diff options
-rw-r--r-- | inc/message.inc.php | 3 | ||||
-rw-r--r-- | modules/sysconfig.inc.php | 27 | ||||
-rw-r--r-- | templates/page-tgz-list.html | 12 |
3 files changed, 40 insertions, 2 deletions
diff --git a/inc/message.inc.php b/inc/message.inc.php index 5896d092..d39f0f9b 100644 --- a/inc/message.inc.php +++ b/inc/message.inc.php @@ -15,6 +15,9 @@ $error_text = array( 'invalid-action' => 'Ungültige Aktion: {{0}}', 'remote-timeout' => 'Konnte Ressource {{0}} nicht herunterladen', 'remote-parse-failed' => 'Parsen der empfangenen Daten fehlgeschlagen ({{0}})', + 'missing-file' => 'Es wurde keine Datei ausgewählt!', + 'upload-complete' => 'Upload von {{0}} war erfolgreich', + 'upload-failed' => 'Upload von {{0}} schlug fehl!', ); class Message diff --git a/modules/sysconfig.inc.php b/modules/sysconfig.inc.php index e4751ec4..d5300194 100644 --- a/modules/sysconfig.inc.php +++ b/modules/sysconfig.inc.php @@ -2,6 +2,31 @@ User::load(); +if (isset($_POST['action']) && $_POST['action'] === 'upload') { + if (!Util::verifyToken()) { + Util::redirect('?do=sysconfig'); + } + if (!User::hasPermission('superadmin')) { + Message::addError('no-permission'); + Util::redirect('?do=sysconfig'); + } + if (!isset($_FILES['customtgz'])) { + Message::addError('missing-file'); + Util::redirect('?do=sysconfig'); + } + $dest = $_FILES['customtgz']['name']; + $dest = preg_replace('/[^a-z0-9\-_]/', '', $dest); + $dest = substr($dest, 0, 30); + if (substr($dest, -3) !== 'tgz') $dest .= '.tgz'; + # TODO: Validate its a (compressed) tar? + if (move_uploaded_file($_FILES['customtgz']['tmp_name'], CONFIG_TGZ_LIST_DIR . '/' . $dest)) { + Message::addSuccess('upload-complete', $dest); + } else { + Message::addError('upload-failed', $dest); + } + Util::redirect('?do=sysconfig'); +} + function render_module() { if (!isset($_REQUEST['action'])) $_REQUEST['action'] = 'list'; @@ -30,7 +55,7 @@ function list_configs() 'file' => $file ); } - Render::addTemplate('page-tgz-list', array('files' => $files)); + Render::addTemplate('page-tgz-list', array('files' => $files, 'token' => Session::get('token'))); } function list_remote_configs() diff --git a/templates/page-tgz-list.html b/templates/page-tgz-list.html index fec5af63..65654766 100644 --- a/templates/page-tgz-list.html +++ b/templates/page-tgz-list.html @@ -6,5 +6,15 @@ <div class="row well well-sm">Keine Konfigurationspakete gefunden!</div> {{/files}} <a class="btn btn-lg btn-primary" href="?do=sysconfig&action=remotelist">Konfigurationen herunterladen</a> - <a class="btn btn-lg btn-primary" href="?do=sysconfig&action=upload">Eigene Konfiguration hochladen</a> + <a class="btn btn-lg btn-primary" href="#" data-toggle="collapse" data-target="#uploadform">Eigene Konfiguration hochladen</a> + <div class="collapse" id="uploadform"> + <div class="well well-sm" style="margin: 5px 0px"> + <form method="post" action="?do=sysconfig" enctype="multipart/form-data"> + <input type="file" size="40" class="form-control" name="customtgz"> + <input type="hidden" name="action" value="upload"> + <input type="hidden" name="token" value="{{token}}"> + <button class="btn btn-primary form-control-addon" type="submit">Hochladen</button> + </form> + </div> + </div> </div> |