public function process() { /* get base paths and sanitize incoming paths */ $directory = rawurldecode($this->getProperty('directory', '')); $directory = ltrim(strip_tags(str_replace(array('../', './'), '', $directory)), '/'); $name = $this->getProperty('name'); $name = ltrim(strip_tags(str_replace(array('../', './'), '', $name)), '/'); $loaded = $this->getSource(); if (!$this->source instanceof modMediaSource) { return $loaded; } if (!$this->source->checkPolicy('create')) { return $this->failure($this->modx->lexicon('permission_denied')); } $path = $this->source->createObject($directory, $name, $this->getProperty('content')); if (empty($path)) { $msg = ''; $errors = $this->source->getErrors(); foreach ($errors as $k => $msg) { $this->addFieldError($k, $msg); } return $this->failure($msg); } return $this->success('', array('file' => $directory . ltrim($name, '/'))); }