Jump to content


Photo

Help with this code needed!!!


  • Please log in to reply
1 reply to this topic

#1 iantearle

iantearle
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 05 October 2006 - 08:14 AM

Have created the following code to delete a file or folder with a name specified in the form, then submitted with the button, i dont want the action to be carried out on a different page, and this resides within more php functions from 'lussumo filebrowser'. Please help!!!

 
<div class=\"deletef\"><form name=\"frm".$delete_form_action."\" method=\"get\" action=\"".$this->SelfUrl."\">
							<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">
							<input type=\"submit\" value=\"Delete\">
							</form>	
	  </div> 
         ".$CurrentPath.BuildPath($Config->FolderNavigator, $Config->FilesPerPage)."
      </div>");


$delete_form_action = $_SERVER['PHP_SELF'];
if (empty($_POST['folder_name'])){
}
else {
$folder_name = rmdir($_POST['folder_name']);
$folder_name = unlink($_POST["foldername"]);
}


#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 05 October 2006 - 02:47 PM

It seems like you have everything there, but it's not very safe! All you have to do is, do what your doing and submit the form to it's self, you can do that by setting the form action to '' or fill it with $_SERVER['PHP_SELF'] after you validate it, also be sure your validate folder_name, if you don't then anyone can remove any folder they want!

As for your form, the input...

<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">

doesn't make very much sense, you have to give the form input a name and then the value is the folder to delete!

echo '<input type="text" size="10" name="folder_name" value="' . $folder_name . '" />


me!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users