diff --git a/delete.php b/delete.php index 9ba115acccd..66869e27663 100644 --- a/delete.php +++ b/delete.php @@ -50,26 +50,40 @@ die("You don't have a valid session !"); } - $file_index = (int)$_GET['file_index']; - $fieldname = $_GET['fieldname']; - $filename = "tmp/upload/".$_SESSION[$fieldname]['files'][$file_index]['filename']; - $name = $_SESSION[$fieldname]['files'][$file_index]['name']; + $sFieldname = $_GET['fieldname']; + $sFilename = sanitize_filename($_GET['filename']); + $sOriginalFileName=sanitize_filename($_GET['name']); + if (substr($sFilename,0,6)=='futmp_') + { + $sFileDir = $tempdir.'/upload/'; + } + elseif(substr($sFilename,0,3)=='fu_'){ + $sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/"; + } + else die('Invalid filename'); - $fh = fopen($filename, 'w') or die("can't open file"); - fclose($fh); + $sJSON = $_SESSION[$fieldname]; + $aFiles = json_decode(stripslashes($sJSON),true); - if (unlink($filename)) - { - echo sprintf($clang->gT('File %s deleted'), rawurldecode($name)); - for ($i = $file_index; $i < $_SESSION[$fieldname]['filecount']; $i++) + if(substr($sFilename,0,3)=='fu_'){ + $iFileIndex=0; + $found=false; + foreach ($aFiles as $aFile) { - $_SESSION[$fieldname]['files'][$i]['name'] = $_SESSION[$fieldname]['files'][$i + 1]['name']; - $_SESSION[$fieldname]['files'][$i]['size'] = $_SESSION[$fieldname]['files'][$i + 1]['size']; - $_SESSION[$fieldname]['files'][$i]['ext'] = $_SESSION[$fieldname]['files'][$i + 1]['ext']; - $_SESSION[$fieldname]['files'][$i]['filename'] = $_SESSION[$fieldname]['files'][$i + 1]['filename']; + if ($aFile['filename']==$sFilename) + { + $found=true; + break; + } + $iFileIndex++; } - $_SESSION[$fieldname]['files'][$_SESSION[$fieldname]['filecount']] = NULL; - $_SESSION[$fieldname]['filecount'] -= 1; + if ($found==true) unset($aFiles[$iFileIndex]); + $_SESSION[$fieldname] = json_encode($aFiles); + } + + if (@unlink($sFileDir.$sFilename)) + { + echo sprintf($clang->gT('File %s deleted'), $sOriginalFileName); } else echo $clang->gT('Oops, There was an error deleting the file'); diff --git a/qanda.php b/qanda.php index 6386bda9bfa..dad8916e6b7 100644 --- a/qanda.php +++ b/qanda.php @@ -3804,9 +3804,8 @@ function do_file_upload($ia) $answer .= "
"; - //$answer .= '
Trouble uploading files? Try the Simple Uploader
'.$basic.'
'; - $answer .= ''; - -$meta .=' - -'; - -$baselang = GetBaseLanguageFromSurveyID($surveyid); -$clang = new limesurvey_lang($baselang); - -$header = getHeader($meta); - -echo $header; - -echo "\n"; - -$fn = $_GET['fieldname']; -$qid = $_GET['qid']; -$qidattributes=getQuestionAttributes($qid); - -$body = ' -
- - - - - - - - - - - - -
- -
- -

'.sprintf($clang->gT("You can upload %s under %s KB each.",'js'),$qidattributes['allowed_filetypes'],$qidattributes['max_filesize']).'

-
- - - - - -'; -echo $body; +FetchRow(); + $stg_SessionName=$usrow['stg_value']; + if ($surveyid) + { + if (isset($_GET['preview']) && $_GET['preview'] == 1) + { + @session_name($stg_SessionName); + } + else + { + @session_name($stg_SessionName.'-runtime-'.$surveyid); + } + } + else + { + @session_name($stg_SessionName.'-runtime-publicportal'); + } +} +else +{ + session_name("LimeSurveyRuntime-$surveyid"); +} +session_set_cookie_params(0,$relativeurl.'/'); +@session_start(); + +if (empty($_SESSION) || !isset($_SESSION['fieldname'])) +{ + die("You don't have a valid session !"); +} + +$meta = ''; + +$meta .=' + +'; + +$baselang = GetBaseLanguageFromSurveyID($surveyid); +$clang = new limesurvey_lang($baselang); + +$header = getHeader($meta); + +echo $header; + +echo "\n"; + +$fn = $_GET['fieldname']; +$qid = $_GET['qid']; +$qidattributes=getQuestionAttributes($qid); + +$body = ' +
+ + + + + + + + + + + + +
+ +
+ +

'.sprintf($clang->gT("You can upload %s under %s KB each.",'js'),$qidattributes['allowed_filetypes'],$qidattributes['max_filesize']).'

+
+ + + + + +'; +echo $body; ?> \ No newline at end of file