Welcome to WebmasterWorld Guest from 54.167.86.211

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

unlink problem

     
1:35 am on Feb 15, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:July 24, 2009
posts: 113
votes: 0


hi,

The unlink function below able to delete files under Root Dir but failed error occured if i tried to unlink files in other directory folder. Any clues to solve these problem?

(Root Directory)
- Dir Folder Files (unlink Error Occurred)
file.php
file 2.php (3 php files unlink sucessful)
file 3.php




if (isset($_GET['delete']) && $_GET['delete'] == true && isset($_GET['file']) && !empty($_GET['file'])){
$path = './';
if (@unlink($path.'./'.$_GET['file'])){
header('Location: index.php');
} else {
die('An error occured');
}
}
8:30 am on Feb 15, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


$path = './';  
if (@unlink($path.'./'.$_GET['file'])){


Remove the '@' prefix. This is suppressing any useful error messages.

What is the exact path/file you are attempting to unlink? From your code it is looking like... "././somefile", which is a bit strange?
2:05 pm on Feb 15, 2012 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


be very careful when using the value of $_GET['file'] to unlink something.

If you loosen up the file permissions enough to allow PHP to delete arbitrary files, then a malicious user could unlink things you don't want unlinked. Protecting against that won't be trivial; you'll likely need to go deep into file ownership and permissions.

I assume you probably need to look at the file ownership. PHP doesn't have permission to unlink a file unless it's owned by the PHP user, which is sometimes "www-data", or sometimes something else. it depends on your server config and what flavour of Linux you're using.
2:06 pm on Feb 15, 2012 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


You can also use PHP to check if a file exists before you unlink it. Then you can verify if the path is correct.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members