F diff --git a/loggedin.js b/loggedin.js
--- a/loggedin.js
+++ b/loggedin.js
function open_file(fileview) {
var data = new FormData();
data.append('folder', get_path());
- data.append('path', get_path());
+ data.append('filename', fileview.filename);
var xhr = new XMLHttpRequest();
xhr.open('POST', '/php/readfile.php', true);
xhr.onload = function () {
-
+ console.log(xhr.responseText);
};
xhr.send(data);
}
F diff --git a/php/readfile.php b/php/readfile.php
--- a/php/readfile.php
+++ b/php/readfile.php
require_once "misc.php";
session_start();
- if (!isset($_POST["filename"]) || !isset($_FILES["folder"])) {
+ if (!isset($_POST["filename"]) || !isset($_POST["folder"])) {
error_log("/php/readfile.php - invalid request");
http_response_code(400);
exit(1);
$dir = get_directory($folder, $user);
if (!$dir) {
- error_log("i/php/readfile.php - invalid directory");
+ error_log("/php/readfile.php - invalid directory");
http_response_code(409);
exit(0);
}
foreach ($contents_of_dir as $c) {
if ($c['name'] == $filename) {
$file_node = $c;
+ break;
}
}
+ if (!$file_node) {
+ error_log("/php/readfile.php - invalid filename");
+ http_response_code(409);
+ exit(0);
+ }
+
+ header("Content-type: $file_node[mimetype]");
- var_error_log($file_node);
+ readfile("$storage_root/$file_node[code]");