I was after a method of being able to select results from a cfdirectory query using a form check box, then once a "delete selected" button is pressed it will then go on to delete them from the directory.
I currently have a page displaying all the files and folders now I just need a way so delete the selected records could you please help?
So as Joe pointed out, it's rather simple to use cfdirectory to create a list of files. Joe mentioned checkboxes and a simple form, so let's look at that part of the script first:
2
3 <cfdirectory action="list" directory="#directory#" name="entries" type="file">
4
5 <cfoutput><form action="#cgi.script_name#" method="post"></cfoutput>
6 <table>
7 <cfoutput query="entries">
8 <tr>
9 <td><input type="checkbox" name="files" value="#name#" /></td>
10 <td>#name#</td>
11 </tr>
12 </cfoutput>
13 </table>
14 <input type="submit" value="DELETE" />
15 </form>
Normally the directory variable would point to some other folder instead of the current folder. This script would actually let you delete the script itself, which is probably not a good idea. Notice that I filtered by files. You can actually perform a recursive delete on a directory, but since Joe mentioned files I figured I'd keep it at that.
Notice next to each file we use a checkbox with the name files. When the form is submitted, each and every file will exist in the form value, files. If the user selects multiple files, then the values will be a list. Here is how I processed the form submission:
2 <cfloop index="f" list="#form.files#">
3 <cfif fileExists(directory & "/" & getFileFromPath(f))>
4 <cffile action="delete" file="#directory#/#getFileFromPath(f)#">
5 </cfif>
6 </cfloop>
7 </cfif>
Nothing crazy here. Note though that I go the extra step to ensure the file exists before I delete it. In theory it is possible someone else could have deleted the file. (And to be real anal, I should use a cflock as well.)
As I said - easy stuff, but hopefully this example will help Joe. I'll print the entire sample below. Before doing so, don't forget that any web based application that lets you delete files is a risky. Please be sure you know what your doing before deploy code like this.
2
3 <cfif structKeyExists(form, "files") and len(form.files)>
4 <cfloop index="f" list="#form.files#">
5 <cfif fileExists(directory & "/" & getFileFromPath(f))>
6 <cffile action="delete" file="#directory#/#getFileFromPath(f)#">
7 </cfif>
8 </cfloop>
9 </cfif>
10
11 <cfdirectory action="list" directory="#directory#" name="entries" type="file">
12
13 <cfoutput><form action="#cgi.script_name#" method="post"></cfoutput>
14 <table>
15 <cfoutput query="entries">
16 <tr>
17 <td><input type="checkbox" name="files" value="#name#" /></td>
18 <td>#name#</td>
19 </tr>
20 </cfoutput>
21 </table>
22 <input type="submit" value="DELETE" />
23 </form>
Comment 1 written by Elliott Sprehn on 23 October 2008, at 12:31 AM
You should be using getFileFromPath() on the file in the fileExists() and <cffile action="delete">.
With what you have there I can pass a random path that contains ../../ and delete all the .cfm/.cfc files on your entire server! (Also probably everything else that the JRun user has permissions on)
Comment 2 written by Joe Smith on 23 October 2008, at 2:37 AM
Thanks Again Raymond =)
Comment 3 written by John Whish on 23 October 2008, at 5:08 AM
Comment 4 written by Raymond Camden on 23 October 2008, at 6:15 AM
Good point - here is the modified cfif block Joe.
<cfif fileExists(directory & "/" & getFileFromPath(f))>
<cffile action="delete" file="#directory#/#getFileFromPath(f)#">
</cfif>
Comment 5 written by Elliott Sprehn on 23 October 2008, at 10:18 AM
Hah, sorry about that ;)
It would be great if you'd fix the actual post though. For the same reasons posting sample code without cfqueryparam is dangerous, posting this is dangerous.
People copy and paste code and model code on well known, respected blogs, from respected developers... like you! And if that code has security flaws they get propagated all over the place.
Comment 6 written by Raymond Camden on 23 October 2008, at 10:22 AM
Comment 7 written by Elliott Sprehn on 23 October 2008, at 4:18 PM
[Add Comment] [Subscribe to Comments]