Esempio n. 1
0
 if (isset($_POST['ms_submit']) || $mode == $LANG_MG01['save'] && !empty($LANG_MG01['save'])) {
     //else if ($mode == $LANG_MG01['save'] && !empty ($LANG_MG01['save'])) {    // save the album...
     $retval = '';
     // OK, we have a save, now we need to see what we are saving...
     if (isset($_POST['action']) && isset($_POST['album_id'])) {
         $action = COM_applyFilter($_POST['action']);
         $album_id = COM_applyFilter($_POST['album_id'], true);
         switch ($action) {
             case 'album':
                 require_once $_CONF['path'] . 'plugins/mediagallery/include/albumedit.php';
                 $retval .= MG_saveAlbum($album_id, $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id);
                 CACHE_remove_instance('whatsnew');
                 break;
             case 'remoteupload':
                 require_once $_CONF['path'] . 'plugins/mediagallery/include/remote.php';
                 $retval = MG_saveRemoteUpload($album_id);
                 break;
             case 'upload':
                 require_once $_CONF['path'] . 'plugins/mediagallery/include/newmedia.php';
                 if (SEC_checkToken()) {
                     $retval = MG_saveUserUpload($album_id);
                 } else {
                     $retval = MG_errorHandler("Invalid input received");
                 }
                 break;
             case 'ftp':
                 require_once $_CONF['path'] . 'plugins/mediagallery/include/ftpmedia.php';
                 $dir = $_REQUEST['directory'];
                 $purgefiles = isset($_REQUEST['purgefiles']) ? $_REQUEST['purgefiles'] : 0;
                 $recurse = isset($_REQUEST['recurse']) ? $_REQUEST['recurse'] : 0;
                 if (strstr($dir, "..")) {
Esempio n. 2
0
 // save the album...
 // OK, we have a save, now we need to see what we are saving...
 if (!isset($_POST['action']) || !isset($_POST['album_id'])) {
     MG_invalidRequest();
 }
 $action = COM_applyFilter($_POST['action']);
 $album_id = COM_applyFilter($_POST['album_id'], true);
 $display = '';
 switch ($action) {
     case 'album':
         require_once $include . 'albumedit.php';
         $display .= MG_saveAlbum($album_id);
         break;
     case 'remoteupload':
         require_once $include . 'remote.php';
         $display .= MG_saveRemoteUpload($album_id);
         break;
     case 'upload':
         require_once $include . 'newmedia.php';
         $display .= MG_saveUserUpload($album_id);
         break;
     case 'ftp':
         require_once $include . 'ftpmedia.php';
         $dir = $_REQUEST['directory'];
         $purgefiles = $_REQUEST['purgefiles'];
         $recurse = $_REQUEST['recurse'];
         if (strstr($dir, "..")) {
             $display .= COM_showMessageText('Invalid input received' . '  [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]');
         } else {
             $display .= MG_FTPpickFiles($album_id, $dir, $purgefiles, $recurse);
         }