Revision 1475
Added by Dietmar over 13 years ago
| create.php | ||
|---|---|---|
| 18 | 18 |
|
| 19 | 19 |
// Print admin header |
| 20 | 20 |
require('../../config.php');
|
| 21 |
|
|
| 21 | 22 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 23 |
// Include the WB functions file |
|
| 24 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 25 |
|
|
| 22 | 26 |
// suppress to print the header, so no new FTAN will be set |
| 23 | 27 |
$admin = new admin('Media', 'media_create', false);
|
| 24 | 28 |
|
| 25 | 29 |
// Get dir name and target location |
| 26 | 30 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
| 27 | 31 |
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
|
| 28 |
if($name == '') {
|
|
| 29 |
header("Location: index.php");
|
|
| 30 |
exit(0); |
|
| 32 |
|
|
| 33 |
// Check to see if name or target contains ../ |
|
| 34 |
if(strstr($name, '..')) {
|
|
| 35 |
$admin->print_header(); |
|
| 36 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); |
|
| 31 | 37 |
} |
| 32 | 38 |
|
| 39 |
// Remove bad characters |
|
| 40 |
$name = trim(media_filename($name),'.'); |
|
| 41 |
|
|
| 33 | 42 |
// Target location |
| 34 | 43 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
| 35 | 44 |
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
|
| 36 |
if($target == '') {
|
|
| 37 |
header("Location: index.php");
|
|
| 38 |
exit(0); |
|
| 39 |
} |
|
| 40 | 45 |
|
| 41 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 42 |
// suppress to print the header, so no new FTAN will be set |
|
| 43 |
$admin = new admin('Media', 'media_create', false);
|
|
| 44 | 46 |
if (!$admin->checkFTAN()) |
| 45 | 47 |
{
|
| 46 | 48 |
$admin->print_header(); |
| ... | ... | |
| 49 | 51 |
// After check print the header |
| 50 | 52 |
$admin->print_header(); |
| 51 | 53 |
|
| 52 |
// Include the WB functions file |
|
| 53 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 54 |
|
|
| 55 |
// Check to see if name or target contains ../ |
|
| 56 |
if(strstr($name, '..')) {
|
|
| 57 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); |
|
| 58 |
} |
|
| 59 | 54 |
if (!check_media_path($target, false)) {
|
| 60 |
w_debug("target: $target");
|
|
| 61 | 55 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); |
| 62 | 56 |
} |
| 63 | 57 |
|
| 64 |
// Remove bad characters |
|
| 65 |
$name = media_filename($name); |
|
| 66 |
|
|
| 67 | 58 |
// Create relative path of the new dir name |
| 68 | 59 |
$directory = WB_PATH.$target.'/'.$name; |
| 69 | 60 |
|
| 70 |
/* */ |
|
| 71 | 61 |
// Check to see if the folder already exists |
| 72 | 62 |
if(file_exists($directory)) {
|
| 73 | 63 |
$admin->print_error($MESSAGE['MEDIA']['DIR_EXISTS']); |
| 74 | 64 |
} |
| 75 | 65 |
|
| 76 |
|
|
| 77 | 66 |
if ( sizeof(createFolderProtectFile( $directory )) ) |
| 78 | 67 |
{
|
| 79 | 68 |
$admin->print_error($MESSAGE['MEDIA']['DIR_NOT_MADE']); |
Also available in: Unified diff
! security fixes media, groups, users, sections
! reworked add sections in pages
! fix set empty href in show_menu2
! set show_menu2 version to 4.9.6
! reworked Droplet LoginBox, add redirect query
- remove unneeded folder js
! set Droplet to version 1.1.0
+ add checkboxes to change frontend absolute url to relative urls
! set output_filter version to 0.2