diff --git a/delete.php b/delete.php index 9ba115acccd..66869e27663 100644 --- a/delete.php +++ b/delete.php @@ -50,26 +50,40 @@ die("You don't have a valid session !"); } - $file_index = (int)$_GET['file_index']; - $fieldname = $_GET['fieldname']; - $filename = "tmp/upload/".$_SESSION[$fieldname]['files'][$file_index]['filename']; - $name = $_SESSION[$fieldname]['files'][$file_index]['name']; + $sFieldname = $_GET['fieldname']; + $sFilename = sanitize_filename($_GET['filename']); + $sOriginalFileName=sanitize_filename($_GET['name']); + if (substr($sFilename,0,6)=='futmp_') + { + $sFileDir = $tempdir.'/upload/'; + } + elseif(substr($sFilename,0,3)=='fu_'){ + $sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/"; + } + else die('Invalid filename'); - $fh = fopen($filename, 'w') or die("can't open file"); - fclose($fh); + $sJSON = $_SESSION[$fieldname]; + $aFiles = json_decode(stripslashes($sJSON),true); - if (unlink($filename)) - { - echo sprintf($clang->gT('File %s deleted'), rawurldecode($name)); - for ($i = $file_index; $i < $_SESSION[$fieldname]['filecount']; $i++) + if(substr($sFilename,0,3)=='fu_'){ + $iFileIndex=0; + $found=false; + foreach ($aFiles as $aFile) { - $_SESSION[$fieldname]['files'][$i]['name'] = $_SESSION[$fieldname]['files'][$i + 1]['name']; - $_SESSION[$fieldname]['files'][$i]['size'] = $_SESSION[$fieldname]['files'][$i + 1]['size']; - $_SESSION[$fieldname]['files'][$i]['ext'] = $_SESSION[$fieldname]['files'][$i + 1]['ext']; - $_SESSION[$fieldname]['files'][$i]['filename'] = $_SESSION[$fieldname]['files'][$i + 1]['filename']; + if ($aFile['filename']==$sFilename) + { + $found=true; + break; + } + $iFileIndex++; } - $_SESSION[$fieldname]['files'][$_SESSION[$fieldname]['filecount']] = NULL; - $_SESSION[$fieldname]['filecount'] -= 1; + if ($found==true) unset($aFiles[$iFileIndex]); + $_SESSION[$fieldname] = json_encode($aFiles); + } + + if (@unlink($sFileDir.$sFilename)) + { + echo sprintf($clang->gT('File %s deleted'), $sOriginalFileName); } else echo $clang->gT('Oops, There was an error deleting the file'); diff --git a/qanda.php b/qanda.php index 6386bda9bfa..dad8916e6b7 100644 --- a/qanda.php +++ b/qanda.php @@ -3804,9 +3804,8 @@ function do_file_upload($ia) $answer .= "
"; - //$answer .= ''.sprintf($clang->gT("You can upload %s under %s KB each.",'js'),$qidattributes['allowed_filetypes'],$qidattributes['max_filesize']).'
- - - -