isLoggedIn()) { media_loginAndPassThrough(); exit; } // check if member is on at least one teamlist $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID(); $teams = DB::getResult($query); if ($teams->rowCount() == 0 && !$member->isAdmin()) media_doError(_ERROR_DISALLOWEDUPLOAD); // get action $action = requestVar('action'); if ($action == '') $action = 'selectmedia'; // check ticket $aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT); if (!in_array($action, $aActionsNotToCheck)) { if (!$manager->checkTicket()) media_doError(_ERROR_BADTICKET); } switch($action) { case 'chooseupload': case _MEDIA_UPLOAD_TO: case _MEDIA_UPLOAD_NEW: if (!$member->isAdmin() and $CONF['AllowUpload'] != true) { media_doError(_ERROR_DISALLOWED); } else { media_choose(); } break; case 'uploadfile': if (!$member->isAdmin() and $CONF['AllowUpload'] != true) { media_doError(_ERROR_DISALLOWED); } else { media_upload(); } break; case _MEDIA_FILTER_APPLY: case 'selectmedia': case _MEDIA_COLLECTION_SELECT: default: media_select(); break; } // select a file function media_select() { global $member, $CONF, $DIR_MEDIA, $manager; // show 10 files + navigation buttons // show msg when no files // show upload form // files sorted according to last modification date // currently selected collection $currentCollection = requestVar('collection'); if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection)) $currentCollection = $member->getID(); // avoid directory travarsal and accessing invalid directory if (!Media::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED); media_head(); // get collection list $collections = Media::getCollectionList(); if (sizeof($collections) > 1) { ?>
" . date("Y-m-d", $medium->timestamp) . " | \n"; // strings for javascript $jsCurrentCollection = str_replace("'", "\\'", $currentCollection); $jsFileName = str_replace("'", "\\'", $medium->filename); if ( array_key_exists($medium->mime, Media::$image_mime) ) { echo "width) . "','" . Entity::hsc($medium->height) . "'" . ")\" title=\"" . Entity::hsc($medium->filename) . "\">" . Entity::hsc(Entity::shorten($medium->filename, 25, '...')) .""; echo ' (filename"), '" onclick="window.open(this.href); return false;" title="'. Entity::hsc(_MEDIA_VIEW_TT) . '">' . _MEDIA_VIEW . ')'; echo " | \n"; echo '' . Entity::hsc($medium->width) . 'x' . Entity::hsc($medium->height) . " | \n"; } else { // no image (e.g. mpg) echo "filename). "\">" . Entity::hsc(Entity::shorten($medium->filename, 30, '...')) ." | \n"; echo '' . Entity::hsc($medium->size) . "KB | \n"; } echo "