X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Ffilez.inc;h=09bd11a37652709c1783c20bcdd3ea079ab792cd;hb=41b53a981f7bab0ca17e16fddb72d868311f9ba9;hp=5ca65c93c77d4bf06ac5c70f31d083b0727e60f5;hpb=45a1b8708029e9c2e30b0cfcc42ca0b276a49e59;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/filez.inc b/wwwroot/inc/filez.inc
index 5ca65c9..09bd11a 100644
--- a/wwwroot/inc/filez.inc
+++ b/wwwroot/inc/filez.inc
@@ -1,64 +1,36 @@
 <?php
-class filez {
-
-//XXX function not used, remove?
 
-public static function files($id) {
-	global $db,$error;
-	if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
-		mkdir(FILE_DIR.$_SESSION['user_id']);
-	}
-	copy($_FILES['data_file']['tmp_name'],FILE_DIR.$_SESSION['user_id'].'/'.$_FILES['data_file']['name']);
-	return $_SESSION['user_id'].'/'.$_FILES['data_file']['name'];
-}
+class filez {
 
 // Function that check if given filename is "secure" (for uploading)
 // Dont use for reading files, directory traversal is not checked
 
-public static function filename_secure($name){
+public static function upload_filename_secure($name){
 	$suffix = array_pop(explode('.', basename($name)));
 	
 	// This is unfornately blacklist
 	// TODO extend for all possible server configuations
 	// TODO: why js?
-	$preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess)([a-z]*)$/i';
+	$preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess|htpasswd|asmx)([a-z]*)$/i';
 	if (preg_match($preg_disallowed, $suffix) > 0) {
 		return false;
 	}
 	return true;
 }
 
-}
-
-/*
-*  Returns disk usage in bytes of directory $d. Limit depth level with $depth.
-*  Updates, documentation and examples: http://daniel.lorch.cc/projects/disk_usage/
-*
-*  Revision: 1.00
-*/
-
-function disk_usage($d, $depth = NULL) {
-  if(is_file($d))
-    return filesize($d);
-
-  if(isset($depth) && $depth < 0)
-    return 0;
-
-  if($d[strlen($d)-1] != '\\' || $d[strlen($d)-1] != '/')
-    $d .= '/';
-
-  $dh=@opendir($d);
-  if(!$dh)
-    return 0;
-
-  while($e = readdir($dh))
-    if($e != '.' && $e != '..')
-      $usage += disk_usage($d.$e, isset($depth) ? $depth - 1 : NULL);
-
-  closedir($dh);
+public static function upload_data_file($node_id) {
+	if ( !filez::upload_filename_secure($_FILES['data_file']['name'])) {
+		$error = 'bad, naughty file type. Cruise missile launched.';
+		return false;
+	}
+	if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
+		 mkdir(FILE_DIR.$_SESSION['user_id']);
+	}
+	$suffix = array_pop(explode('.', basename($_FILES['data_file']['name'])));
+	copy($_FILES['data_file']['tmp_name'], FILE_DIR.$_SESSION['user_id'].'/'.$node_id.".$suffix");
+	symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node_id.".$suffix",FILE_DIR.'/'.$node_id);
 
-  return $usage;
 }
 
-
+}
 ?>