forked from LimeSurvey/LimeSurvey
-
Notifications
You must be signed in to change notification settings - Fork 0
/
delete.php
91 lines (81 loc) · 2.53 KB
/
delete.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
require_once(dirname(__FILE__).'/classes/core/startup.php');
require_once(dirname(__FILE__).'/config-defaults.php');
require_once(dirname(__FILE__).'/common.php');
require_once($homedir.'/classes/core/class.progressbar.php');
require_once(dirname(__FILE__).'/classes/core/language.php');
if (!isset($surveyid))
{
$surveyid=returnglobal('sid');
}
else
{
//This next line ensures that the $surveyid value is never anything but a number.
$surveyid=sanitize_int($surveyid);
}
// Compute the Session name
// Session name is based:
// * on this specific limesurvey installation (Value SessionName in DB)
// * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal
$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
$usresult = db_execute_assoc($usquery,'',true); //Checked
if ($usresult)
{
$usrow = $usresult->FetchRow();
$stg_SessionName=$usrow['stg_value'];
if ($surveyid)
{
@session_name($stg_SessionName.'-runtime-'.$surveyid);
}
else
{
@session_name($stg_SessionName.'-runtime-publicportal');
}
}
else
{
session_name("LimeSurveyRuntime-$surveyid");
}
session_set_cookie_params(0,$relativeurl.'/admin/');
@session_start();
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
if (empty($_SESSION) || !isset($_SESSION['fieldname']))
{
die("You don't have a valid session !");
}
$sFieldname = $_GET['fieldname'];
$sFilename = sanitize_filename($_GET['filename']);
$sOriginalFileName=sanitize_filename($_GET['name']);
if (substr($sFilename,0,6)=='futmp_')
{
$sFileDir = $tempdir.'/upload/';
}
elseif(substr($sFilename,0,3)=='fu_'){
$sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/";
}
else die('Invalid filename');
$sJSON = $_SESSION[$sFieldname];
$aFiles = json_decode(stripslashes($sJSON),true);
if(substr($sFilename,0,3)=='fu_'){
$iFileIndex=0;
$found=false;
foreach ($aFiles as $aFile)
{
if ($aFile['filename']==$sFilename)
{
$found=true;
break;
}
$iFileIndex++;
}
if ($found==true) unset($aFiles[$iFileIndex]);
$_SESSION[$sFieldname] = ls_json_encode($aFiles);
}
if (@unlink($sFileDir.$sFilename))
{
echo sprintf($clang->gT('File %s deleted'), $sOriginalFileName);
}
else
echo $clang->gT('Oops, There was an error deleting the file');
?>