oluşturmak için sitesinde ;
Data directory
When your users upload files (like avatar photos), they are stored in the data directory. What you don't want is for a malicious user to upload a script to your data directory and then run it. Here are two ways to prevent that with the first being the recommended method:
Put the data directory outside of your web server's root directory. That way someone cannot type in a URL in a browser and view a file in the data directory.
Block access to the data directory by changing your web server configuration. For example, if your data directory is /var/www/data and your web server is Apache, adding this to your Apache configuration should work:
Alıntı
