Install/Activate Themes: fixed hangups during theme removal.

[fa-stable.git] / admin / attachments.php

diff --git a/admin/attachments.php b/admin/attachments.php
index b34cbe33675eb8c23c0103d88bd102967980ea79..bd567bf23684dfee55970b98789a274138135d92 100644 (file)
--- a/admin/attachments.php
+++ b/admin/attachments.php
@@ -19,6 +19,7 @@ include_once($path_to_root . "/includes/date_functions.inc");
 include_once($path_to_root . "/includes/ui.inc");
 include_once($path_to_root . "/includes/data_checks.inc");
 include_once($path_to_root . "/admin/db/attachments_db.inc");
+include_once($path_to_root . "/admin/db/transactions_db.inc");
 
 if (isset($_GET['vw']))
        $view_id = $_GET['vw'];
@@ -68,7 +69,7 @@ if ($download_id != -1)
 }
 
 $js = "";
-if ($use_popup_windows)
+if ($SysPrefs->use_popup_windows)
        $js .= get_js_open_window(800, 500);
 page(_($help_context = "Attach Documents"), false, false, "", $js);
 
@@ -81,10 +82,16 @@ if (isset($_GET['trans_no']))
 
 if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
 {
-       if (!$_POST['trans_no'])
-               display_error(_("No transaction has been selected."));
-       elseif ($Mode == 'ADD_ITEM' && (!isset($_FILES['filename']) || $_FILES['filename']['size'] == 0))
+       if (!transaction_exists($_POST['filterType'], $_POST['trans_no']))
+               display_error(_("Selected transaction does not exists."));
+       elseif ($Mode == 'ADD_ITEM' && !isset($_FILES['filename']))
                display_error(_("Select attachment file."));
+       elseif ($Mode == 'ADD_ITEM' && ($_FILES['filename']['error'] > 0)) {
+    if ($_FILES['filename']['error'] == UPLOAD_ERR_INI_SIZE) 
+                 display_error(_("The file size is over the maximum allowed."));
+    else
+                 display_error(_("Select attachment file."));
+  }
        else {
                //$content = base64_encode(file_get_contents($_FILES['filename']['tmp_name']));
                $tmpname = $_FILES['filename']['tmp_name'];
@@ -93,7 +100,7 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
                if (!file_exists($dir))
                {
                        mkdir ($dir,0777);
-                       $index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
+                       $index_file = "<?php\nheader(\"Location: ../index.php\");\n";
                        $fp = fopen($dir."/index.php", "w");
                        fwrite($fp, $index_file);
                        fclose($fp);
@@ -107,7 +114,10 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
                // protect against directory traversal
                if ($Mode == 'UPDATE_ITEM')
                {
-                       $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+                   $row = get_attachment($selected_id);
+                   if ($row['filename'] == "")
+                       exit();
+                       $unique_name = $row['unique_name'];
                        if ($filename && file_exists($dir."/".$unique_name))
                                unlink($dir."/".$unique_name);
                }
@@ -130,7 +140,7 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
                        display_notification(_("Attachment has been updated.")); 
                }
        }
-       refresh_pager('trans_table');
+       refresh_pager('trans_tbl');
        $Ajax->activate('_page_body');
        $Mode = 'RESET';
 }
@@ -254,4 +264,3 @@ end_form();
 
 end_page();
 
-?>