diff options
Diffstat (limited to 'scripts/upload.php')
| -rw-r--r-- | scripts/upload.php | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/scripts/upload.php b/scripts/upload.php index e88472ac..910078d3 100644 --- a/scripts/upload.php +++ b/scripts/upload.php @@ -105,6 +105,7 @@ SDV($PageUploadFmt,array(" XLSDV('en',array( 'ULby' => 'uploaded by', 'ULsuccess' => 'successfully uploaded', + 'ULdroplabel' => 'Drop files to upload:', 'ULinvalidtoken' => 'Token invalid or missing.', 'ULmimemismatch' => 'extension \'$upext\' doesn\'t match file type \'$upmime\'', 'ULfileinfo' => 'EnableUploadMimeMatch requires PHP Fileinfo functions to be enabled, see https://php.net/fileinfo.installation', @@ -200,8 +201,14 @@ function UploadAuth($pagename, $auth, $cache=0){ SDV($GroupAttributesFmt,'$Group/GroupAttributes'); $pn_upload = FmtPageName($GroupAttributesFmt, $pagename); } else $pn_upload = $pagename; - $page = RetrieveAuthPage($pn_upload, $auth, true, READPAGE_CURRENT); - if (!$page) Abort("?No '$auth' permissions for $pagename"); + $authprompt = @$_POST['pmdrop']? false: true; + $page = RetrieveAuthPage($pn_upload, $auth, $authprompt, READPAGE_CURRENT); + if (!$page) { + $msg = "?No '$auth' permissions for $pagename"; + if (@$_POST['pmdrop']) + return PrintJSON($pagename, array('error'=>1,'msg'=>$msg)); + Abort($msg); + } if ($cache) PCache($pn_upload,$page); return true; } @@ -354,6 +361,17 @@ function HandlePostUpload($pagename, $auth = 'upload') { } } $FmtV['$upresult'] = $result; + if (@$_POST['pmdrop']) { + $out = array('uprname'=>$upname); + preg_match('/^upresult=([a-zA-Z]+)(.*)$/', $result, $m); + $out['msg'] = "$upname: ".FmtPageName(XL("UL{$m[1]}"), $pagename); + + if ($m[1] != 'success') $out['error'] = 1; + else $out['href'] = $FmtV['$upurl']; + + PrintJSON($pagename, $out); + exit; + } SDV($UploadRedirectFunction, 'Redirect'); $UploadRedirectFunction($pagename,"{\$PageUrl}?action=upload&uprname=$upname&$result"); } @@ -362,7 +380,7 @@ function UploadVerifyBasic($pagename,$uploadfile,&$filepath,&$upname=null) { global $EnableUploadOverwrite, $UploadExtSize, $UploadPrefixQuota, $EnableUploadVersions, $UploadDirQuota, $UploadDir, $UploadBlacklist, $Author, $EnablePostAuthorRequired, $EnableUploadAuthorRequired, - $UploadExts, $EnableUploadMimeMatch, $Now; + $UploadExts, $EnableUploadMimeMatch, $Now, $FmtV; if (! pmtoken(1)) { return 'upresult=invalidtoken'; @@ -382,7 +400,7 @@ function UploadVerifyBasic($pagename,$uploadfile,&$filepath,&$upname=null) { } } if (IsEnabled($EnableUploadVersions, 0)==2 && file_exists($filepath)) { - if(preg_match('!^(.*/([^/]+))(\\.[a-z0-9]+)$!i', $filepath, $m)) { + if (preg_match('!^(.*/([^/]+))(\\.[a-z0-9]+)$!i', $filepath, $m)) { $stamp36 = base_convert($Now, 10, 36); $filepath = "{$m[1]}-$stamp36{$m[3]}"; $upname = "{$m[2]}-$stamp36{$m[3]}"; @@ -391,9 +409,12 @@ function UploadVerifyBasic($pagename,$uploadfile,&$filepath,&$upname=null) { if (!$EnableUploadOverwrite && file_exists($filepath)) return 'upresult=exists'; preg_match('/\\.([^.\\/]+)$/',$filepath,$match); $ext=@$match[1]; - if(!isset($UploadExtSize[$ext])) + + $FmtV['$upext'] = $ext; + if (!isset($UploadExtSize[$ext])) return "upresult=badtype&upext=$ext"; $maxsize = $UploadExtSize[$ext]; + $FmtV['$upmax'] = $maxsize; if ($maxsize<=0) return "upresult=badtype&upext=$ext"; if (intval(@$uploadfile['size'])>$maxsize) return "upresult=toobigext&upext=$ext&upmax=$maxsize"; @@ -409,12 +430,14 @@ function UploadVerifyBasic($pagename,$uploadfile,&$filepath,&$upname=null) { return "upresult=fileinfo"; $mime = mime_content_type($uploadfile['tmp_name']); + $FmtV['$upmime'] = $mime; if ($mime != $UploadExts[$ext]) { if (!is_array($EnableUploadMimeMatch) || !isset($EnableUploadMimeMatch[$ext]) - || !preg_match($EnableUploadMimeMatch[$ext], $mime)) + || !preg_match($EnableUploadMimeMatch[$ext], $mime)) { return "upresult=mimemismatch&upext=$ext&upmime=$mime"; + } } } |