See how your network guys would feel about: A directory OUTSIDE the webtree which is 777.
You can put the thumbnails in there. Then, in a PHP script that you use in the IMG tags, you would double check several things before you serve up that image: Does it match a record in the database so you know it's supposed to be there? (a whitelist of known image files) Does it "look" like an image to functions like http://php.net/get_image_size (a modest validity check) You could also consider doing a simple GD imagefromjpeg followed by imagejpeg. It's unlikely any malicious file could survive that and do something Evil. PS You probably CAN set up FTP access and use PHP FTP to shuffle files around... But you're then putting your FTP password into your script, and your network guys shouldn't like that either... On Wed, October 18, 2006 12:40 pm, Matthews, Chris wrote: > Good Morning: > > I am looking to create a thumbnail from an uploaded image, and then > save it to a directory. > > I don't have any problem with the image functions, and can > successfully create the thumbnail and push it to the browser or, as is > currently set up, store the data in a database. > > What I want to do instead, however, is take that dynamically created > thumbnail and write it to a folder on the server. > > If I simply write the file, however, it appears I need to have a > folder chmod'd world read/writable for the process to work. My > network guys do not want this. > > I tried the FTP functions, which work great for copying a file that > already exists somewhere into another folder, but I can't seem to get > it to recognize the buffer as a valid source file location... > > Is there a way to use a php FTP function to FTP the file out of the > buffer to a directory on the server, or some other way to write a file > to a folder without making that folder 0777? > > Chris Matthews > eGovernment Information Officer > Washoe County, Nevada > 775.328.3719 > http://www.washoecounty.us > > Director, West Region > National Association of Government Webmasters > http://www.nagw.org > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
