function formatValue($value)
{
// HTML injection for superuser only
if (swIsAdmin()) {
return addslashes(str_replace("\n", "<br/>", $value));
}
return addslashes(str_replace("\n", "<br/>", htmlentities($value)));
}
<?php
// admin header
session_start();
require_once 'lib/php/DOLib.php';
if (!swValidate('s_username')) {
header("location: index.php");
}
connect();
// save user type
$isAdmin = swIsAdmin();
// process upload
$message = "";
if (count($_FILES) > 0) {
$target_encoding = "ISO-8859-1";
$dest = $GLOBALS['DOCUMENT_ROOT'] . "/swcms/assets/";
foreach ($_FILES as $arrfile) {
if ($arrfile['name']) {
// get the filename
$filename = iconv("UTF-8", $target_encoding, basename($arrfile['name']));
$filename = str_replace('\\', '', $filename);
$filename = str_replace('/', '', $filename);
// delete file if it exists
while (file_exists($dest . $filename)) {
unlink($dest . $filename);
// to avoid server cache problem we postfix the filename
$filename = "new_" . $filename;
}
// store in array for display in the page
$ext[] = substr(strrchr($filename, '.'), 1);
$storedfile[] = $filename;