Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id: create.php 2 2017-07-02 15:14:29Z Manuela $
14
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/admin/media/create.php $
15
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
16
 *
17
 */
18

    
19
// Print admin header
20
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
21
if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }
22
// Include the WB functions file
23
if( !defined('createFolderProtectFile') ){ require(WB_PATH.'/framework/functions.php');  }
24

    
25
// suppress to print the header, so no new FTAN will be set
26
$admin = new admin('Media', 'media_create', false);
27

    
28
// Get dir name and target location
29
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
30
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
31

    
32
// Check to see if name or target contains ../
33
if(strstr($name, '..')) {
34
    $admin->print_header();
35
    $admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH']);
36
}
37

    
38
// Remove bad characters
39
$name = trim(media_filename($name),'.');
40

    
41
// Target location
42
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
43
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
44

    
45
if (!$admin->checkFTAN())
46
{
47
    $admin->print_header();
48
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL );
49
}
50
// After check print the header
51
$admin->print_header();
52

    
53
if (!check_media_path($target, false)) {
54
    $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
55
}
56

    
57
// Create relative path of the new dir name
58
$directory = WB_PATH.$target.'/'.$name;
59

    
60
// Check to see if the folder already exists
61
if(file_exists($directory)) {
62
    $admin->print_error($MESSAGE['MEDIA_DIR_EXISTS']);
63
}
64

    
65
//if ( sizeof(createFolderProtectFile( $directory )) )
66
if ( !make_dir( $directory ) )
67
{
68
    $admin->print_error($MESSAGE['MEDIA_DIR_NOT_MADE']);
69
} else {
70
//    createFolderProtectFile($directory);
71
    $usedFiles = array();
72
    // feature freeze
73
    // require_once(ADMIN_PATH.'/media/dse.php');
74
    $admin->print_success($MESSAGE['MEDIA_DIR_MADE']);
75
}
76

    
77
// Print admin
78
$admin->print_footer();
(4-4/16)