Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6 1818 Luisehahne
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8 1400 FrankH
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1818 Luisehahne
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15 1400 FrankH
 *
16
 */
17 4 ryan
18 1818 Luisehahne
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26 2098 darkviper
//if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27
$oTrans = Translate::getInstance();
28
$oTrans->enableAddon('admin\\media');
29 1475 Luisehahne
// Include the WB functions file
30 1824 Luisehahne
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
31 1475 Luisehahne
32 1468 Luisehahne
// suppress to print the header, so no new FTAN will be set
33
$admin = new admin('Media', 'media_create', false);
34
35 4 ryan
// Get dir name and target location
36 1457 Luisehahne
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
37
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : '';
38 1475 Luisehahne
39
// Check to see if name or target contains ../
40
if(strstr($name, '..')) {
41
	$admin->print_header();
42 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_MEDIA_NAME_DOT_DOT_SLASH);
43 4 ryan
}
44 1457 Luisehahne
45 1475 Luisehahne
// Remove bad characters
46
$name = trim(media_filename($name),'.');
47
48 1457 Luisehahne
// Target location
49
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
50
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
51 4 ryan
52 1400 FrankH
if (!$admin->checkFTAN())
53
{
54 1457 Luisehahne
	$admin->print_header();
55 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
56 1400 FrankH
}
57 1457 Luisehahne
// After check print the header
58
$admin->print_header();
59 1400 FrankH
60
if (!check_media_path($target, false)) {
61 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_MEDIA_TARGET_DOT_DOT_SLASH);
62 4 ryan
}
63
64
// Create relative path of the new dir name
65 1457 Luisehahne
$directory = WB_PATH.$target.'/'.$name;
66 4 ryan
67
// Check to see if the folder already exists
68 1468 Luisehahne
if(file_exists($directory)) {
69 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_MEDIA_DIR_EXISTS);
70 4 ryan
}
71
72 1457 Luisehahne
if ( sizeof(createFolderProtectFile( $directory )) )
73
{
74 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
75 1457 Luisehahne
} else {
76
	$usedFiles = array();
77
    // feature freeze
78
	// require_once(ADMIN_PATH.'/media/dse.php');
79 2098 darkviper
	$admin->print_success($oTrans->MESSAGE_MEDIA_DIR_MADE);
80 4 ryan
}
81
82 1457 Luisehahne
// Print admin
83 4 ryan
$admin->print_footer();