homepage Welcome to WebmasterWorld Guest from 107.20.129.212
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library : Charter : Moderators: coopster & eelixduppy & jatar k

PHP Server Side Scripting Forum

    
unlink problem
chrissim




msg:4417692		 1:35 am on Feb 15, 2012 (gmt 0)

hi,

The unlink function below able to delete files under Root Dir but failed error occured if i tried to unlink files in other directory folder. Any clues to solve these problem?

(Root Directory)
- Dir Folder Files (unlink Error Occurred)
file.php
file 2.php (3 php files unlink sucessful)
file 3.php




if (isset($_GET['delete']) && $_GET['delete'] == true && isset($_GET['file']) && !empty($_GET['file'])){
$path = './';
if (@unlink($path.'./'.$_GET['file'])){
header('Location: index.php');
} else {
die('An error occured');
}
}

 

penders




msg:4417835		 8:30 am on Feb 15, 2012 (gmt 0)

$path = './';  
if (@unlink($path.'./'.$_GET['file'])){


Remove the '@' prefix. This is suppressing any useful error messages.

What is the exact path/file you are attempting to unlink? From your code it is looking like... "././somefile", which is a bit strange?
httpwebwitch




msg:4418049		 2:05 pm on Feb 15, 2012 (gmt 0)

be very careful when using the value of $_GET['file'] to unlink something.

If you loosen up the file permissions enough to allow PHP to delete arbitrary files, then a malicious user could unlink things you don't want unlinked. Protecting against that won't be trivial; you'll likely need to go deep into file ownership and permissions.

I assume you probably need to look at the file ownership. PHP doesn't have permission to unlink a file unless it's owned by the PHP user, which is sometimes "www-data", or sometimes something else. it depends on your server config and what flavour of Linux you're using.
httpwebwitch




msg:4418050		 2:06 pm on Feb 15, 2012 (gmt 0)

You can also use PHP to check if a file exists before you unlink it. Then you can verify if the path is correct.
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved