Example #1
0
    $errors[] = TB_FORBIDDEN_FILEXT;
}
// Check file size
if (isset($_FILES['Filedata']['size']) && $_FILES['Filedata']['size'] > get_byte($_SESSION['tinybrowser']['maxsize'][$typenow])) {
    $errors[] = TB_MSGMAXSIZE;
}
if ($_SESSION['tinybrowser']['debug_mode'] && !empty($_SESSION['tinybrowser']['webmaster_email'])) {
    $msg = "ERRORS: " . print_r($errors, true) . "\n\nPOST: " . print_r($_POST, true) . "\n\nGET: " . print_r($_GET, true) . "\n\nSESSION: " . print_r($_SESSION, true);
    mail($_SESSION['tinybrowser']['webmaster_email'], 'TinyBrowser File Upload Attempt', $msg);
    if (!empty($errors)) {
        exit;
    }
}
// Check file data
if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name']) {
    $source_file = $_FILES['Filedata']['tmp_name'];
    $file_name = stripslashes($_FILES['Filedata']['name']);
    if ($_SESSION['tinybrowser']['cleanfilename']) {
        $file_name = clean_filename($file_name);
    }
    verify_dir($_SESSION['tinybrowser']['docroot'] . $dest_folder);
    if (is_dir($_SESSION['tinybrowser']['docroot'] . $dest_folder)) {
        $success = copy($source_file, $_SESSION['tinybrowser']['docroot'] . $dest_folder . '/' . $file_name . '_');
    }
    if ($success) {
        header('HTTP/1.1 200 OK');
        //  if this doesn't work for you, try header('HTTP/1.1 201 Created');
        ?>
<html><head><title>File Upload Success</title></head><body>File Upload Success</body></html><?php 
    }
}
Example #2
0
        if ($foldernow == urldecode($_POST['actionfolder'][$delthis])) {
            $foldernow = '';
            $passfolder = '';
        }
    }
}
// Rename any folders with changed name
if (isset($_POST['renamefolder'])) {
    foreach ($_POST['renamefolder'] as $namethis => $newname) {
        $urlparts = explode('/', rtrim(urldecode($_POST['actionfolder'][$namethis]), '/'));
        $safefolder = str_replace(array('../', '..\\', './', '.\\'), '', urldecode($_POST['actionfolder'][$namethis]));
        if (array_pop($urlparts) != $newname) {
            $namethisfolderfrom = $_SESSION['tinybrowser']['docroot'] . $dirpath . $safefolder;
            $renameurl = implode('/', $urlparts) . '/' . clean_filename($newname) . '/';
            $namethisfolderto = $_SESSION['tinybrowser']['docroot'] . $dirpath . $renameurl;
            verify_dir(array($namethisfolderfrom, $namethisfolderto), $typenow);
            if (is_dir($namethisfolderfrom) && rename($namethisfolderfrom, $namethisfolderto)) {
                $renameqty++;
            } else {
                $errorqty++;
            }
            if ($foldernow == urldecode($_POST['actionfolder'][$namethis])) {
                $foldernow = ltrim($renameurl, '/');
                $passfolder = '&folder=' . urlencode(ltrim($renameurl, '/'));
            }
        }
    }
}
// Assign directory structure to array
$dirs = array();
dirtree($dirs, $_SESSION['tinybrowser']['filetype'][$typenow], $_SESSION['tinybrowser']['docroot'], $_SESSION['tinybrowser']['path'][$typenow]);
Example #3
0
    deny(TB_UPDENIED);
}
// Assign get variables
$typenow = isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type']) ? $_GET['type'] : 'image';
$foldernow = str_replace(array('../', '..\\', '..', './', '.\\'), '', $_SESSION['tinybrowser']['allowfolders'] && isset($_REQUEST['folder']) ? urldecode($_REQUEST['folder']) : '');
$passfolder = '&folder=' . urlencode($foldernow);
$passfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? '&feid=' . $_GET['feid'] : '';
$passupfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? $_GET['feid'] : '';
$tokenget = !empty($_SESSION['get_tokens']) ? '&tokenget=' . end($_SESSION['get_tokens']) : '';
// Assign upload path
if (strpos($foldernow, $_SESSION['tinybrowser']['path'][$typenow]) == 1) {
    $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow] . $foldernow);
} else {
    $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow]);
}
verify_dir($_SESSION['tinybrowser']['docroot'] . $_SESSION['tinybrowser']['path'][$typenow] . $foldernow, $typenow);
// Assign directory structure to array
$uploaddirs = array();
dirtree($uploaddirs, $_SESSION['tinybrowser']['filetype'][$typenow], $_SESSION['tinybrowser']['docroot'], $_SESSION['tinybrowser']['path'][$typenow]);
// determine file dialog file types
switch ($typenow) {
    case 'image':
        $filestr = TB_TYPEIMG;
        break;
    case 'media':
        $filestr = TB_TYPEMEDIA;
        break;
    case 'file':
        $filestr = TB_TYPEFILE;
        break;
}
Example #4
0
    sleep($_SESSION['tinybrowser']['delayprocess']);
}
// Initialise files array and error vars
$files = array();
$good = 0;
$bad = 0;
$dup = 0;
$total = !empty($_GET['filetotal']) && is_numeric($_GET['filetotal']) && $_GET['filetotal'] > 0 ? (int) $_GET['filetotal'] : 0;
// Assign get variables
$typenow = isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type']) ? $_GET['type'] : 'image';
$folder = $_SESSION['tinybrowser']['docroot'] . urldecode($_GET['folder']);
$foldernow = urlencode(str_replace($_SESSION['tinybrowser']['path'][$typenow], '', urldecode($_GET['folder'])));
$passfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? '&feid=' . $_GET['feid'] : '';
$tokenget = !empty($_SESSION['get_tokens']) ? '&tokenget=' . end($_SESSION['get_tokens']) : '';
// security check
verify_dir(array($folder, $foldernow), $typenow);
if ($handle = opendir($folder)) {
    while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != ".." && substr($file, -1) == '_') {
            //-- File Naming
            $tmp_filename = $folder . $file;
            $dest_filename = $folder . rtrim($file, '_');
            //-- Duplicate Files
            if (file_exists($dest_filename)) {
                unlink($tmp_filename);
                $dup++;
                continue;
            }
            //-- Bad extensions
            $nameparts = explode('.', $dest_filename);
            $ext = end($nameparts);