unlink problem

Forum Moderators: coopster

Message Too Old, No Replies

unlink problem

chrissim

1:35 am on Feb 15, 2012 (gmt 0)

hi,

The unlink function below able to delete files under Root Dir but failed error occured if i tried to unlink files in other directory folder. Any clues to solve these problem?

(Root Directory)
- Dir Folder Files (unlink Error Occurred)
file.php
file 2.php (3 php files unlink sucessful)
file 3.php

if (isset($_GET['delete']) && $_GET['delete'] == true && isset($_GET['file']) && !empty($_GET['file'])){
$path = './';
if (@unlink($path.'./'.$_GET['file'])){
header('Location: index.php');
} else {
die('An error occured');
}
}

penders

8:30 am on Feb 15, 2012 (gmt 0)

$path = './';  
if (@unlink($path.'./'.$_GET['file'])){

Remove the '@' prefix. This is suppressing any useful error messages.

What is the exact path/file you are attempting to unlink? From your code it is looking like... "././somefile", which is a bit strange?

httpwebwitch

2:05 pm on Feb 15, 2012 (gmt 0)

be very careful when using the value of $_GET['file'] to unlink something.

If you loosen up the file permissions enough to allow PHP to delete arbitrary files, then a malicious user could unlink things you don't want unlinked. Protecting against that won't be trivial; you'll likely need to go deep into file ownership and permissions.

I assume you probably need to look at the file ownership. PHP doesn't have permission to unlink a file unless it's owned by the PHP user, which is sometimes "www-data", or sometimes something else. it depends on your server config and what flavour of Linux you're using.

httpwebwitch

2:06 pm on Feb 15, 2012 (gmt 0)

You can also use PHP to check if a file exists before you unlink it. Then you can verify if the path is correct.

unlink problem

chrissim

penders

httpwebwitch

httpwebwitch

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week