Revision 1475
Added by Dietmar over 13 years ago
rename.php | ||
---|---|---|
26 | 26 |
|
27 | 27 |
// Get the current dir |
28 | 28 |
$directory = $admin->get_get('dir'); |
29 |
if($directory == '/') { |
|
30 |
$directory = ''; |
|
31 |
} |
|
29 |
$directory = ($directory == '/') ? '' : $directory; |
|
32 | 30 |
|
33 |
// Check to see if it contains .. |
|
31 |
$dirlink = 'browse.php?dir='.$directory; |
|
32 |
$rootlink = 'browse.php?dir='; |
|
33 |
// $file_id = intval($admin->get_get('id')); |
|
34 |
|
|
35 |
// first Check to see if it contains .. |
|
34 | 36 |
if (!check_media_path($directory)) { |
35 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "browse.php?dir=$directory", false);
|
|
37 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false);
|
|
36 | 38 |
} |
37 | 39 |
|
38 | 40 |
// Get the temp id |
39 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
41 |
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
|
|
40 | 42 |
if (!$file_id) { |
41 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
|
|
42 | 44 |
} |
43 | 45 |
|
44 | 46 |
// Get home folder not to show |
45 | 47 |
$home_folders = get_home_folders(); |
48 |
// Check for potentially malicious files and append 'txt' to their name |
|
49 |
$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); |
|
50 |
// hardcodet forbidden filetypes |
|
51 |
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; |
|
46 | 52 |
|
47 | 53 |
// Figure out what folder name the temp id is |
48 | 54 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { |
49 | 55 |
// Loop through the files and dirs an add to list |
50 | 56 |
while (false !== ($file = readdir($handle))) { |
57 |
$info = pathinfo($file); |
|
58 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
51 | 59 |
if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { |
52 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
53 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
54 |
$DIR[] = $file; |
|
60 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { |
|
61 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
62 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
63 |
$DIR[] = $file; |
|
64 |
} |
|
65 |
} else { |
|
66 |
$FILE[] = $file; |
|
55 | 67 |
} |
56 |
} else { |
|
57 |
$FILE[] = $file; |
|
58 | 68 |
} |
59 | 69 |
} |
60 | 70 |
} |
71 |
|
|
61 | 72 |
$temp_id = 0; |
62 | 73 |
if(isset($DIR)) { |
63 | 74 |
sort($DIR); |
... | ... | |
69 | 80 |
} |
70 | 81 |
} |
71 | 82 |
} |
83 |
|
|
72 | 84 |
if(isset($FILE)) { |
73 | 85 |
sort($FILE); |
74 | 86 |
foreach($FILE AS $name) { |
... | ... | |
82 | 94 |
} |
83 | 95 |
|
84 | 96 |
if(!isset($rename_file)) { |
85 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
97 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
86 | 98 |
} |
87 | 99 |
|
88 | 100 |
// Setup template object |
... | ... | |
109 | 121 |
'FILENAME' => $rename_file, |
110 | 122 |
'DIR' => $directory, |
111 | 123 |
'FILE_ID' => $admin->getIDKEY($file_id), |
124 |
// 'FILE_ID' => $file_id, |
|
112 | 125 |
'TYPE' => $type, |
113 | 126 |
'EXTENSION' => $extension, |
114 | 127 |
'FTAN' => $admin->getFTAN() |
Also available in: Unified diff
! security fixes media, groups, users, sections
! reworked add sections in pages
! fix set empty href in show_menu2
! set show_menu2 version to 4.9.6
! reworked Droplet LoginBox, add redirect query
- remove unneeded folder js
! set Droplet to version 1.1.0
+ add checkboxes to change frontend absolute url to relative urls
! set output_filter version to 0.2