This repository has been archived on 2022-07-28. You can view files and clone it, but cannot push or open issues or pull requests.
md-cms/edit/files.php

60 lines
1.3 KiB
PHP
Raw Normal View History

<?PHP
/**
* Start page of the backend.
* Offers a dashboard.
*
* @author Joshua Ramon Enslin <joshua@jrenslin.de>
*/
/*
* Require files and ensure environment.
*/
require_once __DIR__ . "/inc/functions.php";
ensureEnvironment(); // Ensure existence of system files.
$translations = loadLanguage(); // Load translations.
ensureBackendEnv(); // Ensure session is started etc.
$pages = loadPages(); // Load overview of pages.
/*
* Load data.
*/
// Check for vars.
loadHttpToGlobals(["subject", "task"]);
if (!isset($task)) $task = "list";
define("fileDir", __DIR__ . "/../files");
if ($task == "list") {
$files = scanDirConts(fileDir);
echo json_encode($files);
return;
}
else if ($task == "upload") {
// TODO: Add whitelist for extensions.
$uploaddir = fileDir . '/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (filesize($_FILES['userfile']['tmp_name']) > 300000) {
printErrorPage($translations['fileTooLarge']);
return;
}
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "Datei ist valide und wurde erfolgreich hochgeladen.\n";
}
else {
echo "Möglicherweise eine Dateiupload-Attacke!\n";
}
}
?>