horazont
Add built-in support for automatically deleting files after a certain amount of time
mod_http_upload supports http_upload_expire_after. I would like to see this in here, too.
(not demanding; just making a note; maybe i'll get around to writing this myself, once I get this installed)
Actually prosody-filer suggests just writing a cronjob around find: https://github.com/ThomasLeister/prosody-filer#automatic-purge
[code snippet removed by @horazont for security reasons; see discussion below; this snippet was pretty much the same as below, but without -print0 and -0]
that's pretty much just as good.
I’d also recommend the cronjob at this stage.
However, the command line is a bit unsafe since the filename is determined by the client. If the client can pick a filename with e.g. a newline in it, it could make the cronjob delete arbitrary files.
To avoid that, use:
find /home/prosody-filer/upload/ -mindepth 1 -type d -mtime +28 -print0 | xargs -0 -- rm -rf
The -print0 makes find print the file names separated by NUL bytes (0x00, \0) instead of newlines (0x09, \n). -0 on xargs tells xargs to expect such input. Since NUL bytes are not valid in filenames on Linux, this protects against malicious filenames.
The
-print0makes find print the file names separated by NUL bytes (0x00, \0) instead of newlines (0x09, \n).-0onxargstellsxargsto expect such input. Since NUL bytes are not valid in filenames on Linux, this protects against malicious filenames.
Ouch, good catch! I'm usually pretty good about catching shell injections but I didn't try.
find /home/prosody-filer/upload/ -mindepth 1 -type d -mtime +28 -print0 | xargs -0 -- rm -rf
Good catch. We should add this to the README. I was using the unsafe command in my cronjob for over 3 years.
@kousu I took the liberty to edit your comment above so that someone just copying the first snippet they find isn’t getting into trouble :)