Also here the upload path needs to be included, else the files cannot be

author Roland Häder <roland@mxchange.org>

Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)

committer Roland Häder <roland@mxchange.org>

Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)
author Roland Häder <roland@mxchange.org>
Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)
committer Roland Häder <roland@mxchange.org>
Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)
diff --git a/index.php b/index.php

index 0746448ce6c242f9647b0d2c9743d2dcf50f46ec..4b469a8f1b039b494b9cc206464fadf925e510f4 100644 (file)
--- a/index.php
+++ b/index.php
@@ -214,26 +214,30 @@
         if (isset($_POST)) {
                 if ($settings['allow_deletion'])
                         if (isset($_POST['action']) && $_POST['action'] === 'delete')
-                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-                                       if (file_exists($_POST['target'])) {
-                                               unlink($_POST['target']);
+                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) {
+                                       $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target'];
+                                       if (file_exists($fqfn)) {
+                                               unlink($fqfn);
                                                 echo 'File has been removed';
                                                 exit;
                                         }
+                               }
  
                 if ($settings['allow_private'])
                         if (isset($_POST['action']) && $_POST['action'] === 'privatetoggle')
-                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-                                       if (file_exists($_POST['target'])) {
+                               if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) {
+                                       $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target'];
+                                       if (file_exists($fqfn)) {
                                                 if ($_POST['target'][0] === '.') {
-                                                       rename($_POST['target'], substr($_POST['target'], 1));
+                                                       rename($fqfn, substr($fqfn, 1));
                                                         echo 'File has been made visible';
                                                 } else {
-                                                       rename($_POST['target'], '.' . $_POST['target']);
+                                                       rename($fqfn, $data['uploaddir'] . DIRECTORY_SEPARATOR . '.' . $_POST['target']);
                                                         echo 'File has been hidden';
                                                 }
                                                 exit;
                                         }
+                               }
         }
  
         // List files in a given directory, excluding certain files
author	Roland Häder <roland@mxchange.org>
	Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)
committer	Roland Häder <roland@mxchange.org>
	Tue, 29 Mar 2016 13:19:57 +0000 (15:19 +0200)