Revision 1457
Added by Dietmar over 13 years ago
upload.php | ||
---|---|---|
16 | 16 |
* |
17 | 17 |
*/ |
18 | 18 |
|
19 |
// Target location |
|
20 |
if(!isset($_POST['target']) OR $_POST['target'] == '') { |
|
21 |
header("Location: index.php"); |
|
22 |
exit(0); |
|
23 |
} else { |
|
24 |
$target = $_POST['target']; |
|
25 |
} |
|
26 |
|
|
27 | 19 |
// Print admin header |
28 | 20 |
require('../../config.php'); |
29 | 21 |
include_once('resize_img.php'); |
... | ... | |
31 | 23 |
|
32 | 24 |
require_once(WB_PATH.'/framework/class.admin.php'); |
33 | 25 |
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. |
34 |
$admin = new admin('Media', 'media_upload'); |
|
26 |
// suppress to print the header, so no new FTAN will be set |
|
27 |
$admin = new admin('Media', 'media_upload', false); |
|
35 | 28 |
|
36 |
if (!$admin->checkFTAN())
|
|
29 |
if( !$admin->checkFTAN() )
|
|
37 | 30 |
{ |
38 |
$admin->print_error('UP5::'.$MESSAGE['GENERIC_SECURITY_ACCESS']);
|
|
39 |
exit();
|
|
31 |
$admin->print_header();
|
|
32 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
|
|
40 | 33 |
} |
34 |
// After check print the header |
|
35 |
$admin->print_header(); |
|
41 | 36 |
|
37 |
// Target location |
|
38 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
39 |
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; |
|
40 |
|
|
42 | 41 |
// Include the WB functions file |
43 | 42 |
require_once(WB_PATH.'/framework/functions.php'); |
44 | 43 |
|
45 | 44 |
// Check to see if target contains ../ |
46 | 45 |
if (!check_media_path($target, false)) |
47 | 46 |
{ |
48 |
$admin->print_error('TD5::'.$MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
|
|
47 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH'] );
|
|
49 | 48 |
} |
50 | 49 |
|
51 | 50 |
// Create relative path of the target location for the file |
... | ... | |
68 | 67 |
} |
69 | 68 |
$file_extensions=explode(",",$file_extension_string); |
70 | 69 |
|
71 |
|
|
72 | 70 |
// Loop through the files |
73 | 71 |
$good_uploads = 0; |
74 | 72 |
for($count = 1; $count <= 10; $count++) { |
... | ... | |
139 | 137 |
} |
140 | 138 |
|
141 | 139 |
if($good_uploads == 1) { |
142 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED']); |
|
140 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED'] );
|
|
143 | 141 |
if (isset($_POST['delzip'])) { |
144 | 142 |
unlink($filename1); |
145 | 143 |
} |
146 | 144 |
} else { |
147 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED']); |
|
145 |
$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED'] );
|
|
148 | 146 |
} |
149 | 147 |
|
150 | 148 |
// Print admin |
151 | 149 |
$admin->print_footer(); |
152 |
|
|
153 |
?> |
Also available in: Unified diff
Preparing 2.8.2 stable, last tests