+++ /dev/null
-<?php\r
-require_once('config_tinybrowser.php');\r
-require_once('fns_tinybrowser.php');\r
-\r
-// Check session, if it exists\r
-if(session_id() != '')\r
- {\r
- if(!isset($_SESSION[$tinybrowser['sessioncheck']])) { echo 'Error!'; exit; }\r
- }\r
- \r
-// Check hash is correct (workaround for Flash session bug, to stop external form posting)\r
-if($_GET['obfuscate'] != md5($_SERVER['DOCUMENT_ROOT'].$tinybrowser['obfuscate'])) { echo 'Error!'; exit; } \r
-\r
-// Check and assign get variables\r
-if(isset($_GET['type'])) { $typenow = $_GET['type']; } else { echo 'Error!'; exit; } \r
-if(isset($_GET['folder'])) { $dest_folder = urldecode($_GET['folder']); } else { echo 'Error!'; exit; } \r
-\r
-// Check file extension isn't prohibited\r
-$nameparts = explode('.',$_FILES['Filedata']['name']);\r
-$ext = end($nameparts);\r
-\r
-if(!validateExtension($ext, $tinybrowser['prohibited'])) { echo 'Error!'; exit; } \r
-\r
-// Check file data\r
-if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name'])\r
- { \r
- $source_file = $_FILES['Filedata']['tmp_name'];\r
- $file_name = stripslashes($_FILES['Filedata']['name']);\r
- if($tinybrowser['cleanfilename']) $file_name = clean_filename($file_name);\r
- if(is_dir($tinybrowser['docroot'].$dest_folder))\r
- {\r
- $success = copy($source_file,$tinybrowser['docroot'].$dest_folder.'/'.$file_name.'_');\r
- }\r
- if($success)\r
- {\r
- header('HTTP/1.1 200 OK'); // if this doesn't work for you, try header('HTTP/1.1 201 Created');\r
- ?><html><head><title>File Upload Success</title></head><body>File Upload Success</body></html><?php\r
- }\r
- } \r
-?>\r