-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathtool-upload-file.php
More file actions
127 lines (124 loc) · 3.38 KB
/
tool-upload-file.php
File metadata and controls
127 lines (124 loc) · 3.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
include_once dirname(__FILE__)."/functions.php";
include_once dirname(__FILE__)."/auth.php";
include dirname(__FILE__)."/conf.php"; //NOSONAR
if($cfg->authentification_needed && !$userlogin)
{
exit();
}
if(!$cfg->allow_upload_all_file && !$cfg->allow_upload_image)
{
die('DENIED');
}
if($cfg->readonly)
{
die('READONLY');
}
$targetdir = PlanetbiruFileManager::path_decode(@$_GET['targetdir'], $cfg->rootdir);
if(isset($_FILES["images"]))
{
if(is_array($_FILES["images"]["error"]))
{
foreach($_FILES["images"]["error"] as $key => $error){
if($error == 0) {
$name = $_FILES["images"]["name"][$key];
$name = PlanetbiruFileManager::kh_filter_file_name_safe($name);
$compressimage = @$_SESSION['compress-image-cb'];
$settings['compressimageonupload'] = $compressimage;
// if exist before, file will not be deleted
$allowdelete = true;
if(file_exists($targetdir."/".$name))
{
$allowdelete = false;
}
if(isset($_FILES['images']['tmp_name']))
{
if(is_uploaded_file($_FILES['images']['tmp_name'][$key])){
copy($_FILES['images']['tmp_name'][$key], $targetdir."/".$name);
}
move_uploaded_file($_FILES["images"]["tmp_name"][$key], $targetdir."/".$name);
$info = getimagesize($targetdir."/".$name);
PlanetbiruFileManager::compressImageFile($targetdir."/".$name, $authblogid);
PlanetbiruFileManager::deleteforbidden($targetdir);
if(stripos($info['mime'],'image')!==false)
{
if(!$cfg->allow_upload_image)
{
if($allowdelete)
{
@unlink($targetdir."/".$name);
}
die('FORBIDDEN');
}
}
else if(!$cfg->allow_upload_all_file)
{
if($allowdelete)
{
@unlink($targetdir."/".$name);
}
die('FORBIDDEN');
}
}
}
}
}
}
else
{
// if exist before, file will not be deleted
$allowdelete = true;
if(isset($_FILES['file']['tmp_name']))
{
$name = $_FILES["file"]["name"];
$name = PlanetbiruFileManager::kh_filter_file_name_safe($name);
if(file_exists($targetdir."/".$name))
{
$allowdelete = false;
}
if(is_uploaded_file(@$_FILES['file']['tmp_name'])){
copy($_FILES['file']['tmp_name'], $targetdir."/".$name);
}
move_uploaded_file( $_FILES["file"]["tmp_name"], $targetdir."/".$name);
PlanetbiruFileManager::deleteforbidden($targetdir);
$info = getimagesize($targetdir."/".$name);
PlanetbiruFileManager::compressImageFile($targetdir."/".$name, $authblogid);
if(stripos($info['mime'],'image')!==false)
{
if(!$cfg->allow_upload_image)
{
if($allowdelete)
{
@unlink($targetdir."/".$name);
}
die('FORBIDDEN');
}
}
else if(!$cfg->allow_upload_all_file)
{
if($allowdelete)
{
@unlink($targetdir."/".$name);
}
die('FORBIDDEN');
}
?>
<script type="text/javascript">
var html = ''+
'<div style="padding-bottom:4px">'+
'<form method="post" enctype="multipart/form-data" action="tool-upload-file.php?iframe=1" target="formdumper">'+
'<input type="hidden" name="targetdir" id="targetdir" value="">'+
'File <input type="file" name="file" />'+
'<input type="submit" class="upload-button" value="Upload File" />'+
'</form></div>'+
'<div id="response"></div><ul id="image-list"></ul></div>'+
'<iframe style="display:none; width:0px; height:0px;" id="formdumper" name="formdumper"></iframe>';
parent.refreshList();
parent.document.getElementById('imageuploader').innerHTML = html;
</script>
<?php
exit();
}
}
echo 'SUCCESS';
?>