[ Index ]

PHP Cross Reference of osCMax 2.0.4

title

Body

[close]

/FCKeditor/editor/filemanager/connectors/php/ -> upload.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  /*

   3   * FCKeditor - The text editor for Internet - http://www.fckeditor.net

   4   * Copyright (C) 2003-2008 Frederico Caldeira Knabben

   5   *

   6   * == BEGIN LICENSE ==

   7   *

   8   * Licensed under the terms of any of the following licenses at your

   9   * choice:

  10   *

  11   *  - GNU General Public License Version 2 or later (the "GPL")

  12   *    http://www.gnu.org/licenses/gpl.html

  13   *

  14   *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")

  15   *    http://www.gnu.org/licenses/lgpl.html

  16   *

  17   *  - Mozilla Public License Version 1.1 or later (the "MPL")

  18   *    http://www.mozilla.org/MPL/MPL-1.1.html

  19   *

  20   * == END LICENSE ==

  21   *

  22   * This is the "File Uploader" for PHP.

  23   */
  24  
  25  // Arbitrary Upload Exploit Fix

  26  if (strpos ($_SERVER['PHP_SELF'], 'upload.php') !== false)
  27  {
  28      die ('This file can not be used on its own.');
  29  }
  30  
  31  require ('./config.php') ;
  32  require ('./util.php') ;
  33  require ('./io.php') ;
  34  require ('./commands.php') ;
  35  require ('./phpcompat.php') ;
  36  
  37  function SendError( $number, $text )
  38  {
  39      SendUploadResults( $number, '', '', $text ) ;
  40  }
  41  
  42  
  43  // Check if this uploader has been enabled.

  44  if ( !$Config['Enabled'] )
  45      SendUploadResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
  46  
  47  $sCommand = 'QuickUpload' ;
  48  
  49  // The file type (from the QueryString, by default 'File').

  50  $sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
  51  
  52  $sCurrentFolder    = GetCurrentFolder() ;
  53  
  54  // Is enabled the upload?

  55  if ( ! IsAllowedCommand( $sCommand ) )
  56      SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
  57  
  58  // Check if it is an allowed type.

  59  if ( !IsAllowedType( $sType ) )
  60      SendUploadResults( 1, '', '', 'Invalid type specified' ) ;
  61  
  62  
  63  FileUpload( $sType, $sCurrentFolder, $sCommand )
  64  
  65  ?>

Body

Body

Body

Body


Generated: Fri Jan 1 13:43:16 2010 Cross-referenced by PHPXref 0.7