aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--loggedin.js4
-rw-r--r--php/readfile.php14
2 files changed, 13 insertions, 5 deletions
diff --git a/loggedin.js b/loggedin.js
index c2d407f..4b4cb25 100644
--- a/loggedin.js
+++ b/loggedin.js
@@ -250,12 +250,12 @@ add_link_functionality(document.getElementById("home_path_entry"), 0);
function open_file(fileview) {
var data = new FormData();
data.append('folder', get_path());
- data.append('path', get_path());
+ data.append('filename', fileview.filename);
var xhr = new XMLHttpRequest();
xhr.open('POST', '/php/readfile.php', true);
xhr.onload = function () {
-
+ console.log(xhr.responseText);
};
xhr.send(data);
}
diff --git a/php/readfile.php b/php/readfile.php
index d978ffc..6e759d3 100644
--- a/php/readfile.php
+++ b/php/readfile.php
@@ -6,7 +6,7 @@ require_once "node.php";
require_once "misc.php";
session_start();
-if (!isset($_POST["filename"]) || !isset($_FILES["folder"])) {
+if (!isset($_POST["filename"]) || !isset($_POST["folder"])) {
error_log("/php/readfile.php - invalid request");
http_response_code(400);
exit(1);
@@ -19,7 +19,7 @@ $filename = $_POST["filename"];
$dir = get_directory($folder, $user);
if (!$dir) {
- error_log("i/php/readfile.php - invalid directory");
+ error_log("/php/readfile.php - invalid directory");
http_response_code(409);
exit(0);
}
@@ -30,7 +30,15 @@ $file_node = null;
foreach ($contents_of_dir as $c) {
if ($c['name'] == $filename) {
$file_node = $c;
+ break;
}
}
+if (!$file_node) {
+ error_log("/php/readfile.php - invalid filename");
+ http_response_code(409);
+ exit(0);
+}
+
+header("Content-type: $file_node[mimetype]");
-var_error_log($file_node);
+readfile("$storage_root/$file_node[code]");