stackoom
  简体   繁体   中英

fwrite permissions for users of a webpage

 原文  2012-06-01 13:35:15       php/ permissions/ file-permissions/ fwrite

Question

I'm going to allow my users to make iframe d HTML pages on my site. They will input text including markup and I will create the .html file using fwrite() .

Are there reasons not to make the file permission for these .html files 0777 ?

Obviously I don't want people executing javascript but other markup should be fine. Should I do 0766 instead then?

I'm not very familiar with permissions so general advice would be appreciated too.

2 answers

solution1
 2 ACCPTED  2012-06-01 15:23:27

0777 is inappropriate for data files such as HTML. They should likely be set as 0644 (owner read+write, group/others read only).

Note that the executable bit on an HTML file has absolutely no bearing on what permissions it will have when loaded in a browser. For instance, Javascript will run just fine out of any HTML file, regardless of its permissions -- if you do not want to allow Javascript to run from these files, you will need to filter the content yourself. Good luck.

solution2
 1  2012-06-01 13:37:27

如果你能确保,他们将上传HTML文件-那么它的罚款。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Are 777 permissions dangerous with fwrite? Can I use php's fwrite with 644 file permissions? Middleware For Users Roles and Permissions Displaying amount of users on a webpage How can I redirect users from a webpage or another webpage to a webpage Bring in a facebook users stream into a webpage Why does my server keep creating new files with 0640 permissions in my PHP fwrite? Having roles with permissions, but also add/remove permissions from individual users Yii2 - Get access permissions for another users Facebook extended permissions for users email address
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM