Revision 1457
Added by Dietmar almost 13 years ago
| upload.php | ||
|---|---|---|
| 16 | 16 |
* |
| 17 | 17 |
*/ |
| 18 | 18 |
|
| 19 |
// Target location |
|
| 20 |
if(!isset($_POST['target']) OR $_POST['target'] == '') {
|
|
| 21 |
header("Location: index.php");
|
|
| 22 |
exit(0); |
|
| 23 |
} else {
|
|
| 24 |
$target = $_POST['target']; |
|
| 25 |
} |
|
| 26 |
|
|
| 27 | 19 |
// Print admin header |
| 28 | 20 |
require('../../config.php');
|
| 29 | 21 |
include_once('resize_img.php');
|
| ... | ... | |
| 31 | 23 |
|
| 32 | 24 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 33 | 25 |
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. |
| 34 |
$admin = new admin('Media', 'media_upload');
|
|
| 26 |
// suppress to print the header, so no new FTAN will be set |
|
| 27 |
$admin = new admin('Media', 'media_upload', false);
|
|
| 35 | 28 |
|
| 36 |
if (!$admin->checkFTAN())
|
|
| 29 |
if( !$admin->checkFTAN() )
|
|
| 37 | 30 |
{
|
| 38 |
$admin->print_error('UP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
|
|
| 39 |
exit();
|
|
| 31 |
$admin->print_header();
|
|
| 32 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
|
|
| 40 | 33 |
} |
| 34 |
// After check print the header |
|
| 35 |
$admin->print_header(); |
|
| 41 | 36 |
|
| 37 |
// Target location |
|
| 38 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
| 39 |
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
|
|
| 40 |
|
|
| 42 | 41 |
// Include the WB functions file |
| 43 | 42 |
require_once(WB_PATH.'/framework/functions.php'); |
| 44 | 43 |
|
| 45 | 44 |
// Check to see if target contains ../ |
| 46 | 45 |
if (!check_media_path($target, false)) |
| 47 | 46 |
{
|
| 48 |
$admin->print_error('TD5::'.$MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
|
|
| 47 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH'] );
|
|
| 49 | 48 |
} |
| 50 | 49 |
|
| 51 | 50 |
// Create relative path of the target location for the file |
| ... | ... | |
| 68 | 67 |
} |
| 69 | 68 |
$file_extensions=explode(",",$file_extension_string);
|
| 70 | 69 |
|
| 71 |
|
|
| 72 | 70 |
// Loop through the files |
| 73 | 71 |
$good_uploads = 0; |
| 74 | 72 |
for($count = 1; $count <= 10; $count++) {
|
| ... | ... | |
| 139 | 137 |
} |
| 140 | 138 |
|
| 141 | 139 |
if($good_uploads == 1) {
|
| 142 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED']); |
|
| 140 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED'] );
|
|
| 143 | 141 |
if (isset($_POST['delzip'])) {
|
| 144 | 142 |
unlink($filename1); |
| 145 | 143 |
} |
| 146 | 144 |
} else {
|
| 147 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED']); |
|
| 145 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED'] );
|
|
| 148 | 146 |
} |
| 149 | 147 |
|
| 150 | 148 |
// Print admin |
| 151 | 149 |
$admin->print_footer(); |
| 152 |
|
|
| 153 |
?> |
|
Also available in: Unified diff
Preparing 2.8.2 stable, last tests