<?php
/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2010 The Nucleus Group
+ * Copyright (C) 2002-2011 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* passed through to the add-item form (linkto, popupimg or inline img)
*
* @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2010 The Nucleus Group
+ * @copyright Copyright (C) 2002-2011 The Nucleus Group
* @version $Id$
* $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
*
$CONF['MediaPerPage'] = 10;
// include all classes and config data
-require('../config.php');
-include($DIR_LIBS . 'MEDIA.php'); // media classes
+$DIR_LIBS = '';
+require_once('../config.php');
+//include($DIR_LIBS . 'MEDIA.php'); // media classes
+include_libs('MEDIA.php',false,false);
sendContentType('application/xhtml+xml', 'media');
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
-
+
if ($filesize > $CONF['MaxUploadSize'])
media_doError(_ERROR_FILE_TOO_BIG);
-
+
// check file type against allowed types
$ok = 0;
$allowedtypes = explode (',', $CONF['AllowedTypes']);
foreach ( $allowedtypes as $type )
- if (eregi("\." .$type. "$",$filename)) $ok = 1;
+ {
+ //if (eregi("\." .$type. "$",$filename)) $ok = 1;
+ if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
+ }
if (!$ok) media_doError(_ERROR_BADFILETYPE);
-
+
if (!is_uploaded_file($filetempname))
media_doError(_ERROR_BADREQUEST);
-
+
// prefix filename with current date (YYYY-MM-DD-)
// this to avoid nameclashes
if ($CONF['MediaPrefix'])
?>
<h1><?php echo _ERROR?></h1>
<p><?php echo $msg?></p>
- <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
+ <p><a href="media.php" onclick="history.back(); return false;"><?php echo _BACK?></a></p>
<?php media_foot();
exit;
}