Redirects


#1

I have the following script:

[code]<?php
$filename = $_GET[‘filename’];
if (empty($filename))
{
?>

<?php }

else
{
if (strpos($filename,".zip") >= 1)
{
exec(‘unzip $filename’,$ret);
echo “Successful unzipping”;
$url = str_ireplace(".zip","","$filename");
echo ‘’;
}
elseif ((strpos($filename,".tgz") >= 1) || (strpos($filename,".tar.gz") >= 1))
{
exec(‘tar -xzf gammu-1.10.0.tar.gz’,$ret);
echo “Successful untargzing”;
if ((strpos($filename,".tgz") >= 1))
{
$url = str_ireplace(".tgz","","$filename");
echo ‘’;
}
else
{
$url = str_ireplace(".tar.gz","","$filename");
echo ‘’;
}
}
else
{
?>

<?php } } ?>[/code]

The point is, that after decompressingg, it should take you to the new uncompressed directory, and, for obvious reasons, I can’t use headers, but on the other hand, I don’t want to be redirected, as I am now, to http://www.argendeli.net/$filename
How do I redirect in the places where I have redirect code right now, after 11/2 - 2 seconds, and actually have $filename replaced with its contents.


#2

My question is: why in the world would you want to do this through PHP? Apart from the huge security hole you’re posing by using exec(), solutions that run on the machine, rather than on the server, are by far more suited for something like this: SSH, FTP, Remote Desktop, etc.


#3

I am a little confused by the exec thing. How does it cause a security hole, and what could I use in its place. Secondly, how would I use FTP or SSH to decompress on the server. (Sorry for my ignorance)


#4

What if I found out where your script is, and accessed it, and submitted the following ‘file’:

somefile.zip && rm -rf

That’s how it could create a security hole: bye bye server. And this isn’t the worst case either :wink:

As for SSH and FTP, I thought they were tough to learn until I actually started them. I"d suggest using Google to get some information in on them. Especially SSH would suit your needs.