Jump to content

Using unlink to target the file in a folder


Jurik

Recommended Posts

Hi guys was just wondering if its possible to get unlink to go into a folder to delete the file, I have all my files stored in a folder called videos, I have got the code sorted so it deletes the file if its in the folder the php files in but I need it to go to the videos folder, how do u do this?
Link to comment
Share on other sites

I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
Link to comment
Share on other sites

[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]

The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename
Link to comment
Share on other sites

Fair point... If you are using user input (form field) or GET (delete.php?filename=blah) to determine the file to delete. Surely this would not be an issue if the script was completely server-side and all variables were assigned without any user input?
Link to comment
Share on other sites

[quote author=xsist10 link=topic=111377.msg451303#msg451303 date=1160736048]
[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]

The problem with using a parameter such as $filename.

What is someone passed this into $filename = "../../../etc/password" or some such file.
You want to be very careful about the parameters you pass. When you use chdir you can remove all ".." from $filename
[/quote]In that particular situation, it's a non-issue. $filename is assigned a new value, so whether it had a value before, or not, doesn't matter. But your point is valid, when using files you need to ensure it is done so securely.
Link to comment
Share on other sites

  • 2 months later...
Can you help me on a method to prevent video files
to be cached (copied) into the Internet temp file?
This is to protect content.
Thanks, Lisa

lisawebs@yahoo.com

[quote author=gmwebs link=topic=111377.msg451296#msg451296 date=1160734788]
I may be missing the point completely here (wouldn't be the first time) but surely you could just supply the full path to the file you wish to delete? Have a look at some snippets below. I know it can be done in one line, but I am using these variables elsewhere in the script.

[code]

// Set the temp directory relative to the executing script
$temp_dir = "../tmp";

// Set the filename suffix to a UNIX timestamp
$filename = time();

// Assign the full path to the file to a variable
$tempfile = $temp_dir."/tmp_".$filename;

// Delete the temporary file
unlink($tempfile);

[/code]

HTH
[/quote]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.