported from the viewpoint of unauthorized upload prevention of .htaccess
file.
Various files are temporarily uploaded to the tmp
directory.
Malicious files are checked. For example, check the file extension and file format. But I don't know what kind of illegal upload methods are there.
The src
directory, like the tmp
directory, is also where uploaded files are stored, so you can't program it to expect .htaccess
files to be placed there.
I don't want to put a .htaccess file somewhere where files are uploaded. This is because unapproved .htaccess files can be used for redirection.
https://github.com/satopian/poti-kaini-EN/commit/ba838df492cf3cbdf77b283751b753dfb2c01ee6
function deltemp(){
$handle = opendir(TEMP_DIR);
while ($file = readdir($handle)) {
if(!is_dir($file) && $file!=='.htaccess') {
Please rewrite the .htaccess file by yourself so as not to delete it. I am sorry that I did not meet your expectations.
I tried to put a .htaccess file in the /tmp/ directory however the potiboard.php keeps deleting it when it checks for older files in the /tmp/ directory
even if the ownership of the file is set to root, it still deletes it
.htaccess files should probably not be included in the automatic deletion