Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL:  $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18 4 ryan
19 1468 Luisehahne
// Print admin header
20
require('../../config.php');
21 1475 Luisehahne
22 1468 Luisehahne
require_once(WB_PATH.'/framework/class.admin.php');
23 1475 Luisehahne
// Include the WB functions file
24
require_once(WB_PATH.'/framework/functions.php');
25
26 1468 Luisehahne
// suppress to print the header, so no new FTAN will be set
27
$admin = new admin('Media', 'media_create', false);
28
29 4 ryan
// Get dir name and target location
30 1457 Luisehahne
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
31
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
32 1475 Luisehahne
33
// Check to see if name or target contains ../
34
if(strstr($name, '..')) {
35
	$admin->print_header();
36
	$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']);
37 4 ryan
}
38 1457 Luisehahne
39 1475 Luisehahne
// Remove bad characters
40
$name = trim(media_filename($name),'.');
41
42 1457 Luisehahne
// Target location
43
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
44
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
45 4 ryan
46 1400 FrankH
if (!$admin->checkFTAN())
47
{
48 1457 Luisehahne
	$admin->print_header();
49
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
50 1400 FrankH
}
51 1457 Luisehahne
// After check print the header
52
$admin->print_header();
53 1400 FrankH
54
if (!check_media_path($target, false)) {
55 4 ryan
	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
56
}
57
58
// Create relative path of the new dir name
59 1457 Luisehahne
$directory = WB_PATH.$target.'/'.$name;
60 4 ryan
61
// Check to see if the folder already exists
62 1468 Luisehahne
if(file_exists($directory)) {
63 4 ryan
	$admin->print_error($MESSAGE['MEDIA']['DIR_EXISTS']);
64
}
65
66 1457 Luisehahne
if ( sizeof(createFolderProtectFile( $directory )) )
67
{
68
	$admin->print_error($MESSAGE['MEDIA']['DIR_NOT_MADE']);
69
} else {
70
	$usedFiles = array();
71
    // feature freeze
72
	// require_once(ADMIN_PATH.'/media/dse.php');
73 4 ryan
	$admin->print_success($MESSAGE['MEDIA']['DIR_MADE']);
74
}
75
76 1457 Luisehahne
// Print admin
77 4 ryan
$admin->print_footer();