Revision 1475
Added by Dietmar over 13 years ago
| rename.php | ||
|---|---|---|
| 26 | 26 |
|
| 27 | 27 |
// Get the current dir |
| 28 | 28 |
$directory = $admin->get_get('dir');
|
| 29 |
if($directory == '/') {
|
|
| 30 |
$directory = ''; |
|
| 31 |
} |
|
| 29 |
$directory = ($directory == '/') ? '' : $directory; |
|
| 32 | 30 |
|
| 33 |
// Check to see if it contains .. |
|
| 31 |
$dirlink = 'browse.php?dir='.$directory; |
|
| 32 |
$rootlink = 'browse.php?dir='; |
|
| 33 |
// $file_id = intval($admin->get_get('id'));
|
|
| 34 |
|
|
| 35 |
// first Check to see if it contains .. |
|
| 34 | 36 |
if (!check_media_path($directory)) {
|
| 35 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "browse.php?dir=$directory", false);
|
|
| 37 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false);
|
|
| 36 | 38 |
} |
| 37 | 39 |
|
| 38 | 40 |
// Get the temp id |
| 39 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
| 41 |
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
|
|
| 40 | 42 |
if (!$file_id) {
|
| 41 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
| 43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
|
|
| 42 | 44 |
} |
| 43 | 45 |
|
| 44 | 46 |
// Get home folder not to show |
| 45 | 47 |
$home_folders = get_home_folders(); |
| 48 |
// Check for potentially malicious files and append 'txt' to their name |
|
| 49 |
$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD);
|
|
| 50 |
// hardcodet forbidden filetypes |
|
| 51 |
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; |
|
| 46 | 52 |
|
| 47 | 53 |
// Figure out what folder name the temp id is |
| 48 | 54 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) {
|
| 49 | 55 |
// Loop through the files and dirs an add to list |
| 50 | 56 |
while (false !== ($file = readdir($handle))) {
|
| 57 |
$info = pathinfo($file); |
|
| 58 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
| 51 | 59 |
if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') {
|
| 52 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) {
|
|
| 53 |
if(!isset($home_folders[$directory.'/'.$file])) {
|
|
| 54 |
$DIR[] = $file; |
|
| 60 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) {
|
|
| 61 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) {
|
|
| 62 |
if(!isset($home_folders[$directory.'/'.$file])) {
|
|
| 63 |
$DIR[] = $file; |
|
| 64 |
} |
|
| 65 |
} else {
|
|
| 66 |
$FILE[] = $file; |
|
| 55 | 67 |
} |
| 56 |
} else {
|
|
| 57 |
$FILE[] = $file; |
|
| 58 | 68 |
} |
| 59 | 69 |
} |
| 60 | 70 |
} |
| 71 |
|
|
| 61 | 72 |
$temp_id = 0; |
| 62 | 73 |
if(isset($DIR)) {
|
| 63 | 74 |
sort($DIR); |
| ... | ... | |
| 69 | 80 |
} |
| 70 | 81 |
} |
| 71 | 82 |
} |
| 83 |
|
|
| 72 | 84 |
if(isset($FILE)) {
|
| 73 | 85 |
sort($FILE); |
| 74 | 86 |
foreach($FILE AS $name) {
|
| ... | ... | |
| 82 | 94 |
} |
| 83 | 95 |
|
| 84 | 96 |
if(!isset($rename_file)) {
|
| 85 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
| 97 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
| 86 | 98 |
} |
| 87 | 99 |
|
| 88 | 100 |
// Setup template object |
| ... | ... | |
| 109 | 121 |
'FILENAME' => $rename_file, |
| 110 | 122 |
'DIR' => $directory, |
| 111 | 123 |
'FILE_ID' => $admin->getIDKEY($file_id), |
| 124 |
// 'FILE_ID' => $file_id, |
|
| 112 | 125 |
'TYPE' => $type, |
| 113 | 126 |
'EXTENSION' => $extension, |
| 114 | 127 |
'FTAN' => $admin->getFTAN() |
Also available in: Unified diff
! security fixes media, groups, users, sections
! reworked add sections in pages
! fix set empty href in show_menu2
! set show_menu2 version to 4.9.6
! reworked Droplet LoginBox, add redirect query
- remove unneeded folder js
! set Droplet to version 1.1.0
+ add checkboxes to change frontend absolute url to relative urls
! set output_filter version to 0.2