if (!serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesDirectories')) { return; } $data['case_directoryDoCreate'] = true; $new_dir = serendipity_uploadSecure($serendipity['POST']['parent'] . '/' . serendipity_makeFilename($serendipity['POST']['name']), true); $new_dir = str_replace(array('..', '//'), array('', '/'), $new_dir); $nd = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir; serendipity_plugin_api::hook_event('backend_directory_create', $nd); /* TODO: check if directory already exist */ if (is_dir($nd) || @mkdir($nd)) { $data['print_DIRECTORY_CREATED'] = sprintf(DIRECTORY_CREATED, $serendipity['POST']['name']); @umask(00); @chmod($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir, 0777); // Apply parent ACL to new child. $array_parent_read = serendipity_ACLGet(0, 'directory', 'read', $serendipity['POST']['parent']); $array_parent_write = serendipity_ACLGet(0, 'directory', 'write', $serendipity['POST']['parent']); if (!is_array($array_parent_read) || count($array_parent_read) < 1) { $parent_read = array(0); } else { $parent_read = array_keys($array_parent_read); } if (!is_array($array_parent_write) || count($array_parent_write) < 1) { $parent_write = array(0); } else { $parent_write = array_keys($array_parent_write); } serendipity_ACLGrant(0, 'directory', 'read', $parent_read, $new_dir . '/'); serendipity_ACLGrant(0, 'directory', 'write', $parent_write, $new_dir . '/'); } else { $data['print_DIRECTORY_WRITE_ERROR'] = sprintf(DIRECTORY_WRITE_ERROR, $new_dir); }
/** * Checks whether a user has access to write into a directory * * @access public * @param string Directory to check * @return boolean */ function serendipity_checkDirUpload($dir) { global $serendipity; /* if (serendipity_checkPermission('adminImagesMaintainOthers')) { return true; } */ $allowed = serendipity_ACLGet(0, 'directory', 'write', $dir); $mygroups = serendipity_checkPermission(null, null, true); // Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine. if (!is_array($allowed) || isset($allowed[0])) { return true; } if (!is_array($mygroups)) { return true; } foreach ($mygroups as $grpid => $grp) { if (isset($allowed[$grpid])) { return true; break; } } return false; }
foreach ($cats as $cat_data) { if ($cat_data['categoryid'] != $serendipity['GET']['cid'] && (serendipity_checkPermission('adminCategoriesMaintainOthers') || $cat_data['authorid'] == '0' || $cat_data['authorid'] == $serendipity['authorid'])) { $data['cats'][] = $cat_data; } } } } if ($serendipity['GET']['adminAction'] == 'edit' || $serendipity['GET']['adminAction'] == 'new' || $serendipity['GET']['adminAction'] == 'newSub') { if ($serendipity['GET']['adminAction'] == 'edit') { $data['edit'] = true; $cid = (int) $serendipity['GET']['cid']; $this_cat = serendipity_fetchCategoryInfo($cid); $data['category_name'] = $this_cat['category_name']; $save = SAVE; $read_groups = serendipity_ACLGet($cid, 'category', 'read'); $write_groups = serendipity_ACLGet($cid, 'category', 'write'); } else { $data['new'] = true; $cid = false; $this_cat = array(); echo '<h2>' . CREATE_NEW_CAT . '</h2>'; $save = CREATE; $read_groups = array(0 => 0); $write_groups = array(0 => 0); } if ($serendipity['GET']['adminAction'] == 'newSub') { $data['new'] = true; $data['newSub'] = true; $this_cat['parentid'] = (int) $serendipity['GET']['cid']; } $data['cid'] = $cid;