$file_id = isset($_REQUEST['file_id']) ? $_REQUEST['file_id'] : 0;
//what to do before output
$task = isset($_REQUEST['task']) ? $_REQUEST['task'] : '';
$return_to = isset($_REQUEST['return_to']) ? $_REQUEST['return_to'] : $_SERVER['HTTP_REFERRER'];
$link_back = isset($_REQUEST['link_back']) ? $_REQUEST['link_back'] : $_SERVER['REQUEST_URI'];
switch ($task) {
case 'save_file_properties':
$task = 'file_properties';
$name = smart_addslashes(trim($_POST['name']));
if ($name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
if ($_POST['extension'] != '') {
$name = $name . '.' . $_POST['extension'];
}
$existing_id = $cms->file_exists($folder_id, $name);
if ($existing_id && $_POST['file_id'] != $existing_id) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
} elseif (!($file = $cms->get_file($_POST['file_id']))) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
$hot_item = isset($_POST['hot_item']) ? '1' : '0';
if (!$cms->update_file($_POST['file_id'], $name, addslashes($file['content']), smart_addslashes($_POST['title']), smart_addslashes($_POST['description']), smart_addslashes($_POST['keywords']), $_POST['priority'], $hot_item)) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
}
switch ($task) {
case 'upload':
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$task = 'list';
if (isset($_FILES['file'])) {
require_once $GO_CONFIG->class_path . 'filetypes.class.inc';
$filetypes = new filetypes();
for ($i = 0; $i < count($_FILES['file']['tmp_name']); $i++) {
if (is_uploaded_file($_FILES['file']['tmp_name'][$i])) {
$extension = get_extension($_FILES['file']['name'][$i]);
if (!$filetypes->get_type($extension)) {
$filetypes->add_type($extension, $_FILES['file']['type'][$i]);
}
$name = $_FILES['file']['name'][$i];
$x = 0;
while ($cms->file_exists($folder_id, $name)) {
$x++;
$name = strip_extension($_FILES['file']['name'][$i]) . ' (' . $x . ').' . get_extension($_FILES['file']['name'][$i]);
}
$fp = fopen($_FILES['file']['tmp_name'][$i], 'r');
$content = addslashes(fread($fp, $_FILES['file']['size'][$i]));
fclose($fp);
if (eregi('htm', get_extension($name))) {
$content = $cms->get_body($content);
}
$file_id = $cms->add_file($folder_id, $name, $content);
unlink($_FILES['file']['tmp_name'][$i]);
}
}
}
}
//no folder or site given so back off cowardly
header('Location: index.php');
exit;
}
if ($task == 'save') {
if ($file_id > 0) {
//fix for inserted iframes
$content = preg_replace("'<iframe([^>]*)/>'si", "<iframe\$1></iframe>", $_POST['content']);
$cms->update_file($file_id, smart_addslashes($_POST['name']), smart_addslashes($content), smart_addslashes($_POST['title']), smart_addslashes($_POST['description']), smart_addslashes($_POST['keywords']), $_POST['priority'], $_POST['hot_item']);
} else {
$name = smart_addslashes(trim($_POST['name']));
if ($name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
$filename = $name . '.html';
if ($cms->file_exists($folder_id, $filename)) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
} elseif (!($file_id = $cms->add_file($folder_id, $filename, smart_addslashes($_POST['content']), '', '', '', $_POST['priority']))) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
}
}
}
if ($file_id > 0) {
$file = $cms->get_file($file_id);
$content = $file['content'];
$name = $file['name'];
$title = $file['title'];
$description = $file['description'];
$keywords = $file['keywords'];
$priority = $file['priority'];
