Results 1 to 5 of 5

Thread: proper naming using rename()

  1. #1
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    2,419
    Thanks
    103
    Thanked 117 Times in 115 Posts

    Default proper naming using rename()

    I have a php editor program on my site that I wrote and I just added the ability to rename files using rename(). Are there certain characters I should make sure are preprocessed out before execution?

    I am uneasy about testing this out myself after creating an undeletable file once upon a time.
    Last edited by james438; 05-02-2010 at 08:01 PM.
    To choose the lesser of two evils is still to choose evil. My personal site

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Hmm... I don't see any huge dangers here. Files aren't undeletable if you have permissions-- and you can do that using PHP *most* of the time, even if for some reason your ftp browser ignores the requests.

    Obviously you want to strip out "." from the beginning of the string to avoid using hidden files and to avoid being able to go to a higher level "../" if this is to be a public thing.

    And you'd want to avoid any filetypes that are dangerous, like .php if it's public.

    But really there's nothing wrong with any character, I don't think, since the system will refuse any characters that just don't work.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    2,419
    Thanks
    103
    Thanked 117 Times in 115 Posts

    Default

    Good to know. This is an admin script. I can't think of too many instances where a person would want to create a public script where a person could rename files, but you never know.

    As far as an undeletable file you might remember several years ago when I had an image that was undeletable and inaccessible. Brr, that was problematic. It was listed as present and was named
    www.animeviews.com/.hcc.thumbs/.hcc.\sdcc.jpg+t
    and another named
    www.animeviews.com/c:\data\newt.bmp
    with 000 permissions.

    Every ftp program I tried said that it was impossible to delete the file.

    The funny thing is that I ended up calling GoDaddy to see if they could delete the file.

    "Sure thing. Should be easy." seconds later.

    "huh, that was unexpected. Let me get my supervisor."

    A few secods later his supervisor comes online and after hearing the problem replies to the GoDaddy representative: "sure. All you have to do is..." a few seconds later I hear "huh, that's interesting. Let me redirect you to my supervisor who specializes in these things."

    A minute later another voice comes online and I explain my situation. He replies without any bravado "sure, just a sec." A few seconds later: "huh, that's interesting. I'm going to need to refer this to R&D. They will get back to you in a few days."
    They were only able to rename/remove one of the files. Even unset() didn't remove the file at first.

    I don't think I could recreate the file now if I tried and I don't want to

    EDIT: ref thread: http://www.dynamicdrive.com/forums/s...ad.php?t=23619
    Last edited by james438; 05-01-2010 at 06:49 AM. Reason: formatting text
    To choose the lesser of two evils is still to choose evil. My personal site

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by james438 View Post
    thoroughly amusing. thanks.

  5. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    I see what you mean. But remember-- that was a permissions error mixed in with a very odd name and lots of complications. Unless you're just changing things randomly or you're intentionally trying to get something odd, this shouldn't be a problem.

    If this were public there would be a lot more to worry about.

    Another way to really deal with this is to just only allow a-z and 0-9. Realistically that's the a great way to go-- why would you want other characters? Some are possible, but usually they're just in the way. Or add a few as you want, like _. You could even assign the file extension separately and verify it against a list of known working extensions.

    I can't think of too many instances where a person would want to create a public script where a person could rename files, but you never know.
    Not full control, but this will often come up for things like an image gallery with user accounts or something similar with other files.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •