F diff --git a/loggedin.js b/loggedin.js --- a/loggedin.js +++ b/loggedin.jsconst upload_btn = document.getElementById("upload_btn");const the_path = document.getElementById("the_path");const current_directory = document.getElementById("current_directory");+ const upload_parent_directory = document.getElementById("upload_parent_directory");the_file.onchange = on_file_added;function on_file_added(_e) {if (the_file.files.length >= 1) {- filename_input.value = the_file.files[0].name;+ filename_input.value = the_file.files[0].name;+ upload_parent_directory.value = get_path();if (!FORM_ASYNC) {upload_form.submit();F diff --git a/loggedin.php b/loggedin.php --- a/loggedin.php +++ b/loggedin.php<form id="upload_form" style="display:none;" action="php/upload.php" method="post" enctype="multipart/form-data"><input id="filename" name="filename"><input type="file" name="the_file" id="the_file">+ <input name="parent_directory" id="upload_parent_directory"></form>F diff --git a/php/database.php b/php/database.php --- a/php/database.php +++ b/php/database.php{error_log("could not exedude dir sql statement in create_file_node");return "error";- }- if(($dir=$dir_prep->fetch(PDO::FETCH_ASSOC))==false)+ }++ $dir=$dir_prep->fetch(PDO::FETCH_ASSOC);+ if($dir == false){error_log("create_file_node dir isnt a directory");return "error";F diff --git a/php/node.php b/php/node.php --- a/php/node.php +++ b/php/node.php{$dir_id=$database->create_dangling_directory();$database->link_nodes($parent_dir_id,$dir_id,$directory_name,$note);++ $database->give_view_access($dir_id, $user->user_id);+ $database->give_edit_access($dir_id, $user->user_id);return $dir_id;}}F diff --git a/php/readdir.php b/php/readdir.php --- a/php/readdir.php +++ b/php/readdir.php$user=$_SESSION['user_object'];$path=$_POST['path'];- //echo '[ { "name": "file1.txt", "mimetype": "text/plain", "is_directory": false }, { "name": "file2.pdf", "mimetype": "application/pdf", "is_directory": false }, { "name": "dir", "mimetype": "", "is_directory": true } ] ';$ret=get_directory_contents($path,$user);+$json=json_encode($ret);echo $json;?>F diff --git a/php/upload.php b/php/upload.php --- a/php/upload.php +++ b/php/upload.phprequire_once "database.php";require_once "configuration.php";require_once "file_type_recogniser.php";+ require_once "node.php";session_start();- if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]))+ if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"]) || !isset($_POST['parent_directory'])){error_log("someone tried to upload something impropperly");http_response_code(400);$file=$_FILES["the_file"];$filename=$_POST["filename"];+ $parent_directory=$_POST["parent_directory"];$user=$_SESSION['user_object'];$homedir=$user->home_directory;$mimetype=file_type($file['tmp_name']);+ $dir = get_directory($parent_directory, $user);+ if (!$dir)+ {+ error_log("trying to upload to invalid directory");+ http_response_code(409);+ exit(0);+ }- $codename=$database->create_file_node($filename,"",$homedir,$mimetype,$user);+ $codename=$database->create_file_node($filename,"",$dir,$mimetype,$user);if($codename=="error"){error_log("could not create file_node in upload.php");- http_response_code(400);+ http_response_code(409);exit(0);}if($codename=="filename taken")