This repository has been archived on 2022-07-28. You can view files and clone it, but cannot push or open issues or pull requests.
md-cms/edit/files.php
Joshua Ramon Enslin 768c0998aa Added whitelist for uploadable files.
Added greyscale mdlogo to git and set it as the default logo.
2018-06-18 21:42:14 +02:00

90 lines
2.1 KiB
PHP

<?PHP
/**
* Start page of the backend.
* Offers a dashboard.
*
* @author Joshua Ramon Enslin <joshua@jrenslin.de>
*/
/*
* Require files and ensure environment.
*/
require_once __DIR__ . "/inc/functions.php";
ensureEnvironment(); // Ensure existence of system files.
$translations = loadLanguage($settings['defaultLang']); // Load translations.
ensureBackendEnv(); // Ensure session is started etc.
$pages = loadPages(); // Load overview of pages.
/*
* Load data.
*/
// Check for vars.
loadHttpToGlobals(["subject", "task", "backTo"]);
if (!isset($task)) $task = "list";
define("fileDir", __DIR__ . "/../files");
if ($task == "list") {
$files = scanDirConts(fileDir);
echo json_encode($files);
return;
}
else if ($task == "upload") {
$allowedFiletypes = [
"image/png",
"image/jpeg",
];
$uploaddir = fileDir . '/';
$uploadfile = $uploaddir . basename($_FILES['file']['name']);
// Whitelist of allowed types.
if (!in_array($_FILES['file']['type'], $allowedFiletypes)) {
printErrorPage($translations['filetypeNotWhitelisted']);
return;
}
if (filesize($_FILES['file']['tmp_name']) > 300000) {
printErrorPage($translations['fileTooLarge']);
return;
}
if (!(move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))) {
printErrorPage($translations['fileUploadError']);
return;
}
$_SESSION["editHistory"] = ["changesStored", $translations['uploadedFile']];
// Refer back
if (isset($backTo)) header('Location: ' . $backTo);
else header('Location: ./');
return;
}
else if ($task == "delete") {
if (!is_file(fileDir . "/$subject")) {
printErrorPage($translations['fileDoesNotExist']); return;
}
unlink(fileDir . "/$subject");
$_SESSION["editHistory"] = ["changesDeleted", $translations['deletedFile'] . " $subject"];
// Refer back
if (isset($backTo)) header('Location: ' . $backTo);
else header('Location: ./');
return;
}
?>