import mtweb.0.4.1

[mtweb] / web / libs / tiny_mce / plugins / tinybrowser / upload_file.php

<?php\r
require_once('config_tinybrowser.php');\r
require_once('fns_tinybrowser.php');\r
\r
// Check session, if it exists\r
if(session_id() != '')\r
        {\r
        if(!isset($_SESSION[$tinybrowser['sessioncheck']])) { echo 'Error!'; exit; }\r
        }\r
        \r
// Check hash is correct (workaround for Flash session bug, to stop external form posting)\r
if($_GET['obfuscate'] != md5($_SERVER['DOCUMENT_ROOT'].$tinybrowser['obfuscate'])) { echo 'Error!'; exit; } \r
\r
// Check  and assign get variables\r
if(isset($_GET['type'])) { $typenow = $_GET['type']; } else { echo 'Error!'; exit; } \r
if(isset($_GET['folder'])) { $dest_folder = urldecode($_GET['folder']); } else { echo 'Error!'; exit; } \r
\r
// Check file extension isn't prohibited\r
$nameparts = explode('.',$_FILES['Filedata']['name']);\r
$ext = end($nameparts);\r
\r
if(!validateExtension($ext, $tinybrowser['prohibited'])) { echo 'Error!'; exit; } \r
\r
// Check file data\r
if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name'])\r
        {       \r
        $source_file = $_FILES['Filedata']['tmp_name'];\r
        $file_name = stripslashes($_FILES['Filedata']['name']);\r
        if($tinybrowser['cleanfilename']) $file_name = clean_filename($file_name);\r
        if(is_dir($tinybrowser['docroot'].$dest_folder))\r
                {\r
                $success = copy($source_file,$tinybrowser['docroot'].$dest_folder.'/'.$file_name.'_');\r
                }\r
        if($success)\r
                {\r
                header('HTTP/1.1 200 OK'); //  if this doesn't work for you, try header('HTTP/1.1 201 Created');\r
                ?><html><head><title>File Upload Success</title></head><body>File Upload Success</body></html><?php\r
                }\r
        }               \r
?>\r