问题
By default, symfony uploades file to web/upload folder, so they are accessible for anyone. I need to check user credentials on every request to a file. How should I do this?
回答1:
Move your uploads outside of your webroot, like in /data/uploads. In that case, you'll need to put this in your ProjectConfiguration file:
sfConfig::set('sf_upload_dir' => sfConfig::get("sf_data_dir") . DIRECTORY_SEPARATOR . 'uploads');
Provided that you always used sf_upload_dir to specify the uploads folder, all your files will get saved there.
The second part of the solution needs a new action, that gets a filename, checks if the user has access to it, and returns:
- either a 403 error
- or the file contents via
readfile(), after setting the correct Content-Type and Content-Lenght headers.
来源:https://stackoverflow.com/questions/4217815/secure-file-management-with-symfony