Blueimp JQuery FileUpload is probably the most common upload component used in PHP websites. The problem people sometimes face is that actual folder into which files are uploaded requires a 777 permission. This is a big security risk as anyone can upload any script into the folder and then execute it. Unfortunately the component does not work if you put the permission as 776 or 775.
Blueimp provides a workaround by adding an .htaccess file in the uploads folder. This forces any direct access to a file within the folder to be treated as a download , thus preventing any execution.
So if the uploads is folder is “photos/files” and if someone manages to upload a file called test.php using the upload component, then he can directly execute http://site.com/photos/files/test.php .
With the .htaccess in photos/files, the same url will show a download dialog.
The .htaccess file is given below:
Header set Content-Disposition attachment
Header unset Content-Disposition
Header set X-Content-Type-Options nosniff