aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--loggedin.js4
-rw-r--r--loggedin.php1
-rw-r--r--php/database.php6
-rw-r--r--php/node.php3
-rw-r--r--php/readdir.php2
-rw-r--r--php/upload.php15
6 files changed, 24 insertions, 7 deletions
diff --git a/loggedin.js b/loggedin.js
index c84f650..a2c211b 100644
--- a/loggedin.js
+++ b/loggedin.js
@@ -6,6 +6,7 @@ const filename_input = document.getElementById("filename");
const upload_btn = document.getElementById("upload_btn");
const the_path = document.getElementById("the_path");
const current_directory = document.getElementById("current_directory");
+const upload_parent_directory = document.getElementById("upload_parent_directory");
the_file.onchange = on_file_added;
@@ -36,7 +37,8 @@ var files = [];
function on_file_added(_e) {
if (the_file.files.length >= 1) {
- filename_input.value = the_file.files[0].name;
+ filename_input.value = the_file.files[0].name;
+ upload_parent_directory.value = get_path();
if (!FORM_ASYNC) {
upload_form.submit();
diff --git a/loggedin.php b/loggedin.php
index a084754..8d54d65 100644
--- a/loggedin.php
+++ b/loggedin.php
@@ -19,6 +19,7 @@
<form id="upload_form" style="display:none;" action="php/upload.php" method="post" enctype="multipart/form-data">
<input id="filename" name="filename">
<input type="file" name="the_file" id="the_file">
+ <input name="parent_directory" id="upload_parent_directory">
</form>
diff --git a/php/database.php b/php/database.php
index bb8cfa4..1e76d77 100644
--- a/php/database.php
+++ b/php/database.php
@@ -337,8 +337,10 @@ require_once "node.php";
{
error_log("could not exedude dir sql statement in create_file_node");
return "error";
- }
- if(($dir=$dir_prep->fetch(PDO::FETCH_ASSOC))==false)
+ }
+
+ $dir=$dir_prep->fetch(PDO::FETCH_ASSOC);
+ if($dir == false)
{
error_log("create_file_node dir isnt a directory");
return "error";
diff --git a/php/node.php b/php/node.php
index bb404e0..d7c2a6c 100644
--- a/php/node.php
+++ b/php/node.php
@@ -46,6 +46,9 @@ require_once "user.php";
{
$dir_id=$database->create_dangling_directory();
$database->link_nodes($parent_dir_id,$dir_id,$directory_name,$note);
+
+ $database->give_view_access($dir_id, $user->user_id);
+ $database->give_edit_access($dir_id, $user->user_id);
return $dir_id;
}
}
diff --git a/php/readdir.php b/php/readdir.php
index 8194580..24d3c49 100644
--- a/php/readdir.php
+++ b/php/readdir.php
@@ -4,8 +4,8 @@
$user=$_SESSION['user_object'];
$path=$_POST['path'];
-//echo '[ { "name": "file1.txt", "mimetype": "text/plain", "is_directory": false }, { "name": "file2.pdf", "mimetype": "application/pdf", "is_directory": false }, { "name": "dir", "mimetype": "", "is_directory": true } ] ';
$ret=get_directory_contents($path,$user);
+
$json=json_encode($ret);
echo $json;
?>
diff --git a/php/upload.php b/php/upload.php
index 1672e9e..9739744 100644
--- a/php/upload.php
+++ b/php/upload.php
@@ -2,9 +2,10 @@
require_once "database.php";
require_once "configuration.php";
require_once "file_type_recogniser.php";
+require_once "node.php";
session_start();
-if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]))
+if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]) || !isset($_POST['parent_directory']))
{
error_log("someone tried to upload something impropperly");
http_response_code(400);
@@ -13,16 +14,24 @@ if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]))
$file=$_FILES["the_file"];
$filename=$_POST["filename"];
+$parent_directory=$_POST["parent_directory"];
$user=$_SESSION['user_object'];
$homedir=$user->home_directory;
$mimetype=file_type($file['tmp_name']);
+$dir = get_directory($parent_directory, $user);
+if (!$dir)
+{
+ error_log("trying to upload to invalid directory");
+ http_response_code(409);
+ exit(0);
+}
-$codename=$database->create_file_node($filename,"",$homedir,$mimetype,$user);
+$codename=$database->create_file_node($filename,"",$dir,$mimetype,$user);
if($codename=="error")
{
error_log("could not create file_node in upload.php");
- http_response_code(400);
+ http_response_code(409);
exit(0);
}
if($codename=="filename taken")