homepage Welcome to WebmasterWorld Guest from 54.205.119.163
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
unlink problem
chrissim




msg:4417692
 1:35 am on Feb 15, 2012 (gmt 0)

hi,

The unlink function below able to delete files under Root Dir but failed error occured if i tried to unlink files in other directory folder. Any clues to solve these problem?

(Root Directory)
- Dir Folder Files (unlink Error Occurred)
file.php
file 2.php (3 php files unlink sucessful)
file 3.php




if (isset($_GET['delete']) && $_GET['delete'] == true && isset($_GET['file']) && !empty($_GET['file'])){
$path = './';
if (@unlink($path.'./'.$_GET['file'])){
header('Location: index.php');
} else {
die('An error occured');
}
}

 

penders




msg:4417835
 8:30 am on Feb 15, 2012 (gmt 0)

$path = './';  
if (@unlink($path.'./'.$_GET['file'])){


Remove the '@' prefix. This is suppressing any useful error messages.

What is the exact path/file you are attempting to unlink? From your code it is looking like... "././somefile", which is a bit strange?

httpwebwitch




msg:4418049
 2:05 pm on Feb 15, 2012 (gmt 0)

be very careful when using the value of $_GET['file'] to unlink something.

If you loosen up the file permissions enough to allow PHP to delete arbitrary files, then a malicious user could unlink things you don't want unlinked. Protecting against that won't be trivial; you'll likely need to go deep into file ownership and permissions.

I assume you probably need to look at the file ownership. PHP doesn't have permission to unlink a file unless it's owned by the PHP user, which is sometimes "www-data", or sometimes something else. it depends on your server config and what flavour of Linux you're using.

httpwebwitch




msg:4418050
 2:06 pm on Feb 15, 2012 (gmt 0)

You can also use PHP to check if a file exists before you unlink it. Then you can verify if the path is correct.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved