Also here the upload path needs to be included, else the files cannot be

[simple-upload.git] / index.php

diff --git a/index.php b/index.php
index 7ecb92709b15ea00de131bdaffec0c14b818d78c..4b469a8f1b039b494b9cc206464fadf925e510f4 100644 (file)
--- a/index.php
+++ b/index.php
@@ -214,26 +214,30 @@
        if (isset($_POST)) {
                if ($settings['allow_deletion'])
                        if (isset($_POST['action']) && $_POST['action'] === 'delete')
-                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-                                       if (file_exists($_POST['target'])) {
-                                               unlink($_POST['target']);
+                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) {
+                                       $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target'];
+                                       if (file_exists($fqfn)) {
+                                               unlink($fqfn);
                                                echo 'File has been removed';
                                                exit;
                                        }
+                               }
 
                if ($settings['allow_private'])
                        if (isset($_POST['action']) && $_POST['action'] === 'privatetoggle')
-                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-                                       if (file_exists($_POST['target'])) {
+                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) {
+                                       $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target'];
+                                       if (file_exists($fqfn)) {
                                                if ($_POST['target'][0] === '.') {
-                                                       rename($_POST['target'], substr($_POST['target'], 1));
+                                                       rename($fqfn, substr($fqfn, 1));
                                                        echo 'File has been made visible';
                                                } else {
-                                                       rename($_POST['target'], '.' . $_POST['target']);
+                                                       rename($fqfn, $data['uploaddir'] . DIRECTORY_SEPARATOR . '.' . $_POST['target']);
                                                        echo 'File has been hidden';
                                                }
                                                exit;
                                        }
+                               }
        }
 
        // List files in a given directory, excluding certain files
@@ -261,14 +265,16 @@
                }
        }
 
-       $file_array = listFiles($data['uploaddir'], $data['ignores']);
+       // Only read files if the feature is enabled
+       if ($settings['listfiles']) {
+               $file_array = listFiles($data['uploaddir'], $data['ignores']);
 
-       // Removing old files
-       if ($settings['remove_old_files'])
-               removeOldFiles($data['uploaddir']);
+               // Removing old files
+               if ($settings['remove_old_files'])
+                       removeOldFiles($data['uploaddir']);
 
-       $file_array = listFiles($data['uploaddir'], $data['ignores']);
-       //die(print_r($file_array, TRUE));
+               $file_array = listFiles($data['uploaddir'], $data['ignores']);
+       }
 ?>
 <!DOCTYPE html>
 <html lang="<?=$settings['lang']?>" dir="<?=$settings['lang_dir']?>">