X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=admin_files.php;h=d32b14d26e00405e867821d9aeefae537d2a711f;hb=fdde0e963303cc51e36dd76ce300e43db8e888e4;hp=db70f867296e2ab5acf86f333aec290739cbe4f5;hpb=8c4eef93b5d12e5453780b2b23c6a06af5d3894f;p=wfpl-cms.git

diff --git a/admin_files.php b/admin_files.php
index db70f86..d32b14d 100644
--- a/admin_files.php
+++ b/admin_files.php
@@ -12,9 +12,9 @@ $GLOBALS['upload_directory'] = 'files/';
 $GLOBALS['filename_file_name'] = uniqid() . getmypid() . '.txt';
 
 
-require_once(INC_WFPL . 'format.php');
-require_once(INC_WFPL . 'email.php');
-require_once(INC_WFPL . 'upload.php');
+require_once(__DIR__.'/'.'inc/wfpl/format.php');
+require_once(__DIR__.'/'.'inc/wfpl/email.php');
+require_once(__DIR__.'/'.'inc/wfpl/upload.php');
 
 function admin_files_get_fields() {
 	$data = array();
@@ -24,7 +24,7 @@ function admin_files_get_fields() {
 	#header('Content-Type: text/plain');
 	#print_r(array($_REQUEST['filename'], $_FILES['filename']));
 	#exit();
-	$filename_filename_tmp = format_filename($_FILES['filename']['name']);
+	$filename_filename_tmp = format_filename($_FILES['filename']['name'], true);
 	if(!$filename_filename_tmp) {
 		$filename_filename_tmp = $GLOBALS['filename_file_name'];
 	}
@@ -34,7 +34,7 @@ function admin_files_get_fields() {
 		if(_REQUEST_cut('delete_filename') == 'Yes') {
 			$data['filename'] = '';
 		} else {
-			$data['filename'] = format_path(_REQUEST_cut('old_filename'));
+			$data['filename'] = format_path(_REQUEST_cut('old_filename'), true);
 		}
 	}
 	unset($_FILES['filename']);
@@ -44,12 +44,7 @@ function admin_files_get_fields() {
 
 
 function admin_files_main() {
-	if(logged_in_as_admin()) {
-		tem_set('admin_privs');
-	} else {
-		$_REQUEST['url'] = this_url();
-		return 'admin_login';
-	}
+	session_auth_must('admin_files');
 
 	$id = _REQUEST_cut('edit_id');
 	if($id) {