break; case 'addfolderperm': $cid = $filter->getCleanData('int', $_POST['catid']); if (fm_updateCatPerms($cid, $_POST['cb_access'], $_POST['selusers'], $_POST['selgroups'])) { $data['html'] = nexdocsrv_folderperms($cid); $data['retcode'] = 200; } else { $data['retcode'] = 403; // Forbidden } $retval = json_encode($data); break; case 'savefile': $textvars = array('filetitle' => $_POST['displayname'], 'description' => $_POST['description'], 'vernote' => $_POST['versionnote'], 'tags' => $_POST['tags']); $intvars = array('cid' => $_POST['category'], 'notify' => $_POST['notify']); $filter->setCheckhtml(false); // Need to disable HTML filter or even new lines are removed $filter->cleanData('int', $intvars); $filter->cleanData('text', $textvars); $_CLEAN = $filter->normalize($filter->getDbData()); $date = time(); $uploadfilename = $filter->getCleanData('text', $_FILES['Filedata']['name']); //$uploadfilename = strtolower($uploadfilename); $pos = strrpos($uploadfilename, '.') + 1; $fileExtension = substr($uploadfilename, $pos); $filesize = $filter->getCleanData('int', $_FILES['Filedata']['size']); $mimetype = $filter->getCleanData('text', $_FILES['Filedata']['type']); $data['op'] = 'savefile'; $data['message'] = ''; $data['cid'] = $_CLEAN['cid']; if (DB_count($_TABLES['nxfile_files'], array('cid', 'fname'), array("{$_CLEAN['cid']}", "{$uploadfilename}")) > 0) {