Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: create.php 1475 2011-07-12 23:07:10Z Luisehahne $
14
 * @filesource		$HeadURL:  $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Print admin header
20
require('../../config.php');
21

    
22
require_once(WB_PATH.'/framework/class.admin.php');
23
// Include the WB functions file
24
require_once(WB_PATH.'/framework/functions.php');
25

    
26
// suppress to print the header, so no new FTAN will be set
27
$admin = new admin('Media', 'media_create', false);
28

    
29
// Get dir name and target location
30
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
31
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
32

    
33
// Check to see if name or target contains ../
34
if(strstr($name, '..')) {
35
	$admin->print_header();
36
	$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']);
37
}
38

    
39
// Remove bad characters
40
$name = trim(media_filename($name),'.');
41

    
42
// Target location
43
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
44
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
45

    
46
if (!$admin->checkFTAN())
47
{
48
	$admin->print_header();
49
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
50
}
51
// After check print the header
52
$admin->print_header();
53

    
54
if (!check_media_path($target, false)) {
55
	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
56
}
57

    
58
// Create relative path of the new dir name
59
$directory = WB_PATH.$target.'/'.$name;
60

    
61
// Check to see if the folder already exists
62
if(file_exists($directory)) {
63
	$admin->print_error($MESSAGE['MEDIA']['DIR_EXISTS']);
64
}
65

    
66
if ( sizeof(createFolderProtectFile( $directory )) )
67
{
68
	$admin->print_error($MESSAGE['MEDIA']['DIR_NOT_MADE']);
69
} else {
70
	$usedFiles = array();
71
    // feature freeze
72
	// require_once(ADMIN_PATH.'/media/dse.php');
73
	$admin->print_success($MESSAGE['MEDIA']['DIR_MADE']);
74
}
75

    
76
// Print admin
77
$admin->print_footer();
(4-4/16)