From 331276878000b5119ecf5a679e82d30a4b1597af Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 29 Mar 2016 15:19:57 +0200 Subject: [PATCH] Also here the upload path needs to be included, else the files cannot be marked as hidden or deleted. --- index.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/index.php b/index.php index 0746448..4b469a8 100644 --- a/index.php +++ b/index.php @@ -214,26 +214,30 @@ if (isset($_POST)) { if ($settings['allow_deletion']) if (isset($_POST['action']) && $_POST['action'] === 'delete') - if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) - if (file_exists($_POST['target'])) { - unlink($_POST['target']); + if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) { + $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target']; + if (file_exists($fqfn)) { + unlink($fqfn); echo 'File has been removed'; exit; } + } if ($settings['allow_private']) if (isset($_POST['action']) && $_POST['action'] === 'privatetoggle') - if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) - if (file_exists($_POST['target'])) { + if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files'])) { + $fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $_POST['target']; + if (file_exists($fqfn)) { if ($_POST['target'][0] === '.') { - rename($_POST['target'], substr($_POST['target'], 1)); + rename($fqfn, substr($fqfn, 1)); echo 'File has been made visible'; } else { - rename($_POST['target'], '.' . $_POST['target']); + rename($fqfn, $data['uploaddir'] . DIRECTORY_SEPARATOR . '.' . $_POST['target']); echo 'File has been hidden'; } exit; } + } } // List files in a given directory, excluding certain files -- 2.39.5