// Check and assign get variables
if (isset($_GET['type'])) {
$typenow = $_GET['type'];
} else {
echo 'Error!';
exit;
}
if (isset($_GET['folder'])) {
$dest_folder = urldecode($_GET['folder']);
} else {
echo 'Error!';
exit;
}
// Check file extension isn't prohibited
$ext = end(explode('.', $_FILES['Filedata']['name']));
if (!validateExtension($ext, $tinybrowser['prohibited'])) {
echo 'Error!';
exit;
}
// Check file data
if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name']) {
$source_file = $_FILES['Filedata']['tmp_name'];
$file_name = stripslashes($_FILES['Filedata']['name']);
if (is_dir($tinybrowser['docroot'] . $folder_name . $dest_folder)) {
$success = copy($source_file, $tinybrowser['docroot'] . $dest_folder . '/' . $file_name . '_');
}
if ($success) {
header('HTTP/1.1 200 OK');
// if this doesn't work for you, try header('HTTP/1.1 201 Created');
?>
<html><head><title>File Upload Success</title></head><body>File Upload Success</body></html><?php
}
// Check and assign get variables
if (isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type'])) {
$typenow = $_GET['type'];
} else {
$errors[] = TB_INVALID_FILETYPE;
}
if (isset($_GET['folder'])) {
$dest_folder = urldecode($_GET['folder']);
} else {
$errors[] = TB_NOT_IN_ALLOWED_DIR;
}
// Check file extension isn't prohibited
$nameparts = explode('.', $_FILES['Filedata']['name']);
$ext = end($nameparts);
if (!validateExtension($ext, $_SESSION['tinybrowser']['prohibited'])) {
$errors[] = TB_FORBIDDEN_FILEXT;
}
if (strpos($_SESSION['tinybrowser']['filetype'][$typenow], $ext) === false) {
$errors[] = TB_FORBIDDEN_FILEXT;
}
// Check file size
if (isset($_FILES['Filedata']['size']) && $_FILES['Filedata']['size'] > get_byte($_SESSION['tinybrowser']['maxsize'][$typenow])) {
$errors[] = TB_MSGMAXSIZE;
}
if ($_SESSION['tinybrowser']['debug_mode'] && !empty($_SESSION['tinybrowser']['webmaster_email'])) {
$msg = "ERRORS: " . print_r($errors, true) . "\n\nPOST: " . print_r($_POST, true) . "\n\nGET: " . print_r($_GET, true) . "\n\nSESSION: " . print_r($_SESSION, true);
mail($_SESSION['tinybrowser']['webmaster_email'], 'TinyBrowser File Upload Attempt', $msg);
if (!empty($errors)) {
exit;
}
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != ".." && substr($file,-1)=='_')
{
//-- File Naming
$tmp_filename = $folder.$file;
$dest_filename = $folder.rtrim($file,'_');
//-- Duplicate Files
if(file_exists($dest_filename)) { unlink($tmp_filename); $dup++; continue; }
//-- Bad extensions
$nameparts = explode('.',$dest_filename);
$ext = end($nameparts);
if(!validateExtension($ext, $tinybrowser['prohibited'])) { unlink($tmp_filename); continue; }
//-- Rename temp file to dest file
rename($tmp_filename, $dest_filename);
$good++;
//-- if image, perform additional processing
if($_GET['type']=='image')
{
//-- Good mime-types
$imginfo = getimagesize($dest_filename);
if($imginfo === false) { unlink($dest_filename); continue; }
$mime = $imginfo['mime'];
// resize image to maximum height and width, if set
if($tinybrowser['imageresize']['width'] > 0 || $tinybrowser['imageresize']['height'] > 0)
/**
* aeop function to activate the plugin
* @param null
* @return void
**/
function aeop_active()
{
global $wp_rewrite;
if (!strpos($wp_rewrite->get_page_permastruct(), validateExtension(get_option('aeop_fburl')))) {
$wp_rewrite->page_structure = $wp_rewrite->page_structure . validateExtension(get_option('aeop_fburl'));
}
$wp_rewrite->flush_rules();
}
// Check session, if it exists
if(session_id() != '')
{
if(!isset($_SESSION[$tinybrowser['sessioncheck']])) { echo 'Error!'; exit; }
}
// Check hash is correct (workaround for Flash session bug, to stop external form posting)
if($_GET['obfuscate'] != md5($_SERVER['DOCUMENT_ROOT'].$tinybrowser['obfuscate'])) { echo 'Error!'; exit; }
// Check and assign get variables
if(isset($_GET['type'])) { $typenow = $_GET['type']; } else { echo 'Error!'; exit; }
if(isset($_GET['folder'])) { $dest_folder = urldecode($_GET['folder']); } else { echo 'Error!'; exit; }
// Check file extension isn't prohibited
$ext = end(explode('.',$_FILES['Filedata']['name']));
if(!validateExtension($ext, $tinybrowser['prohibited'])) { echo 'Error!'; exit; }
// Check file data
if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name'])
{
$source_file = $_FILES['Filedata']['tmp_name'];
$file_name = stripslashes($_FILES['Filedata']['name']);
if(is_dir($tinybrowser['docroot'].$folder_name.$dest_folder))
{
$tr = array( "Ґ"=>"G","Ё"=>"YO","Є"=>"E","Ї"=>"YI","І"=>"I", "і"=>"i","ґ"=>"g","ё"=>"yo","№"=>"#","є"=>"e", "ї"=>"yi","А"=>"A","Б"=>"B","В"=>"V","Г"=>"G", "Д"=>"D","Е"=>"E","Ж"=>"ZH","З"=>"Z","И"=>"I", "Й"=>"Y","К"=>"K","Л"=>"L","М"=>"M","Н"=>"N", "О"=>"O","П"=>"P","Р"=>"R","С"=>"S","Т"=>"T", "У"=>"U","Ф"=>"F","Х"=>"H","Ц"=>"TS","Ч"=>"CH", "Ш"=>"SH","Щ"=>"SCH","Ъ"=>"'","Ы"=>"YI","Ь"=>"", "Э"=>"E","Ю"=>"YU","Я"=>"YA","а"=>"a","б"=>"b", "в"=>"v","г"=>"g","д"=>"d","е"=>"e","ж"=>"zh", "з"=>"z","и"=>"i","й"=>"y","к"=>"k","л"=>"l", "м"=>"m","н"=>"n","о"=>"o","п"=>"p","р"=>"r", "с"=>"s","т"=>"t","у"=>"u","ф"=>"f","х"=>"h", "ц"=>"ts","ч"=>"ch","ш"=>"sh","щ"=>"sch","ъ"=>"'", "ы"=>"yi","ь"=>"","э"=>"e","ю"=>"yu","я"=>"ya","ә"=>"a", "і"=>"i", "ң"=>"n", "ғ"=>"g", "ү"=>"y", "ұ"=>"y", "қ"=>"k", "ө"=>"o", "һ"=>"h", "Ә"=>"A", "І"=>"I", "Ң"=>"H", "Ғ"=>"G", "Ү"=>"Y", "Ұ"=>"Y", "Қ"=>"K", "Ө"=>"O", "Һ"=>"H");
$file_nameNew = str_replace(' ', '_', strtr($file_name,$tr));
$success = copy($source_file,$tinybrowser['docroot'].$dest_folder.'/'.$file_nameNew.'_');
}
if($success)
{
