starting css rewrite

[wfpl-cms.git] / admin_files.php

diff --git a/admin_files.php b/admin_files.php
index 98c98e3..d32b14d 100644 (file)
--- a/admin_files.php
+++ b/admin_files.php
@@ -12,9 +12,9 @@ $GLOBALS['upload_directory'] = 'files/';
 $GLOBALS['filename_file_name'] = uniqid() . getmypid() . '.txt';
 
 
-require_once(DOCROOT . 'inc/wfpl/format.php');
-require_once(DOCROOT . 'inc/wfpl/email.php');
-require_once(DOCROOT . 'inc/wfpl/upload.php');
+require_once(__DIR__.'/'.'inc/wfpl/format.php');
+require_once(__DIR__.'/'.'inc/wfpl/email.php');
+require_once(__DIR__.'/'.'inc/wfpl/upload.php');
 
 function admin_files_get_fields() {
        $data = array();
@@ -24,7 +24,7 @@ function admin_files_get_fields() {
        #header('Content-Type: text/plain');
        #print_r(array($_REQUEST['filename'], $_FILES['filename']));
        #exit();
-       $filename_filename_tmp = format_filename($_FILES['filename']['name']);
+       $filename_filename_tmp = format_filename($_FILES['filename']['name'], true);
        if(!$filename_filename_tmp) {
                $filename_filename_tmp = $GLOBALS['filename_file_name'];
        }
@@ -34,7 +34,7 @@ function admin_files_get_fields() {
                if(_REQUEST_cut('delete_filename') == 'Yes') {
                        $data['filename'] = '';
                } else {
-                       $data['filename'] = format_path(_REQUEST_cut('old_filename'));
+                       $data['filename'] = format_path(_REQUEST_cut('old_filename'), true);
                }
        }
        unset($_FILES['filename']);
@@ -44,12 +44,7 @@ function admin_files_get_fields() {
 
 
 function admin_files_main() {
-       if(logged_in_as_admin()) {
-               tem_set('admin_privs');
-       } else {
-               $_REQUEST['url'] = this_url();
-               return 'admin_login';
-       }
+       session_auth_must('admin_files');
 
        $id = _REQUEST_cut('edit_id');
        if($id) {