Utherr12 Posted December 17, 2010 Share Posted December 17, 2010 Ok, so I have this javascript function which sends some data to a php script through ajax: http://pastebin.ca/2021959 .The last alert in the else if returns " "This is the php script: http://pastebin.ca/2021961 . Link to comment Share on other sites More sharing options...
jeffman Posted December 17, 2010 Share Posted December 17, 2010 1. Do you have permission to run shell commands?2. It looks like you're using the shell command simply to remove a file. Is there a reason for not using PHP's unlink function?3. I hope this script will not be exposed to the public as is. If so, you'd better validate the value of $_POST['image']. It would be very easy for a malicious user to add "../../../../and-so-on/some_file" and you could end up deleting things you do not want to delete. Link to comment Share on other sites More sharing options...
Utherr12 Posted December 17, 2010 Author Share Posted December 17, 2010 I'm hosting this... gallery directory/sub-directories and files are owned by www-data with rwx r-x rwx so it can... because the shell script that adds images to gallery works fine.Ok, i didn't know about unlink() i'm still at a learning stage. Does it use www-data as the user? I'll make the changes once i get back on my linux. Link to comment Share on other sites More sharing options...
Utherr12 Posted December 19, 2010 Author Share Posted December 19, 2010 I have now $img_name = $_POST['image'];$category = $_POST['category'];switch($category){ case 0: { unlink('/var/www/blogger/gallery/_thumb/funny/'.$img_name); unlink('/var/www/blogger/gallery/funny/'.$img_name); break; } case 1: { unlink('/var/www/blogger/gallery/_thumb/mysoul/'.$img_name); unlink('/var/www/blogger/gallery/mysoul/'.$img_name); break; } case 2: { unlink('/var/www/blogger/gallery/_thumb/geekish/'.$img_name); unlink('/var/www/blogger/gallery/geekish/'.$img_name); break; }} and added an exit() at the beginning of the script if someone else tries to access that page.Still doesn't work, gives me internal server error 500. Link to comment Share on other sites More sharing options...
jeffman Posted December 19, 2010 Share Posted December 19, 2010 500 usually means a syntax error. To learn more you would have to enable error reporting or error logging on your server, OR try to execute your script through a shell script. Link to comment Share on other sites More sharing options...
Utherr12 Posted December 19, 2010 Author Share Posted December 19, 2010 The script gives me PHP Warning: unlink(/var/www/blogger/gallery/_thumb/funny/1292421459.jpg): Permission denied in /home/kinga/test.sh on line 12PHP Warning: unlink(/var/www/blogger/gallery/funny/1292421459.jpg): Permission denied in /home/kinga/test.sh on line 13Oh, i have run the script as my own user... I didn't ran it with www-data, that's why I get this error.The file's permission are: -rw-r--r-- 1 www-data www-dataQuestion: the data from POST and GET variables are strings right? so category is '0' not 0 Link to comment Share on other sites More sharing options...
thescientist Posted December 20, 2010 Share Posted December 20, 2010 The script gives me PHP Warning: unlink(/var/www/blogger/gallery/_thumb/funny/1292421459.jpg): Permission denied in /home/kinga/test.sh on line 12PHP Warning: unlink(/var/www/blogger/gallery/funny/1292421459.jpg): Permission denied in /home/kinga/test.sh on line 13Oh, i have run the script as my own user... I didn't ran it with www-data, that's why I get this error.The file's permission are: -rw-r--r-- 1 www-data www-dataQuestion: the data from POST and GET variables are strings right? so category is '0' not 0 I believe that is correct. If you echo var_dump($_POST) at the top of your page you can find out. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.