Welcome to WebmasterWorld Guest from 54.198.46.95

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

unlink problem

     
1:35 am on Feb 15, 2012 (gmt 0)

5+ Year Member



hi,

The unlink function below able to delete files under Root Dir but failed error occured if i tried to unlink files in other directory folder. Any clues to solve these problem?

(Root Directory)
- Dir Folder Files (unlink Error Occurred)
file.php
file 2.php (3 php files unlink sucessful)
file 3.php




if (isset($_GET['delete']) && $_GET['delete'] == true && isset($_GET['file']) && !empty($_GET['file'])){
$path = './';
if (@unlink($path.'./'.$_GET['file'])){
header('Location: index.php');
} else {
die('An error occured');
}
}
8:30 am on Feb 15, 2012 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



$path = './';  
if (@unlink($path.'./'.$_GET['file'])){


Remove the '@' prefix. This is suppressing any useful error messages.

What is the exact path/file you are attempting to unlink? From your code it is looking like... "././somefile", which is a bit strange?
2:05 pm on Feb 15, 2012 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



be very careful when using the value of $_GET['file'] to unlink something.

If you loosen up the file permissions enough to allow PHP to delete arbitrary files, then a malicious user could unlink things you don't want unlinked. Protecting against that won't be trivial; you'll likely need to go deep into file ownership and permissions.

I assume you probably need to look at the file ownership. PHP doesn't have permission to unlink a file unless it's owned by the PHP user, which is sometimes "www-data", or sometimes something else. it depends on your server config and what flavour of Linux you're using.
2:06 pm on Feb 15, 2012 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You can also use PHP to check if a file exists before you unlink it. Then you can verify if the path is correct.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month