Update filenew.php
This commit is contained in:
FusionPBX
GitHub
parent
b6be273a8a
commit
6c171fc437
|
|
@ -17,16 +17,20 @@
|
|||
|
||||
The Initial Developer of the Original Code is
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2012
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
||||
the Initial Developer. All Rights Reserved.
|
||||
|
||||
Contributor(s):
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
James Rose <james.o.rose@gmail.com>
|
||||
*/
|
||||
|
||||
//includes
|
||||
include "root.php";
|
||||
require_once "resources/require.php";
|
||||
require_once "resources/check_auth.php";
|
||||
|
||||
//check permissions
|
||||
if (permission_exists('script_editor_save')) {
|
||||
//access granted
|
||||
}
|
||||
|
|
@ -39,12 +43,22 @@ else {
|
|||
$language = new text;
|
||||
$text = $language->get();
|
||||
|
||||
$folder = $_GET["folder"];
|
||||
//handle the directory and file
|
||||
$folder = $_REQUEST["folder"];
|
||||
$folder = str_replace ("\\", "/", $folder);
|
||||
if (substr($folder, -1) != "/") { $folder = $folder.'/'; }
|
||||
$file = $_GET["file"];
|
||||
$file = $_REQUEST["file"];
|
||||
|
||||
//write the file or show the html form
|
||||
if (strlen($folder) > 0 && strlen($file) > 0) {
|
||||
//compare the tokens
|
||||
$key_name = '/app/edit/file_new';
|
||||
$hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
|
||||
if (!hash_equals($hash, $_POST['token'])) {
|
||||
echo "access denied";
|
||||
exit;
|
||||
}
|
||||
|
||||
//create new file
|
||||
$handle = fopen($folder.$file, 'wb') or die("Error!!");
|
||||
$content = "<?php\n\n?>";
|
||||
|
|
@ -53,11 +67,19 @@ if (strlen($folder) > 0 && strlen($file) > 0) {
|
|||
header("Location: fileoptions.php");
|
||||
}
|
||||
else {
|
||||
|
||||
//create a token
|
||||
$key_name = '/app/edit/file_new';
|
||||
$_SESSION['keys'][$key_name] = bin2hex(random_bytes(32));
|
||||
$_SESSION['token'] = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
|
||||
|
||||
//include the header
|
||||
require_once "header.php";
|
||||
|
||||
//show the content
|
||||
echo "<br>";
|
||||
echo "<div align='left'>";
|
||||
echo "<form method='get' action=''>";
|
||||
echo "<form method='POST' action=''>";
|
||||
echo "<table>";
|
||||
echo " <tr>";
|
||||
echo " <td>Path:</td>";
|
||||
|
|
@ -81,6 +103,7 @@ else {
|
|||
echo " <tr>";
|
||||
echo " <td colspan='1' align='right'>";
|
||||
echo " <input type='hidden' name='folder' value='$folder'>";
|
||||
echo " <input type='hidden' name='token' id='token' value='". $_SESSION['token']. "'>";
|
||||
echo " <input type='button' value='".$text['button-back']."' onclick='history.back()'><input type='submit' value='".$text['button-new-file']."'>";
|
||||
echo " </td>";
|
||||
echo " </tr>";
|
||||
|
|
|
|||
Loading…
Reference in New Issue