Results 1 to 2 of 2

Thread: Having FormMail create new directory on server

Hybrid View

  1. #1
    Join Date
    Mar 2010
    Posts
    13

    Default Having FormMail create new directory on server

    Hi all

    Is it possible to get FormMail to create a new directory in the file repository and name it with the value of '$realname'? It would be easier to search the server if each submission had its contents contained in a named directory.

    I am not up to scratch with PHP so I wouldn't know how to code it, but does anyone have any ideas? I read elsewhere on the forum that subdirectories of the file repository constitutes a security risk, so I'm prepared to be told that it's not possible.

    Thanks

  2. #2
    Join Date
    Dec 2003
    Posts
    3,980

    Default Re: Having FormMail create new directory on server

    Hi,

    FormMail will only use the $FILE_REPOSITORY setting plus the basename of the uploaded file (or it's renamed value).

    So,
    PHP Code:
    $FILE_REPOSITORY "/home/you/www/repos"
    with a file name of "/a/path/to/abc123.txt", will get stored as "/home/you/www/repos/abc123.txt"

    The reason for this is to protect your server.

    The main problem we have thought of is someone providing a pathname of "../../filename" - i.e. referencing parent directories.

    Imagine, for example, if they could get FormMail to overwrite "../index.html" from "/home/you/www/repos"!

    So, the answer is "no".

    Of course, if we're really careful we could relax this restriction.

    It would mean stripping out or detecting all and any file name hacks (such as "../").

    But that's harder to be confident of.

    If you really need this, then you can hire us (or someone) to provide a specific version of FormMail for you.
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder
    http://www.tectite.com/

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Unable to create check file "/fm106c5c.txt" [M3]
    By gwbosma in forum FormMail Subscription Support
    Replies: 20
    Last Post: 16-Mar-2005, 09:23 PM
  2. Create a price sum for the submission of an order form?
    By bonzovt in forum FormMail Subscription Support
    Replies: 6
    Last Post: 14-Mar-2005, 07:46 PM
  3. unable to create check file
    By EPierre in forum FormMail Subscription Support
    Replies: 1
    Last Post: 12-Feb-2005, 07:23 PM
  4. Save to CSV file not working, Directory path
    By mkw in forum FormMail Subscription Support
    Replies: 3
    Last Post: 01-Oct-2004, 11:28 PM
  5. How to create a copy for the senfer?
    By tt in forum FormMail Subscription Support
    Replies: 8
    Last Post: 10-Jun-2004, 08:52 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •