diff options
author | adam <adam@> | 2021-02-13 13:26:41 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-13 13:26:41 +0200 |
commit | 8b1393b3f06fdd86abc3dca396670965c42ba8c2 (patch) | |
tree | 95a167bcacb1eb9e9d6ac48bda3c7e8ef77c8ff9 | |
parent | 8f8d22109484308255d16f318cb488b3c8519885 (diff) | |
parent | 3ab8276b269b3d646d232cf093d13bb280e28bf7 (diff) | |
download | fileup-8b1393b3f06fdd86abc3dca396670965c42ba8c2.tar.gz |
Merge https://github.com/alexvitkov/india
-rw-r--r-- | loggedin.js | 4 | ||||
-rw-r--r-- | php/readfile.php | 14 |
2 files changed, 13 insertions, 5 deletions
diff --git a/loggedin.js b/loggedin.js index c2d407f..4b4cb25 100644 --- a/loggedin.js +++ b/loggedin.js @@ -250,12 +250,12 @@ add_link_functionality(document.getElementById("home_path_entry"), 0); function open_file(fileview) { var data = new FormData(); data.append('folder', get_path()); - data.append('path', get_path()); + data.append('filename', fileview.filename); var xhr = new XMLHttpRequest(); xhr.open('POST', '/php/readfile.php', true); xhr.onload = function () { - + console.log(xhr.responseText); }; xhr.send(data); } diff --git a/php/readfile.php b/php/readfile.php index d978ffc..6e759d3 100644 --- a/php/readfile.php +++ b/php/readfile.php @@ -6,7 +6,7 @@ require_once "node.php"; require_once "misc.php"; session_start(); -if (!isset($_POST["filename"]) || !isset($_FILES["folder"])) { +if (!isset($_POST["filename"]) || !isset($_POST["folder"])) { error_log("/php/readfile.php - invalid request"); http_response_code(400); exit(1); @@ -19,7 +19,7 @@ $filename = $_POST["filename"]; $dir = get_directory($folder, $user); if (!$dir) { - error_log("i/php/readfile.php - invalid directory"); + error_log("/php/readfile.php - invalid directory"); http_response_code(409); exit(0); } @@ -30,7 +30,15 @@ $file_node = null; foreach ($contents_of_dir as $c) { if ($c['name'] == $filename) { $file_node = $c; + break; } } +if (!$file_node) { + error_log("/php/readfile.php - invalid filename"); + http_response_code(409); + exit(0); +} + +header("Content-type: $file_node[mimetype]"); -var_error_log($file_node); +readfile("$storage_root/$file_node[code]"); |