0

in my project, I have downloaded 17111611185.zip file with ajax.

After downloading the zip file, I want to delete this file from my linux server.

So after window.location=data, ajax is called again for passing 17111611185.zip to server. 

$.ajax({
        type:'POST',
        data:{files:files},
        url:'oat.php',
        success:function(data){// data is 17111611185.zip
            window.location=data;

            //2017-12-19delete zip file
            $.ajax({
                type:'POST',
                data:{delFile:data},
                url:'delFileoat.php',
                success:function(data){ 
                }
            });
        }

    });

The delFileoat.php code is:

<?php
if(isset($_POST['delFile'])){
  $delFile=$_POST['delFile'];
  unlink($delFile);
 }
?>

But unlucky, the return message is 17111611185.zip can not be found. And delete progress is fail.

It seems nothing wrong. When I just download file without deleteing, like:

$.ajax({
    type:'POST',
    data:{files:files},
    url:'oat.php',
    success:function(data){// data is 17111611185.zip
        window.location=data;
    }
});

It works OK. But fail, when deleting code is added.

stack
  • 821
  • 1
  • 15
  • 28
  • You code is extremely dangerous - you are doing no checking on the filename of the file being unlinked. A person could try and start deleting files at random. Just giving them a go. Perhaps the httpd config file might be a good attempt – Ed Heal Dec 19 '17 at 03:15
  • May [this](https://stackoverflow.com/questions/5603851/how-to-create-a-zip-file-using-php-and-delete-it-after-user-downloads-it) will be helpful. – Chirag Jain Dec 19 '17 at 03:18
  • First check file exists or not if(file_exists($delFile){ echo file exists; } else{ echo file not found; } – Hemraj Pal Dec 19 '17 at 03:55
  • @HemrajPal, I have checked that file exist, and this file is deleted after download. but I received a msg:The requested URL /17111611185.zip was not found on this server. – stack Dec 19 '17 at 05:14
  • @EdHeal, I have found that delete is befor download – stack Dec 19 '17 at 05:23
  • @stack - Easy to make a form to enable one to try to delete an arbitrary file using your code. i.e `
    `
     – Ed Heal Dec 19 '17 at 06:56

1 Answers1

0

I think uploaded file is in tmp folder which can accessed with 

ini_get('upload_tmp_dir');
yu.pitomets
  • 1,660
  • 2
  • 17
  • 44