Jump to content

Archived

This topic is now archived and is closed to further replies.

Jurik

Using unlink to target the file in a folder

Recommended Posts

Hi guys was just wondering if its possible to get unlink to go into a folder to delete the file, I have all my files stored in a folder called videos, I have got the code sorted so it deletes the file if its in the folder the php files in but I need it to go to the videos folder, how do u do this?

Share this post


Link to post
Share on other sites
Use the chdir function to change to the folder in question.

See [url=http://www.php.net/chdir]http://www.php.net/chdir[/url]

Share this post


Link to post
Share on other sites
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH

Share this post


Link to post
Share on other sites
[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]

The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename

Share this post


Link to post
Share on other sites
Fair point... If you are using user input (form field) or GET (delete.php?filename=blah) to determine the file to delete. Surely this would not be an issue if the script was completely server-side and all variables were assigned without any user input?

Share this post


Link to post
Share on other sites
[quote author=xsist10 link=topic=111377.msg451303#msg451303 date=1160736048]
[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]

The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename
[/quote]In that particular situation, it's a non-issue. $filename is assigned a new value, so whether it had a value before, or not, doesn't matter. But your point is valid, when using files you need to ensure it is done so securely.

Share this post


Link to post
Share on other sites
Can you help me on a method to prevent video files
to be cached (copied) into the Internet temp file?
This is to protect content.
Thanks, Lisa

lisawebs@yahoo.com

[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.