// Should never be true - Guids ought to be unique
$newFilename = SMRandom::CreateGuid() . $extension;
}
// Move file
if (move_uploaded_file($_FILES["SelectedFile"]["tmp_name"], $dir . "/" . $newFilename) === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "Error moving temporary file";
exit;
}
echo $dir . "/" . $newFilename;
// Write new filename back to client on success
} else {
if ($command === "Remove") {
$paths = null;
$file = SMEnvironment::GetPostValue("File");
$files = SMEnvironment::GetPostValue("Files");
if ($file !== null) {
$paths = array($file);
} else {
if ($files !== null) {
$paths = explode(";", $files);
}
}
if ($paths === null) {
header("HTTP/1.1 500 Internal Server Error");
echo "Error - unable to remove files - no path(s) given";
exit;
}
foreach ($paths as $path) {
// Make sure $path is a safe path (e.g. does not contain ../../), and make sure the file referenced is found in $imagesFolder
if (SMStringUtilities::Validate($path, SMValueRestriction::$SafePath) === false || strpos($path, $imagesFolder) !== 0) {
