Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: create.php 1824 2012-11-20 17:41:22Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/media/create.php $
14
 * @lastmodified    $Date: 2012-11-20 18:41:22 +0100 (Tue, 20 Nov 2012) $
15
 *
16
 */
17

    
18
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27
// Include the WB functions file
28
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
29

    
30
// suppress to print the header, so no new FTAN will be set
31
$admin = new admin('Media', 'media_create', false);
32

    
33
// Get dir name and target location
34
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
35
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
36

    
37
// Check to see if name or target contains ../
38
if(strstr($name, '..')) {
39
	$admin->print_header();
40
	$admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH']);
41
}
42

    
43
// Remove bad characters
44
$name = trim(media_filename($name),'.');
45

    
46
// Target location
47
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
48
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
49

    
50
if (!$admin->checkFTAN())
51
{
52
	$admin->print_header();
53
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
54
}
55
// After check print the header
56
$admin->print_header();
57

    
58
if (!check_media_path($target, false)) {
59
	$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
60
}
61

    
62
// Create relative path of the new dir name
63
$directory = WB_PATH.$target.'/'.$name;
64

    
65
// Check to see if the folder already exists
66
if(file_exists($directory)) {
67
	$admin->print_error($MESSAGE['MEDIA_DIR_EXISTS']);
68
}
69

    
70
if ( sizeof(createFolderProtectFile( $directory )) )
71
{
72
	$admin->print_error($MESSAGE['MEDIA_DIR_NOT_MADE']);
73
} else {
74
	$usedFiles = array();
75
    // feature freeze
76
	// require_once(ADMIN_PATH.'/media/dse.php');
77
	$admin->print_success($MESSAGE['MEDIA_DIR_MADE']);
78
}
79

    
80
// Print admin
81
$admin->print_footer();
(4-4/14)