$file_id = isset($_REQUEST['file_id']) ? $_REQUEST['file_id'] : 0; //what to do before output $task = isset($_REQUEST['task']) ? $_REQUEST['task'] : ''; $return_to = isset($_REQUEST['return_to']) ? $_REQUEST['return_to'] : $_SERVER['HTTP_REFERRER']; $link_back = isset($_REQUEST['link_back']) ? $_REQUEST['link_back'] : $_SERVER['REQUEST_URI']; switch ($task) { case 'save_file_properties': $task = 'file_properties'; $name = smart_addslashes(trim($_POST['name'])); if ($name == '') { $feedback = '<p class="Error">' . $error_missing_field . '</p>'; } else { if ($_POST['extension'] != '') { $name = $name . '.' . $_POST['extension']; } $existing_id = $cms->file_exists($folder_id, $name); if ($existing_id && $_POST['file_id'] != $existing_id) { $feedback = '<p class="Error">' . $fbNameExists . '</p>'; } elseif (!($file = $cms->get_file($_POST['file_id']))) { $feedback = '<p class="Error">' . $strSaveError . '</p>'; } else { $hot_item = isset($_POST['hot_item']) ? '1' : '0'; if (!$cms->update_file($_POST['file_id'], $name, addslashes($file['content']), smart_addslashes($_POST['title']), smart_addslashes($_POST['description']), smart_addslashes($_POST['keywords']), $_POST['priority'], $hot_item)) { $feedback = '<p class="Error">' . $strSaveError . '</p>'; } else { if ($_POST['close'] == 'true') { header('Location: ' . $return_to); exit; } } }
switch ($task) { case 'upload': if ($_SERVER['REQUEST_METHOD'] == 'POST') { $task = 'list'; if (isset($_FILES['file'])) { require_once $GO_CONFIG->class_path . 'filetypes.class.inc'; $filetypes = new filetypes(); for ($i = 0; $i < count($_FILES['file']['tmp_name']); $i++) { if (is_uploaded_file($_FILES['file']['tmp_name'][$i])) { $extension = get_extension($_FILES['file']['name'][$i]); if (!$filetypes->get_type($extension)) { $filetypes->add_type($extension, $_FILES['file']['type'][$i]); } $name = $_FILES['file']['name'][$i]; $x = 0; while ($cms->file_exists($folder_id, $name)) { $x++; $name = strip_extension($_FILES['file']['name'][$i]) . ' (' . $x . ').' . get_extension($_FILES['file']['name'][$i]); } $fp = fopen($_FILES['file']['tmp_name'][$i], 'r'); $content = addslashes(fread($fp, $_FILES['file']['size'][$i])); fclose($fp); if (eregi('htm', get_extension($name))) { $content = $cms->get_body($content); } $file_id = $cms->add_file($folder_id, $name, $content); unlink($_FILES['file']['tmp_name'][$i]); } } } }
//no folder or site given so back off cowardly header('Location: index.php'); exit; } if ($task == 'save') { if ($file_id > 0) { //fix for inserted iframes $content = preg_replace("'<iframe([^>]*)/>'si", "<iframe\$1></iframe>", $_POST['content']); $cms->update_file($file_id, smart_addslashes($_POST['name']), smart_addslashes($content), smart_addslashes($_POST['title']), smart_addslashes($_POST['description']), smart_addslashes($_POST['keywords']), $_POST['priority'], $_POST['hot_item']); } else { $name = smart_addslashes(trim($_POST['name'])); if ($name == '') { $feedback = '<p class="Error">' . $error_missing_field . '</p>'; } else { $filename = $name . '.html'; if ($cms->file_exists($folder_id, $filename)) { $feedback = '<p class="Error">' . $fbNameExists . '</p>'; } elseif (!($file_id = $cms->add_file($folder_id, $filename, smart_addslashes($_POST['content']), '', '', '', $_POST['priority']))) { $feedback = '<p class="Error">' . $strSaveError . '</p>'; } } } } if ($file_id > 0) { $file = $cms->get_file($file_id); $content = $file['content']; $name = $file['name']; $title = $file['title']; $description = $file['description']; $keywords = $file['keywords']; $priority = $file['priority'];