-
Notifications
You must be signed in to change notification settings - Fork 31
/
addpic.php
74 lines (56 loc) · 2.07 KB
/
addpic.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<?php
/*************************
Coppermine Photo Gallery
************************
Copyright (c) 2003-2016 Coppermine Dev Team
v1.0 originally written by Gregory Demar
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3
as published by the Free Software Foundation.
********************************************
Coppermine version: 1.6.03
$HeadURL$
**********************************************/
define('IN_COPPERMINE', true);
define('ADDPIC_PHP', true);
define('DB_INPUT_PHP', true);
require('include/init.inc.php');
require('include/picmgmt.inc.php');
if (!GALLERY_ADMIN_MODE) {
die('Access denied');
}
$aid = $superCage->get->getInt('aid');
/**
* TODO: $_GET['pic_file'] cannot be cleaned sensibly with current methods available. Refactor.
*/
$matches = $superCage->get->getMatched('pic_file', '/^[0-9A-Za-z=\+\/]+$/');
$pic_file = base64_decode($matches[0]);
$dir_name = dirname($pic_file) . '/';
$file_name = basename($pic_file);
// Setup for auto-orient if requested
if ($superCage->get->getInt('ao')) {
$CONFIG['autorient'] = 1;
}
// Replace the windows directory separator with /
$dir_name = str_replace('\\\\', '/', $dir_name);
$dir_name = str_replace('\\', '/', $dir_name);
// Create the holder $picture_name by translating the file name.
// Translate any forbidden character into an underscore.
$source = './' . $CONFIG['fullpath'] . $dir_name . $file_name;
$file_name = CPGPluginAPI::filter('upload_file_name', $file_name);
$sane_name = replace_forbidden($file_name);
rename($source, './' . $CONFIG['fullpath'] . $dir_name . $sane_name);
$sql = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' LIMIT 1";
$result = cpg_db_query($sql);
if ($result->numRows()) {
$status = 'DUPE';
} elseif (($result = add_picture($aid, $dir_name, $sane_name)) === true) {
$status = 'OK';
} else {
$status = $result['error'];
}
if (ob_get_length()) {
ob_end_clean();
}
echo $status;
//EOF