My app will store an uploaded image file under https:\\domain.com\asset\userid\ directory according to this code:
$folder = $object->upload_dir.$user_id.DS;
if (!file_exists($folder)) {
mkdir($folder, 0770, true);
}
move_uploaded_file($_FILES['image']['tmp_name'], $folder.$filename);
chmod($folder.$filename, 0660);
Is it safe to do that considering hacker can write a script, let's under https:\\domain.com\asset\ directory and delete all the image files altogether?
Aucun commentaire:
Enregistrer un commentaire