Jump to content

Archived

This topic is now archived and is closed to further replies.

iantearle

Help with this code needed!!!

Recommended Posts

Have created the following code to delete a file or folder with a name specified in the form, then submitted with the button, i dont want the action to be carried out on a different page, and this resides within more php functions from 'lussumo filebrowser'. Please help!!!

  [code]<div class=\"deletef\"><form name=\"frm".$delete_form_action."\" method=\"get\" action=\"".$this->SelfUrl."\">
<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">
<input type=\"submit\" value=\"Delete\">
</form>
  </div>
        ".$CurrentPath.BuildPath($Config->FolderNavigator, $Config->FilesPerPage)."
      </div>");


$delete_form_action = $_SERVER['PHP_SELF'];
if (empty($_POST['folder_name'])){
}
else {
$folder_name = rmdir($_POST['folder_name']);
$folder_name = unlink($_POST["foldername"]);
}[/code]

Share this post


Link to post
Share on other sites
It seems like you have everything there, but it's not very safe! All you have to do is, do what your doing and submit the form to it's self, you can do that by setting the form action to '' or fill it with $_SERVER['PHP_SELF'] after you validate it, also be sure your validate folder_name, if you don't then anyone can remove any folder they want!

As for your form, the input...

[code]<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">[/code]

doesn't make very much sense, you have to give the form input a name and then the value is the folder to delete!

[code]echo '<input type="text" size="10" name="folder_name" value="' . $folder_name . '" />[/code]


me!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.