causefx 7 лет назад
Родитель
Сommit
b5c04905ff
1 измененных файлов с 3 добавлено и 3 удалено
  1. 3 3
      api/functions/organizr-functions.php

+ 3 - 3
api/functions/organizr-functions.php

@@ -1541,10 +1541,10 @@ function editImages()
 	$array = array();
 	$array = array();
 	$postCheck = array_filter($_POST);
 	$postCheck = array_filter($_POST);
 	$filesCheck = array_filter($_FILES);
 	$filesCheck = array_filter($_FILES);
-	$approvedPath = 'plugins/images/tabs';
+	$approvedPath = 'plugins/images/tabs/';
 	if (!empty($postCheck)) {
 	if (!empty($postCheck)) {
-		$removeImage = str_replace('../', '', $_POST['data']['imagePath']);
-		if ($_POST['data']['action'] == 'deleteImage' && approvedFileExtension($_POST['data']['imagePath']) && strpos($removeImage, $approvedPath) !== false) {
+		$removeImage = $approvedPath . pathinfo($_POST['data']['imagePath'], PATHINFO_BASENAME);
+		if ($_POST['data']['action'] == 'deleteImage' && approvedFileExtension($removeImage)) {
 			if (file_exists(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . $removeImage)) {
 			if (file_exists(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . $removeImage)) {
 				writeLog('success', 'Image Manager Function -  Deleted Image [' . $_POST['data']['imageName'] . ']', $GLOBALS['organizrUser']['username']);
 				writeLog('success', 'Image Manager Function -  Deleted Image [' . $_POST['data']['imageName'] . ']', $GLOBALS['organizrUser']['username']);
 				return (unlink(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . $removeImage)) ? true : false;
 				return (unlink(dirname(__DIR__, 2) . DIRECTORY_SEPARATOR . $removeImage)) ? true : false;