aboutsummaryrefslogtreecommitdiffstats
path: root/php/upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/upload.php')
-rw-r--r--php/upload.php15
1 files changed, 12 insertions, 3 deletions
diff --git a/php/upload.php b/php/upload.php
index 1672e9e..9739744 100644
--- a/php/upload.php
+++ b/php/upload.php
@@ -2,9 +2,10 @@
require_once "database.php";
require_once "configuration.php";
require_once "file_type_recogniser.php";
+require_once "node.php";
session_start();
-if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]))
+if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]) || !isset($_POST['parent_directory']))
{
error_log("someone tried to upload something impropperly");
http_response_code(400);
@@ -13,16 +14,24 @@ if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]))
$file=$_FILES["the_file"];
$filename=$_POST["filename"];
+$parent_directory=$_POST["parent_directory"];
$user=$_SESSION['user_object'];
$homedir=$user->home_directory;
$mimetype=file_type($file['tmp_name']);
+$dir = get_directory($parent_directory, $user);
+if (!$dir)
+{
+ error_log("trying to upload to invalid directory");
+ http_response_code(409);
+ exit(0);
+}
-$codename=$database->create_file_node($filename,"",$homedir,$mimetype,$user);
+$codename=$database->create_file_node($filename,"",$dir,$mimetype,$user);
if($codename=="error")
{
error_log("could not create file_node in upload.php");
- http_response_code(400);
+ http_response_code(409);
exit(0);
}
if($codename=="filename taken")