File-upload attribute question

[lat9]

I have a product that includes a file-upload attribute; I choose a file and successfully add the associated product to my cart ... the file is uploaded correctly into the /images/uploads directory. If I subsequently delete that product from my cart, shouldn't the file be deleted from /images/uploads?

[kobra]

If I subsequently delete that product from my cart, shouldn't the file be deleted from /images/uploads?

Is this a file uploaded by a customer??

If so, then no you must attend to the uploaded files manually

[lat9]

kobra, it doesn't matter whether it's a guest or a customer ... if a product with an associated upload-file is successfully added to the cart and subsequently deleted from the cart, the uploaded file remains.

[kobra]

successfully added to the cart and subsequently deleted from the cart, the uploaded file remains

Mis read you OP
But the answer is the same - once uploaded, you must manually attend to them

Take care as you will receive root kits and other nefarious files being uploaded

[lat9]

Here's an update to the remove function of /includes/classes/shopping_cart.php (v1.5.1) that automatically deletes any uploaded files associated with a product that was deleted from the cart:

Code:

  /**
   * Method to remove an item from the cart
   *
   * @param mixed product ID of item to remove
   * @return void
   * @global object access to the db object
   */
  function remove($products_id) {
    global $db;
    $this->notify('NOTIFIER_CART_REMOVE_START');
    //die($products_id);
    //CLR 030228 add call zen_get_uprid to correctly format product ids containing quotes
    //      $products_id = zen_get_uprid($products_id, $attributes);
/*-bof-lat9-BUGFIX-delete uploaded file, if present */
    if (is_array ($this->contents[$products_id]['attributes_values'])) {
      foreach ($this->contents[$products_id]['attributes_values'] as $option_id => $option_value) {
        $sql = "SELECT products_options_type FROM " . TABLE_PRODUCTS_OPTIONS . " WHERE products_options_id = '" . zen_db_input($option_id) . "'";
        $sqlResult = $db->Execute($sql);
	if (!$sqlResult->EOF && $sqlResult->fields['products_options_type'] == PRODUCTS_OPTIONS_TYPE_FILE) {
	  //
	  //- The value for the file-upload option is of the form "nn. <originalfilename", where nn is the index in the files_uploaded table.
	  //- The uploaded file is /images/uploads/nn.ext, where ext is the originalfilename's file extension
	  //
	  $filename = substr($option_value, 0, strpos($option_value, '.'));
	  $file_ext = substr($option_value, 0-(strlen($option_value) - strrpos($option_value, '.')));
	  @unlink (DIR_FS_UPLOADS . $filename . $file_ext);
	  
	}  // Current attribute is a file-upload one
      }
    }
/*-eof-lat9-BUGFIX-delete uploaded file, if present */
    unset($this->contents[$products_id]);
    // remove from database
    if ($_SESSION['customer_id']) {

      //        zen_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . zen_db_input($products_id) . "'");

      $sql = "delete from " . TABLE_CUSTOMERS_BASKET . "
                where customers_id = '" . (int)$_SESSION['customer_id'] . "'
                and products_id = '" . zen_db_input($products_id) . "'";

      $db->Execute($sql);

      //        zen_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . zen_db_input($products_id) . "'");

      $sql = "delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . "
                where customers_id = '" . (int)$_SESSION['customer_id'] . "'
                and products_id = '" . zen_db_input($products_id) . "'";

      $db->Execute($sql);

    }

    // assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
    $this->cartID = $this->generate_cart_id();
    $this->notify('NOTIFIER_CART_REMOVE_END');
  }