PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
function _do_delete() {
if ( is_array($this->do_delete) ) {
foreach ($this->do_delete as $value) {
system("rm -rf ".$this->path_to_delete."/".$value);
}
}
}
?>
How do I make sure I never erase my own disk?
I'm newbie at php so I would like if someone could give some topics about this or a general idea of what function could I use to do some comprobations?
If you must use such a command, realpath() can help you check where the path will actually hit. However, if you're wanting to delete files, use unlink() instead.
Ok now I know what I want. I need that all directories to be deleted must be inside a given directory, for example /var/www. If directories to delete are in a directory outside /var/www/ the command should not be executed.
What should I study to get this done?
Many thanks!!
do_delete is an array with the directories to be deleted.
As far as I'm aware, if you use unlink() like feyd suggested it wouldn't ever delete itself, so therefore you wouldn't need all this fancy validation you ask about, just make sure that yourscript.php is on the disk you dont want to wipe.
unlink() can't delete directories but there's a snippet in the Snippets forum that I posted which is recursive.
Yikes.... I hope to high heaven you test this inside-out, outside-in upside-down, back-to-front from the moon....
If either of those two variables either side of the / end up empty you're risking major system issues. Luckily the apache user should be something with hardly any system permissions but still this looks like one heck of a risky function
I might also suggest chrooting the apache user to minimize such a risk as much as possible.
This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.
danf_1979 wrote:This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.
Are the files to delete owned by root? I'd strongly advise running it under another user if not. I know I certainly wouldn't write such a script that runs as root It's a potential nightmare. And if you *do* have to run it as root I suggest as chroot as I said above, unless you need access right from / upwards.