$data['file']['ipaddress'] = $data['queueitem']['ipaddress']; $data['file']['uploaderfirstname'] = $data['queueitem']['uploaderfirstname']; $data['file']['uploaderlastname'] = $data['queueitem']['uploaderlastname']; $data['file']['uploaderemail'] = $data['queueitem']['uploaderemail']; $data['file']['filemd5'] = $data['queueitem']['filemd5']; $data['file']['authorname'] = $data['queueitem']['authorname']; if (substr($data['queueitem']['licensename'], 0, 1) == "*") { $data['file']['licensename'] = substr($data['queueitem']['licensename'], 1); } else { $data['file']['licensename'] = $data['queueitem']['licensename']; } $data['file']['licenseurl'] = $data['queueitem']['licenseurl']; $data['file']['licensetext'] = $data['queueitem']['licensetext']; $data['file']['moderationmessage'] = $input['message']; $data['file']['moderator'] = $user['username']; $dirdb = new DirectoryDB($config['paths']['publicDirectory'] . $subdir . '/data.sqlite3'); if ($dirdb->File_Insert($data['file'])) { if ($qdb->Queue_Delete_ByID($data['queueitem']['queueid'])) { // Send an email to the upload letting them know their image // was accepted. $data['email'] = array(); $data['email']['username'] = $data['queueitem']['username']; $data['email']['uploaderfirstname'] = $data['queueitem']['uploaderfirstname']; $data['email']['uploaderlastname'] = $data['queueitem']['uploaderlastname']; $data['email']['imageURL'] = $config['paths']['publicURL'] . $subdir . '/' . $data['queueitem']['filename']; $email['body'] = $tpl->fetch('email_approve.tpl'); email($data['queueitem']['uploaderemail'], $config['mail']['fromaddress'], "Image Submission Approved", $email['body']); } else { echo "There was an error deleting the MySQL database entry for this item.\n"; } } else {
<?php define('USING_SMARTY', true); require 'common.php'; // Set up some variables for this session $data['filedirectory'] = $_SERVER['DOCUMENT_ROOT'] . rtrim(urldecode($_SERVER['REQUEST_URI']), '/') . "/"; $data['httpdirectory'] = $_SERVER['REQUEST_URI']; // Not even sure if Apache would handle a request that included .. in it, but // better safe than sorry. if (strstr('..', $_SERVER['REQUEST_URI'])) { exit; } //filesize($filename) require_once $config['paths']['includes'] . 'directorydb.class.php'; $dirdb = new DirectoryDB($data['filedirectory'] . 'data.sqlite3'); //$data['fileInfo'] = $dirdb->Files_Fetch_All(); if (is_dir($data['filedirectory'])) { $dir = opendir($data['filedirectory']); if ($dir) { $data['directories'] = array(); $data['files'] = array(); while (($item = readdir($dir)) !== false) { // Ignore items starting with a period. This includes the '.' and '..' // entries. if (substr($item, 0, 1) == '.') { continue; } // Only list directories or PNG files. Do not list a directory if it // contains an .ignore file. if (is_dir($data['filedirectory'] . $item)) { if (file_exists($data['filedirectory'] . "/{$item}/.ignore")) {