Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: create.php 2098 2014-02-11 01:37:03Z darkviper $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/media/create.php $
14
 * @lastmodified    $Date: 2014-02-11 02:37:03 +0100 (Tue, 11 Feb 2014) $
15
 *
16
 */
17

    
18
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26
//if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27
$oTrans = Translate::getInstance();
28
$oTrans->enableAddon('admin\\media');
29
// Include the WB functions file
30
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
31

    
32
// suppress to print the header, so no new FTAN will be set
33
$admin = new admin('Media', 'media_create', false);
34

    
35
// Get dir name and target location
36
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
37
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
38

    
39
// Check to see if name or target contains ../
40
if(strstr($name, '..')) {
41
	$admin->print_header();
42
	$admin->print_error($oTrans->MESSAGE_MEDIA_NAME_DOT_DOT_SLASH);
43
}
44

    
45
// Remove bad characters
46
$name = trim(media_filename($name),'.');
47

    
48
// Target location
49
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
50
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
51

    
52
if (!$admin->checkFTAN())
53
{
54
	$admin->print_header();
55
	$admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
56
}
57
// After check print the header
58
$admin->print_header();
59

    
60
if (!check_media_path($target, false)) {
61
	$admin->print_error($oTrans->MESSAGE_MEDIA_TARGET_DOT_DOT_SLASH);
62
}
63

    
64
// Create relative path of the new dir name
65
$directory = WB_PATH.$target.'/'.$name;
66

    
67
// Check to see if the folder already exists
68
if(file_exists($directory)) {
69
	$admin->print_error($oTrans->MESSAGE_MEDIA_DIR_EXISTS);
70
}
71

    
72
if ( sizeof(createFolderProtectFile( $directory )) )
73
{
74
	$admin->print_error($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
75
} else {
76
	$usedFiles = array();
77
    // feature freeze
78
	// require_once(ADMIN_PATH.'/media/dse.php');
79
	$admin->print_success($oTrans->MESSAGE_MEDIA_DIR_MADE);
80
}
81

    
82
// Print admin
83
$admin->print_footer();
(4-4/14)