Jump to content

Trouble with opendir


jakebur01

Recommended Posts

I last used this code about 5 years ago on another website.  I copied it into the current site i'm working on to list the images in a directory.  As far as I can tell the path is correct.  I printed $image_path out and everything looks ok, however it is triggering the error Notice: error, path not found in.  I have commented out this error and it still does not run.  For some reason the path is not returning anything.  I checked the permissions and they look ok.

 

Here is the code:

if(strlen($_GET['delete'])) {
		$delete_image = dirname(__FILE__) . "/PW-Files/$listingid/images/".urldecode($_GET['delete']);
		unlink($delete_image);
	}

    $image_path = dirname(__FILE__) . "/PW-Files/$listingid/images";
    $dir_handle = null;
   
    if (($dir_handle = opendir($image_path)))
    {
        trigger_error('error, path not found');
        return;
    }
    $html = '<table width="500" border="1">';
    $file = readdir($dir_handle);
    $image_types = array("jpg","jpeg","gif","png");
   while (false !== ($file=readdir($dir_handle))) {
    
		
		if(in_array(strtolower(substr($file,strpos($file,".")+1)),$image_types)){
        $html .= "<tr><td><center><IMG SRC='/PW-Files/$listingid/images/{$file}' width='100' align='top' vspace='2' alt='{$file}' /></center></td><td>{$file}<br /><a href=\" PW-Image_Upload.php?delete=".urlencode($file)."\">delete image</a></td></tr>";

		}
    }
    closedir($dir_handle);
    

   $html .= "</table>";
    echo $html;
Link to comment
Share on other sites

For some strange reason, you regard a successful call of opendir() as an error:

if ($dir_handle = opendir($image_path))
{
	trigger_error('error, path not found');
	return;
}

If the function returns a resource (which it should), the conditions is fulfilled, and you complain about the path not being found. Shouldn't it be the other way round?

 

But what's much more important: You have a gigantic security hole in your code which allows arbitrary users to delete any file your webserver has write access to. All they have to do is manipulate the file path through the delete parameter.

 

Never trust user input. Never insert raw user data into file paths, queries or whatever. People will exploit this. I'm surprised this hasn't happened before. Or maybe you just didn't notice.

Link to comment
Share on other sites

Be that as it may, you have to be logged in to access this page and the only people accessing this site will be my family, which i'm not worried about.  I realize that this is bad practice for security reasons, but I am still not having any success returning any images.  I commented out the trigger_error, not sure how it got in the success section.   Any ideas on how I could get the images to appear?

Link to comment
Share on other sites

So what's the new error? Is the error reporting turned on? Are you sure the webserver has all required permissions to access the folder and files?

 

Be that as it may, you have to be logged in to access this page and the only people accessing this site will be my family, which i'm not worried about.

 

This is one of those “arguments” which just don't make sense. So you're saying you're unable or unwilling to protect the simple parts of the program, but at the same time you write perfectly secure code when it comes to much more complicated aspects like authentication? No offense, but that's hard to believe.

 

Anyway, if you think that saving 5 minutes of work is worth the risk, go ahead.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.