Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6 1818 Luisehahne
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8 1400 FrankH
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1818 Luisehahne
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15 1400 FrankH
 *
16
 */
17 4 ryan
18 1818 Luisehahne
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27 1475 Luisehahne
// Include the WB functions file
28
require_once(WB_PATH.'/framework/functions.php');
29
30 1468 Luisehahne
// suppress to print the header, so no new FTAN will be set
31
$admin = new admin('Media', 'media_create', false);
32
33 4 ryan
// Get dir name and target location
34 1457 Luisehahne
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
35
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
36 1475 Luisehahne
37
// Check to see if name or target contains ../
38
if(strstr($name, '..')) {
39
	$admin->print_header();
40 1818 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH']);
41 4 ryan
}
42 1457 Luisehahne
43 1475 Luisehahne
// Remove bad characters
44
$name = trim(media_filename($name),'.');
45
46 1457 Luisehahne
// Target location
47
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
48
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
49 4 ryan
50 1400 FrankH
if (!$admin->checkFTAN())
51
{
52 1457 Luisehahne
	$admin->print_header();
53
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
54 1400 FrankH
}
55 1457 Luisehahne
// After check print the header
56
$admin->print_header();
57 1400 FrankH
58
if (!check_media_path($target, false)) {
59 1818 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
60 4 ryan
}
61
62
// Create relative path of the new dir name
63 1457 Luisehahne
$directory = WB_PATH.$target.'/'.$name;
64 4 ryan
65
// Check to see if the folder already exists
66 1468 Luisehahne
if(file_exists($directory)) {
67 1818 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_DIR_EXISTS']);
68 4 ryan
}
69
70 1457 Luisehahne
if ( sizeof(createFolderProtectFile( $directory )) )
71
{
72 1818 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_DIR_NOT_MADE']);
73 1457 Luisehahne
} else {
74
	$usedFiles = array();
75
    // feature freeze
76
	// require_once(ADMIN_PATH.'/media/dse.php');
77 1818 Luisehahne
	$admin->print_success($MESSAGE['MEDIA_DIR_MADE']);
78 4 ryan
}
79
80 1457 Luisehahne
// Print admin
81 4 ryan
$admin->print_footer();