--- /dev/null
+<?php\r
+require_once('config_tinybrowser.php');\r
+require_once('fns_tinybrowser.php');\r
+\r
+// Check session, if it exists\r
+if(session_id() != '')\r
+ {\r
+ if(!isset($_SESSION[$tinybrowser['sessioncheck']])) { echo 'Error!'; exit; }\r
+ }\r
+ \r
+// Check hash is correct (workaround for Flash session bug, to stop external form posting)\r
+if($_GET['obfuscate'] != md5($_SERVER['DOCUMENT_ROOT'].$tinybrowser['obfuscate'])) { echo 'Error!'; exit; } \r
+\r
+// Check and assign get variables\r
+if(isset($_GET['type'])) { $typenow = $_GET['type']; } else { echo 'Error!'; exit; } \r
+if(isset($_GET['folder'])) { $dest_folder = urldecode($_GET['folder']); } else { echo 'Error!'; exit; } \r
+\r
+// Check file extension isn't prohibited\r
+$nameparts = explode('.',$_FILES['Filedata']['name']);\r
+$ext = end($nameparts);\r
+\r
+if(!validateExtension($ext, $tinybrowser['prohibited'])) { echo 'Error!'; exit; } \r
+\r
+// Check file data\r
+if ($_FILES['Filedata']['tmp_name'] && $_FILES['Filedata']['name'])\r
+ { \r
+ $source_file = $_FILES['Filedata']['tmp_name'];\r
+ $file_name = stripslashes($_FILES['Filedata']['name']);\r
+ if($tinybrowser['cleanfilename']) $file_name = clean_filename($file_name);\r
+ if(is_dir($tinybrowser['docroot'].$dest_folder))\r
+ {\r
+ $success = copy($source_file,$tinybrowser['docroot'].$dest_folder.'/'.$file_name.'_');\r
+ }\r
+ if($success)\r
+ {\r
+ header('HTTP/1.1 200 OK'); // if this doesn't work for you, try header('HTTP/1.1 201 Created');\r
+ ?><html><head><title>File Upload Success</title></head><body>File Upload Success</body></html><?php\r
+ }\r
+ } \r
+?>\r
projects / mw_pages / blobdiff