OLDBOY/plugin/editor/cheditor5/imageUpload/delete.php



<title>OLDBOY/plugin/editor/cheditor5/imageUpload/delete.php</title>


<div class="header">OLDBOY/plugin/editor/cheditor5/imageUpload/delete.php</div>
<pre>&lt;?php
require_once(&quot;config.php&quot;);

if(!function_exists(&#039;ft_nonce_is_valid&#039;)){
    include_once(&#039;../editor.lib.php&#039;);
}

$filesrc = isset($_POST[&quot;filesrc&quot;]) ? preg_replace(&quot;/[ #\&amp;\+\-%@=\/\\\:;,\&#039;\&quot;\^`~|\!\?\*$#&lt;&gt;()\[\]\{\}]/&quot;, &quot;&quot;, $_POST[&quot;filesrc&quot;]) : &#039;&#039;;

if( !$filesrc || ! preg_match(&#039;=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=&#039;, $filesrc) || ! preg_match(&#039;/\.(gif|jpe?g|bmp|png)$/i&#039;, $filesrc) ){
    die( false );
}

$is_editor_upload = false;

$get_nonce = get_session(&#039;nonce_&#039;.FT_NONCE_SESSION_KEY);

if( $get_nonce &amp;&amp; ft_nonce_is_valid( $get_nonce, &#039;cheditor&#039; ) ){
    $is_editor_upload = true;
}

if( !$is_editor_upload ){
   die( false );
}

// ---------------------------------------------------------------------------

$file_arr = explode(&#039;_&#039;, $filesrc );

if( $file_arr[1] !== che_get_file_passname() ){
    die( false );
}

$filepath = SAVE_DIR . &#039;/&#039; . $filesrc;
$r = false;

if( function_exists(&#039;run_event&#039;) ){
    run_event(&#039;delete_editor_file&#039;, $filepath, $r);
}

if (file_exists($filepath)) {
	$r = unlink($filepath);
	if ($r) {
		$thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . &quot;thumb_&quot; . basename($filepath);
		if (file_exists($thumbPath)) {
			unlink($thumbPath);
		}
	}
}

echo $r ? true : false;</pre>