From 43933b5939b329a4ab333b093a370dabe995e0ad Mon Sep 17 00:00:00 2001
From: root
Date: Wed, 26 Mar 2014 23:51:57 +0100
Subject: Small changes.

---
 www/functions/func_upload.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'www/functions/func_upload.php')

diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
index 8059191..dd113fc 100755
--- a/www/functions/func_upload.php
+++ b/www/functions/func_upload.php
@@ -50,10 +50,7 @@ function upload($db){
 		return UPLOAD_FOLDER_NOT_OWNER;
 	}
 
-	$ownername = SQLite3::escapeString($_SESSION['username']);
-	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
-	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
-	$owner = $owner_ar[0];
+	$owner = $_SESSION["userid"];
 
 	$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
 	$overall_size = 0;
@@ -62,7 +59,7 @@ function upload($db){
 		$overall_size = $overall_size + $row[$count];
 		$count++;
 	}
-
+	
 	if($overall_size > 2147483648){		// == 2GB
 		return UPLOAD_QUOTA;
 	}
-- 
cgit v1.2.3


From 768f0f6a1ec5aaaa576fdc1bd283973a8a5ffc89 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Thu, 27 Mar 2014 00:22:55 +0100
Subject: Fixed upload();

---
 www/functions/func_upload.php | 25 ++++---------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

(limited to 'www/functions/func_upload.php')

diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
index 8059191..674b4cd 100755
--- a/www/functions/func_upload.php
+++ b/www/functions/func_upload.php
@@ -1,20 +1,5 @@
 <?php
 
-/* This was tested with this interface, where PWD the primary key from the working directory is:
-
-UPDATE 26.3. : Should now accept the path as an argument.
-
-<!DOCTYPE html>
-<form method='post' action='/upload.php' enctype="multipart/form-data">
-<p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p>
-
-<p>PWD: <input type='text' name='path'></p>
-<p>Share: <input type='text' name='share'>
-<p><input type='submit' name='submit' value='upload'></p>
-</form>
-
-*/
-
 function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
 	if($db->exec("
 		BEGIN TRANSACTION;
@@ -27,7 +12,9 @@ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $si
 	}
 }
 
-function upload($db){
+function upload($path){
+
+	$db = $GLOBALS["db"];
 
 	if(!$_SESSION["login"]){
 		return UPLOAD_LOGIN;
@@ -37,11 +24,7 @@ function upload($db){
 		return UPLOAD_UPLOAD;
 	}
 
-	$parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]);
-	//$parentdir = SQLite3::escapeString("$_POST[pwd]");
-	if(!preg_match("/[0-9]+/", $parentdir)){
-		return UPLOAD_PARENTFOLDER;
-	}
+	$parentdir = select_file_id($db, $_SESSION["userid"], $path);
 
 	$folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";");
 	$folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
-- 
cgit v1.2.3


From a35197cefeb2dae3e3688eec5762824263d16f0c Mon Sep 17 00:00:00 2001
From: Horus3
Date: Thu, 27 Mar 2014 02:04:04 +0100
Subject: Fixed wrong input.

---
 www/functions/func_upload.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'www/functions/func_upload.php')

diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
index 89bfbc0..850c501 100755
--- a/www/functions/func_upload.php
+++ b/www/functions/func_upload.php
@@ -51,7 +51,12 @@ function upload($path){
 	$folder = "FILE";
 	$mime = $_FILES['userfile']['type'];
 	$size = $_FILES['userfile']['size'];
-	$share = SQLite3::escapeString($_POST['share']);
+
+	if(isset($_POST["share"])){
+		$share = "PUBLIC";
+	} else {
+		$share = "PRIVATE";
+	}
 
 	$uploaddir = "../files/";
 
-- 
cgit v1.2.3