$action = COM_applyFilter($_POST['action']); $album_id = COM_applyFilter($_POST['album_id'], true); switch ($action) { case 'album': require_once $_CONF['path'] . 'plugins/mediagallery/include/albumedit.php'; $retval .= MG_saveAlbum($album_id, $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id); CACHE_remove_instance('whatsnew'); break; case 'remoteupload': require_once $_CONF['path'] . 'plugins/mediagallery/include/remote.php'; $retval = MG_saveRemoteUpload($album_id); break; case 'upload': require_once $_CONF['path'] . 'plugins/mediagallery/include/newmedia.php'; if (SEC_checkToken()) { $retval = MG_saveUserUpload($album_id); } else { $retval = MG_errorHandler("Invalid input received"); } break; case 'ftp': require_once $_CONF['path'] . 'plugins/mediagallery/include/ftpmedia.php'; $dir = $_REQUEST['directory']; $purgefiles = isset($_REQUEST['purgefiles']) ? $_REQUEST['purgefiles'] : 0; $recurse = isset($_REQUEST['recurse']) ? $_REQUEST['recurse'] : 0; if (strstr($dir, "..")) { $retval .= MG_errorHandler("Invalid input received"); } else { $retval .= MG_navbar($LANG_MG01['ftp_media'], $album_id); $retval .= MG_FTPpickFiles($album_id, $dir, $purgefiles, $recurse); }
} $action = COM_applyFilter($_POST['action']); $album_id = COM_applyFilter($_POST['album_id'], true); $display = ''; switch ($action) { case 'album': require_once $include . 'albumedit.php'; $display .= MG_saveAlbum($album_id); break; case 'remoteupload': require_once $include . 'remote.php'; $display .= MG_saveRemoteUpload($album_id); break; case 'upload': require_once $include . 'newmedia.php'; $display .= MG_saveUserUpload($album_id); break; case 'ftp': require_once $include . 'ftpmedia.php'; $dir = $_REQUEST['directory']; $purgefiles = $_REQUEST['purgefiles']; $recurse = $_REQUEST['recurse']; if (strstr($dir, "..")) { $display .= COM_showMessageText('Invalid input received' . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]'); } else { $display .= MG_FTPpickFiles($album_id, $dir, $purgefiles, $recurse); } break; case 'ftpprocess': require_once $include . 'ftpmedia.php'; MG_ftpProcess($album_id);