I have the following code that runs on a webserver.
if ($file == 'PDF')
{
echo '<tr><td><a name="'.$file.'"></a><a href="/'.$upath.'PDF/index.php"><img id="pdfImg" src="/images/PDF.png" alt="'.$file.'" style="z-index: 0; width:auto;max-width:500px;height:auto;max-height:500px"/></a><p><a href="/'.$upath.'PDF/index.php"><span style="color:#777AFF; font-weight:bold">'.$file.'</a></p></span></td><td><p><a href="/nodelete.php"><span style="color:#F44; font-weight:bold">'.$deletetxt.'</span></a></p>';
$i++;
}
elseif (($ext=='jpg') || ($ext=='jpeg') || ($ext=='png') || ($ext=='gif') || ($ext=='webp'))
{
echo '<tr><td colspan="3"><a name="'.$file.'"><hr></a><span style="color:#666; font-weight:bold"><p>'.$file.' '.$filesize.'KB<br/>'.$imgwidth.$seppx.$imgheight.$px.' '.$resolution.$dpitxt.'<br/>'.$imagewidthin.$sepin.$imageheightin.$inchestxt.$imagewidthcm.$sepcm.$imageheightcm.$centimeterstxt.'</p></span></td></tr><tr><td><img id="myImg" class="js-img" src="'.$file.'" alt="'.$file.'" style="z-index: 0; width:'.$filelistwidth.';max-width:'.$filelistmaxwidth.';height:'.$filelistheight.';max-height:'.$filelistmaxheight.'"/></td><td><p><a href="/delete.php?image='.$file.'"><span style="color:#F44; font-weight:bold">'.$deletetxt.'</span></a></p>';
$i++;
}
else
{
$i++;
}
While streamling code a VERY strange thing happend and I noticed I did not need to base64 encode JPGs as I had previously thought I would have to do. To explain further... Some of these files are in PAM users with files OUTSIDE of the web folder. Folders like /home/user/Pictures. These are users with the SESSION password Variable PAM. This works as is for some reason. I thought it would not.
This is without the base64 encoding that I was using for files in /home/user/Pictures
It may sound like a silly question but I thought these would not be accessible from the web server and it turns out they are.
As I run it on a local machine only I am not that concerned about it but also need the code to work on other machines. That is where I am concerned.
I am curious if this is an Apache setting or PHP setting that is allowing this to happen and maybe I could keep the elseif that uses the base64 for PAM users who are in folders like /home/user/Pictures
in my old code I always had to use
$b64image = base64_encode(file_get_contents($_SESSION['userpath'].$file));
then replace the image with $b64image
SO what server option is causing this wo work without it?
EDIT____________________________________ I made a simple test with several variants. I could not access one of these files from this page . I put even file name in path variable.
<html>
<head>
</head>
<body>
<?php
$path='/home/kodi/Pictures/scans/';
echo '<img src="'.$path.'Escan20190428221412.jpg">';
?>
</body>
</html>
So my question remains why does the aforementioned code work?