Jump to content


Photo

Using unlink to target the file in a folder


  • Please log in to reply
7 replies to this topic

#1 Jurik

Jurik
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 13 October 2006 - 09:37 AM

Hi guys was just wondering if its possible to get unlink to go into a folder to delete the file, I have all my files stored in a folder called videos, I have got the code sorted so it deletes the file if its in the folder the php files in but I need it to go to the videos folder, how do u do this?

#2 xsist10

xsist10
  • Members
  • PipPipPip
  • Advanced Member
  • 114 posts

Posted 13 October 2006 - 10:08 AM

Use the chdir function to change to the folder in question.

See http://www.php.net/chdir
SA PHP Archives - www.phparchives.za.org

#3 gmwebs

gmwebs
  • Members
  • PipPipPip
  • Advanced Member
  • 174 posts
  • LocationLondon

Posted 13 October 2006 - 10:19 AM

I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.


// Set the temp directory relative to the executing script
$temp_dir = "../tmp"; 

// Set the filename suffix to a UNIX timestamp
$filename = time(); 

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename; 

// Delete the temporary file
unlink($tempfile); 


HTH

#4 Jurik

Jurik
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 13 October 2006 - 10:21 AM

Thanks guys sorted it now

#5 xsist10

xsist10
  • Members
  • PipPipPip
  • Advanced Member
  • 114 posts

Posted 13 October 2006 - 10:40 AM

I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.


// Set the temp directory relative to the executing script
$temp_dir = "../tmp"; 

// Set the filename suffix to a UNIX timestamp
$filename = time(); 

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename; 

// Delete the temporary file
unlink($tempfile); 


HTH


The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename
SA PHP Archives - www.phparchives.za.org

#6 gmwebs

gmwebs
  • Members
  • PipPipPip
  • Advanced Member
  • 174 posts
  • LocationLondon

Posted 13 October 2006 - 11:34 AM

Fair point... If you are using user input (form field) or GET (delete.php?filename=blah) to determine the file to delete. Surely this would not be an issue if the script was completely server-side and all variables were assigned without any user input?

#7 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 13 October 2006 - 11:49 AM

I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.


// Set the temp directory relative to the executing script
$temp_dir = "../tmp"; 

// Set the filename suffix to a UNIX timestamp
$filename = time(); 

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename; 

// Delete the temporary file
unlink($tempfile); 


HTH


The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename

In that particular situation, it's a non-issue. $filename is assigned a new value, so whether it had a value before, or not, doesn't matter. But your point is valid, when using files you need to ensure it is done so securely.

#8 lisawebs

lisawebs
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 16 December 2006 - 07:06 PM

Can you help me on a method to prevent video files
to be cached (copied) into the Internet temp file?
This is to protect content.
Thanks, Lisa

lisawebs@yahoo.com

I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.


// Set the temp directory relative to the executing script
$temp_dir = "../tmp"; 

// Set the filename suffix to a UNIX timestamp
$filename = time(); 

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename; 

// Delete the temporary file
unlink($tempfile); 


HTH






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users