}
$js = "";
-if ($use_popup_windows)
+if ($SysPrefs->use_popup_windows)
$js .= get_js_open_window(800, 500);
page(_($help_context = "Attach Documents"), false, false, "", $js);
if (!file_exists($dir))
{
mkdir ($dir,0777);
- $index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
+ $index_file = "<?php\nheader(\"Location: ../index.php\");\n";
$fp = fopen($dir."/index.php", "w");
fwrite($fp, $index_file);
fclose($fp);
// protect against directory traversal
if ($Mode == 'UPDATE_ITEM')
{
- $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+ $row = get_attachment($selected_id);
+ if ($row['filename'] == "")
+ exit();
+ $unique_name = $row['unique_name'];
if ($filename && file_exists($dir."/".$unique_name))
unlink($dir."/".$unique_name);
}
end_page();
-?>