1606 |
switch ($HTTP_POST_VARS["POSTACTION"]) { |
switch ($HTTP_POST_VARS["POSTACTION"]) { |
1607 |
case "UPLOAD" : |
case "UPLOAD" : |
1608 |
$FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]); |
$FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]); |
1609 |
|
$FN=stripSlashes($HTTP_POST_FILES["FN"]["name"]); |
1610 |
if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; |
if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; |
1611 |
if (strstr($FN_name,"/")) |
|
|
Error("Non-conforming filename") ; |
|
|
// TODO : should rather check for escapeshellcmds |
|
|
// but maybe RFC 18xx asserts safe filenames .... |
|
1612 |
$source = $FN_name ; |
$source = $FN_name ; |
1613 |
if (! file_exists($source)) { |
if (! file_exists($source)) { |
1614 |
Error("You must select file with browse to upload it!"); |
Error("You must select file with browse to upload it!"); |
1615 |
} |
} |
1616 |
|
|
1617 |
$FILENAME = $HTTP_POST_VARS["FILENAME"]; |
$FILENAME = $HTTP_POST_VARS["FILENAME"]; |
1618 |
|
if (strstr($FILENAME,"/")) |
1619 |
|
Error("Upload error","Non-conforming filename. Filename <tt>$FILENAME</tt> has slashes (<tt>/</tt>) in it.") ; |
1620 |
if (! isset($FILENAME)) { // from update file |
if (! isset($FILENAME)) { // from update file |
1621 |
$target = "$fsDir/$FN_name" ; |
$target = "$fsDir/".basename($FN_name); |
1622 |
} else { |
} else { |
1623 |
$target = "$fsDir/$FILENAME"; |
$target = "$fsDir/$FILENAME"; |
1624 |
} |
} |