  |
1 | 1 | | <?php |
| |
2 | 2 | | /* |
 |
3 | | - | $Id: file_manager.php,v 1.42 2003/06/29 22:50:52 hpdl Exp $ |
| |
| 3 | + | $Id: file_manager.php 1744 2007-12-21 02:22:21Z hpdl $ |
|
4 | 4 | | |
| |
5 | 5 | | osCommerce, Open Source E-Commerce Solutions |
| |
6 | 6 | | http://www.oscommerce.com |
| |
|
|
 |
… |
|
43 | 43 | | if (!$tep_remove_error) tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); |
| |
44 | 44 | | break; |
| |
45 | 45 | | case 'insert': |
|
46 | | - | if (mkdir($current_path . '/' . $HTTP_POST_VARS['folder_name'], 0777)) { |
| |
| 46 | + | if (isset($HTTP_POST_VARS['folder_name']) && tep_not_null(basename($HTTP_POST_VARS['folder_name'])) && mkdir($current_path . '/' . basename($HTTP_POST_VARS['folder_name']), 0777)) { |
|
47 | 47 | | tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['folder_name']))); |
| |
48 | 48 | | } |
| |
49 | 49 | | break; |
| |
50 | 50 | | case 'save': |
|
51 | | - | if ($fp = fopen($current_path . '/' . $HTTP_POST_VARS['filename'], 'w+')) { |
| |
52 | | - | fputs($fp, stripslashes($HTTP_POST_VARS['file_contents'])); |
| |
53 | | - | fclose($fp); |
| |
54 | | - | tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename']))); |
| |
| 51 | + | if (isset($HTTP_POST_VARS['filename']) && tep_not_null(basename($HTTP_POST_VARS['filename']))) { |
| |
| 52 | + | if (is_writeable($current_path) && ($fp = fopen($current_path . '/' . basename($HTTP_POST_VARS['filename']), 'w+'))) { |
| |
| 53 | + | fputs($fp, stripslashes($HTTP_POST_VARS['file_contents'])); |
| |
| 54 | + | fclose($fp); |
| |
| 55 | + | tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode(basename($HTTP_POST_VARS['filename'])))); |
| |
| 56 | + | } |
| |
| 57 | + | } else { |
| |
| 58 | + | $action = 'new_file'; |
| |
| 59 | + | $directory_writeable = true; |
| |
| 60 | + | $messageStack->add(ERROR_FILENAME_EMPTY, 'error'); |
|
55 | 61 | | } |
| |
56 | 62 | | break; |
| |
57 | 63 | | case 'processuploads': |