diff options
author | Alex Vitkov <alexvitkov98@gmail.com> | 2021-02-13 00:51:39 +0200 |
---|---|---|
committer | Alex Vitkov <alexvitkov98@gmail.com> | 2021-02-13 00:51:39 +0200 |
commit | ca4e0cbb1471e837197cd2ed30b1ea3c274ab41d (patch) | |
tree | f8707e1aeff617916fc8684b418e7e28d56b08a9 | |
parent | a218bdd5fc29f4dab9f68c4eb9173db0627046c1 (diff) | |
download | fileup-ca4e0cbb1471e837197cd2ed30b1ea3c274ab41d.tar.gz |
Upload.php now can upload in direcotires other than root
-rw-r--r-- | loggedin.js | 4 | ||||
-rw-r--r-- | loggedin.php | 1 | ||||
-rw-r--r-- | php/database.php | 6 | ||||
-rw-r--r-- | php/node.php | 3 | ||||
-rw-r--r-- | php/readdir.php | 2 | ||||
-rw-r--r-- | php/upload.php | 15 |
6 files changed, 24 insertions, 7 deletions
diff --git a/loggedin.js b/loggedin.js index c84f650..a2c211b 100644 --- a/loggedin.js +++ b/loggedin.js @@ -6,6 +6,7 @@ const filename_input = document.getElementById("filename"); const upload_btn = document.getElementById("upload_btn"); const the_path = document.getElementById("the_path"); const current_directory = document.getElementById("current_directory"); +const upload_parent_directory = document.getElementById("upload_parent_directory"); the_file.onchange = on_file_added; @@ -36,7 +37,8 @@ var files = []; function on_file_added(_e) { if (the_file.files.length >= 1) { - filename_input.value = the_file.files[0].name; + filename_input.value = the_file.files[0].name; + upload_parent_directory.value = get_path(); if (!FORM_ASYNC) { upload_form.submit(); diff --git a/loggedin.php b/loggedin.php index a084754..8d54d65 100644 --- a/loggedin.php +++ b/loggedin.php @@ -19,6 +19,7 @@ <form id="upload_form" style="display:none;" action="php/upload.php" method="post" enctype="multipart/form-data"> <input id="filename" name="filename"> <input type="file" name="the_file" id="the_file"> + <input name="parent_directory" id="upload_parent_directory"> </form> diff --git a/php/database.php b/php/database.php index bb8cfa4..1e76d77 100644 --- a/php/database.php +++ b/php/database.php @@ -337,8 +337,10 @@ require_once "node.php"; { error_log("could not exedude dir sql statement in create_file_node"); return "error"; - } - if(($dir=$dir_prep->fetch(PDO::FETCH_ASSOC))==false) + } + + $dir=$dir_prep->fetch(PDO::FETCH_ASSOC); + if($dir == false) { error_log("create_file_node dir isnt a directory"); return "error"; diff --git a/php/node.php b/php/node.php index bb404e0..d7c2a6c 100644 --- a/php/node.php +++ b/php/node.php @@ -46,6 +46,9 @@ require_once "user.php"; { $dir_id=$database->create_dangling_directory(); $database->link_nodes($parent_dir_id,$dir_id,$directory_name,$note); + + $database->give_view_access($dir_id, $user->user_id); + $database->give_edit_access($dir_id, $user->user_id); return $dir_id; } } diff --git a/php/readdir.php b/php/readdir.php index 8194580..24d3c49 100644 --- a/php/readdir.php +++ b/php/readdir.php @@ -4,8 +4,8 @@ $user=$_SESSION['user_object']; $path=$_POST['path']; -//echo '[ { "name": "file1.txt", "mimetype": "text/plain", "is_directory": false }, { "name": "file2.pdf", "mimetype": "application/pdf", "is_directory": false }, { "name": "dir", "mimetype": "", "is_directory": true } ] '; $ret=get_directory_contents($path,$user); + $json=json_encode($ret); echo $json; ?> diff --git a/php/upload.php b/php/upload.php index 1672e9e..9739744 100644 --- a/php/upload.php +++ b/php/upload.php @@ -2,9 +2,10 @@ require_once "database.php"; require_once "configuration.php"; require_once "file_type_recogniser.php"; +require_once "node.php"; session_start(); -if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"])) +if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]) || !isset($_POST['parent_directory'])) { error_log("someone tried to upload something impropperly"); http_response_code(400); @@ -13,16 +14,24 @@ if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"])) $file=$_FILES["the_file"]; $filename=$_POST["filename"]; +$parent_directory=$_POST["parent_directory"]; $user=$_SESSION['user_object']; $homedir=$user->home_directory; $mimetype=file_type($file['tmp_name']); +$dir = get_directory($parent_directory, $user); +if (!$dir) +{ + error_log("trying to upload to invalid directory"); + http_response_code(409); + exit(0); +} -$codename=$database->create_file_node($filename,"",$homedir,$mimetype,$user); +$codename=$database->create_file_node($filename,"",$dir,$mimetype,$user); if($codename=="error") { error_log("could not create file_node in upload.php"); - http_response_code(400); + http_response_code(409); exit(0); } if($codename=="filename taken") |