From ca4e0cbb1471e837197cd2ed30b1ea3c274ab41d Mon Sep 17 00:00:00 2001 From: Alex Vitkov Date: Sat, 13 Feb 2021 00:51:39 +0200 Subject: Upload.php now can upload in direcotires other than root --- php/upload.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'php/upload.php') diff --git a/php/upload.php b/php/upload.php index 1672e9e..9739744 100644 --- a/php/upload.php +++ b/php/upload.php @@ -2,9 +2,10 @@ require_once "database.php"; require_once "configuration.php"; require_once "file_type_recogniser.php"; +require_once "node.php"; session_start(); -if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"])) +if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]) || !isset($_POST['parent_directory'])) { error_log("someone tried to upload something impropperly"); http_response_code(400); @@ -13,16 +14,24 @@ if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"])) $file=$_FILES["the_file"]; $filename=$_POST["filename"]; +$parent_directory=$_POST["parent_directory"]; $user=$_SESSION['user_object']; $homedir=$user->home_directory; $mimetype=file_type($file['tmp_name']); +$dir = get_directory($parent_directory, $user); +if (!$dir) +{ + error_log("trying to upload to invalid directory"); + http_response_code(409); + exit(0); +} -$codename=$database->create_file_node($filename,"",$homedir,$mimetype,$user); +$codename=$database->create_file_node($filename,"",$dir,$mimetype,$user); if($codename=="error") { error_log("could not create file_node in upload.php"); - http_response_code(400); + http_response_code(409); exit(0); } if($codename=="filename taken") -- cgit v1.2.3