dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update foldernew.php

This commit is contained in:
FusionPBX 2019-07-08 22:34:57 -06:00 committed by GitHub
parent 0dec060543
commit 718861abbd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 76 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
app/edit/foldernew.php
View File

@ -17,72 +17,96 @@
The Initial Developer of the Original Code is The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2012 Portions created by the Initial Developer are Copyright (C) 2008-2019
the Initial Developer. All Rights Reserved. the Initial Developer. All Rights Reserved.
Contributor(s): Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
James Rose <james.o.rose@gmail.com> James Rose <james.o.rose@gmail.com>
*/ */
include "root.php";
require_once "resources/require.php"; //includes
require_once "resources/check_auth.php"; include "root.php";
if (permission_exists('script_editor_save')) { require_once "resources/require.php";
//access granted require_once "resources/check_auth.php";
}
else { //check permissions
echo "access denied"; if (permission_exists('script_editor_save')) {
exit; //access granted
} }
else {
echo "access denied";
exit;
}
//add multi-lingual support //add multi-lingual support
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
$folder = $_GET["folder"]; //preparing the directory
$folder = str_replace ("\\", "/", $folder); $folder = $_REQUEST["folder"];
$foldername = $_GET["foldername"]; $folder = str_replace ("\\", "/", $folder);
$foldername = $_REQUEST["foldername"];
if (strlen($folder) > 0 && strlen($foldername) > 0) { //create the directory or show the html form
//create new folder if (strlen($folder) > 0 && strlen($foldername) > 0) {
mkdir($folder.'/'.$foldername); //, 0700
header("Location: fileoptions.php");
}
else { //display form
require_once "header.php";
echo "<br>";
echo "<div align='left'>";
echo "<form method='get' action=''>";
echo "<table>";
echo " <tr>";
echo " <td>".$text['label-path']."</td>";
echo " </tr>";
echo " <tr>";
echo " <td>".$folder."</td>";
echo " </tr>";
echo "</table>";
echo "<br />"; //compare the tokens
$key_name = '/app/edit/folder_new';
$hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
if (!hash_equals($hash, $_POST['token'])) {
echo "access denied";
exit;
}
echo "<table>"; //create new folder
echo " <tr>"; mkdir($folder.'/'.$foldername); //, 0700
echo " <td>".$text['label-folder-name']."</td>"; header("Location: fileoptions.php");
echo " </tr>"; }
else {
echo " <tr>"; //create a token
echo " <td><input type='text' name='foldername' value=''></td>"; $key_name = '/app/edit/folder_new';
echo " </tr>"; $_SESSION['keys'][$key_name] = bin2hex(random_bytes(32));
$_SESSION['token'] = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
echo " <tr>"; //display the html form
echo " <td colspan='1' align='right'>"; require_once "header.php";
echo " <input type='hidden' name='folder' value='$folder'>"; echo "<br>";
echo " <input type='button' value='".$text['button-back']."' onclick='history.back()'><input type='submit' value='".$text['button-new-folder']."'>"; echo "<div align='left'>";
echo " </td>"; echo "<form method='POST' action=''>";
echo " </tr>"; echo "<table>";
echo "</table>"; echo " <tr>";
echo "</form>"; echo " <td>".$text['label-path']."</td>";
echo "</div>"; echo " </tr>";
echo " <tr>";
echo " <td>".$folder."</td>";
echo " </tr>";
echo "</table>";
echo "<br />";
echo "<table>";
echo " <tr>";
echo " <td>".$text['label-folder-name']."</td>";
echo " </tr>";
echo " <tr>";
echo " <td><input type='text' name='foldername' value=''></td>";
echo " </tr>";
echo " <tr>";
echo " <td colspan='1' align='right'>";
echo " <input type='hidden' name='folder' value='$folder'>";
echo " <input type='hidden' name='token' id='token' value='". $_SESSION['token']. "'>";
echo " <input type='button' value='".$text['button-back']."' onclick='history.back()'><input type='submit' value='".$text['button-new-folder']."'>";
echo " </td>";
echo " </tr>";
echo "</table>";
echo "</form>";
echo "</div>";
require_once "footer.php";
}
require_once "footer.php";
}
?> ?>