mirrors/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-05-25 04:24:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove server side file manipulation extensions.

Browse source
This commit is contained in:
Lars Jung 2014-06-08 22:33:51 +02:00
parent c9d938934b
commit 1e15c9fb9c
1 changed files with 0 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

77
src/_h5ai/server/php/inc/class-api.php
View file

@ -130,81 +130,4 @@ class Api {
json_fail(2, "packaging failed", $rc !== 0);
exit;
}
private function on_upload() {
$href = use_request_param("href");
json_fail(1, "wrong HTTP method", strtolower($_SERVER["REQUEST_METHOD"]) !== "post");
json_fail(2, "something went wrong", !array_key_exists("userfile", $_FILES));
$userfile = $_FILES["userfile"];
json_fail(3, "something went wrong [" . $userfile["error"] . "]", $userfile["error"] !== 0);
json_fail(4, "folders not supported", file_get_contents($userfile["tmp_name"]) === "null");
$upload_dir = $this->app->to_path($href);
json_fail(5, "upload dir no h5ai folder or ignored", !$this->app->is_managed_url($href) || $this->app->is_ignored($upload_dir));
$dest = $upload_dir . "/" . utf8_encode($userfile["name"]);
json_fail(6, "already exists", file_exists($dest));
json_fail(7, "can't move uploaded file", !move_uploaded_file($userfile["tmp_name"], $dest));
json_exit();
}
private function on_delete() {
json_fail(1, "deletion disabled", !$this->options["delete"]["enabled"]);
$hrefs = use_request_param("hrefs");
$hrefs = explode("|:|", trim($hrefs));
$errors = array();
foreach ($hrefs as $href) {
$d = normalize_path(dirname($href), true);
$n = basename($href);
if ($this->app->is_managed_url($href) && !$this->app->is_ignored($n)) {
$path = $this->app->to_path($href);
if (!delete_path($path, true)) {
$errors[] = $href;
}
}
}
json_fail(2, "deletion failed for some", count($errors) > 0);
json_exit();
}
private function on_rename() {
json_fail(1, "renaming disabled", !$this->options["rename"]["enabled"]);
$href = use_request_param("href");
$name = use_request_param("name");
$d = normalize_path(dirname($href), true);
$n = basename($href);
if ($this->app->is_managed_url($d) && !$this->app->is_ignored($n)) {
$path = $this->app->to_path($href);
$folder = normalize_path(dirname($path));
if (!rename($path, $folder . "/" . $name)) {
json_fail(2, "renaming failed");
}
}
json_exit();
}
}