1

I'm having problems deleting a file from a higher directory, I found this post and tried it but no luck....:

gotdalife at gmail dot com 25-Sep-2008 02:04

To anyone who's had a problem with the permissions denied error, it's sometimes caused when you try to delete a file that's in a folder higher in the hierarchy to your working directory (i.e. when trying to delete a path that starts with "../").

So to work around this problem, you can use chdir() to change the working directory to the folder where the file you want to unlink is located.

<?php
>     $old = getcwd(); // Save the current directory
>     chdir($path_to_file);
>     unlink($filename);
>     chdir($old); // Restore the old working directory     ?>

here is the code that I currently have:

session_start();

if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] !=md5($_SERVER['HTTP_USER_AGENT']))){

    require_once ('includes/login_functions.inc.php');
    $url = absolute_url();
    header("Location: $url");
    exit();
}  



$folder = $_GET['folder'];
$filename = $_GET['name'];
$path = "../gallery/photos/$folder";

if (isset($_POST['submitted'])) {

    if ($_POST['sure'] == 'Yes') {  

        $old = getcwd(); // Save the current directory
        chdir($path);
        unlink($filename);
        chdir($old); // Restore the old working directory  

    }
    else{

        echo '<p>The photo has NOT been deleted.</p>';
    }
}

I'm getting the error message :

Warning: unlink() [function.unlink]: No error in J:\xampp\htdocs\bunker\admin\delete_file.php on line 37

line 37 being:

unlink($filename);

can anybody see what I've done wrong?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
alsweet
  • 633
  • 1
  • 12
  • 26
  • 2
    http://4.bp.blogspot.com/_Mp0d-dsENrg/S15lV3B8PHI/AAAAAAAAiA8/UTTVHEEwD44/s400/59934678.jpg – Ignacio Vazquez-Abrams Nov 15 '10 at 14:26
  • 1
    Have you tried explicitly declaring the path? (e.g., no "../" but an actual hard path) Don't know where that will leave you if it works/doesn't work but might be a good test :) – clifgriffin Nov 15 '10 at 14:29
  • Ummm, do you have any idea how bad of an idea that is? I mean passing raw input to `chdir` and running `unlink`...? At least do some sensitization to prevent `delete_file.php?folder=../../../../../etc&file=passwd`... (permissions will likely prevent that, but there are bound to be files it can delete that are just as bad to you at least)... – ircmaxell Nov 15 '10 at 14:32

2 Answers2

2

I always use absolute filepath names.

I'd define the filedir as a constant in your config, then concatenate so you have an absolute filepath, then make a call to unlink().

Btw: I hope you know your code is highly insecure.

Niels Bom
  • 8,728
  • 11
  • 46
  • 62
0

See here:

http://bugs.php.net/bug.php?id=43511

and here

http://php.bigresource.com/Track-php-03TimDKO/

http://www.phpbuilder.com/board/showthread.php?t=10357994

Though I wouldnt recommend doing this, as per the comments above. Is there the option for a different approach?

SW4
  • 69,876
  • 20
  • 132
  • 137
  • sorry im very new to php so i'm unaware of any other approaches, i'm open to suggestions... all i need to do is delete a file selected but it seems to be causing me problem after problem. – alsweet Nov 15 '10 at 14:41