diff options
-rw-r--r-- | lib/exe/ajax.php | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 4f627e995..d4ef8dc11 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -251,24 +251,27 @@ function ajax_mediadiff(){ function ajax_mediaupload(){ global $NS, $MSG; - $NS = $_REQUEST['ns']; - $AUTH = auth_quickaclcheck("$NS:*"); - if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); } - - if ($_FILES['qqfile']['error']) unset($_FILES['qqfile']); - if ($_FILES['qqfile']['tmp_name']) { - $res = media_upload($NS, $AUTH, $_FILES['qqfile']); $id = ((empty($_POST['mediaid'])) ? $_FILES['qqfile']['name'] : $_POST['mediaid']); - } - if (isset($_GET['qqfile'])) { - $res = media_upload_xhr($NS, $AUTH); + } elseif (isset($_GET['qqfile'])) { $id = $_GET['qqfile']; } + $id = cleanID($id, false, true); + $NS = $_REQUEST['ns']; + $ns = $NS.':'.getNS($id); + + $AUTH = auth_quickaclcheck("$ns:*"); + if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$ns:xxx", 'media'); } + + if ($_FILES['qqfile']['error']) unset($_FILES['qqfile']); + + if ($_FILES['qqfile']['tmp_name']) $res = media_upload($NS, $AUTH, $_FILES['qqfile']); + if (isset($_GET['qqfile'])) $res = media_upload_xhr($NS, $AUTH); + if ($res) $result = array('success' => true, - 'link' => media_managerURL(array('ns' => $NS.':'.getNS($id), 'image' => $NS.':'.$id), '&'), + 'link' => media_managerURL(array('ns' => $ns, 'image' => $NS.':'.$id), '&'), 'id' => $NS.':'.$id, 'ns' => $NS); if (!$result) { |