I'd not recommend storing the files in your public folder directly. Files that are uploaded or generated should reside in the storage directory. That being said, they must be validated if you make them directly accessible. Even if you use the public disk that Laravel offers by default. Depending on how your webserver is configured, files may be executed.
Using a symbolic link like described on the Laravel documentation would be the easiest. Do you require the files to be accessible from the base URL directly?
Yeah, pointing a disk to the ../public folder like that can be risky. The public directory is meant for files accessible via the web, so if you write files there without careful control, you might accidentally expose sensitive data or let users upload harmful files.
@developer654079525 Why on earth are you trying to write files to your public directory? This is a huge security risk.
If a user uploads a malicious file, they’ll then have a way to immediately execute that file, compromising both your application and the server it’s hosted on.
@martinbean@martinbean Because I want to generate blog-rss.xml and sitemap.xml files in my root, using Laravel code. Admin is the only user in a database.
Having a custom filesystem is not unsafe by itself, it may become unsafe if you allow external users, for example, upload anything there without sanitation.
As long as you generate blog-rss.xml and sitemap.xml by yourself (by scheduled artisan command for example) I don't see how your approach is unsafe.
