diff --git a/includes/functions.forms.php b/includes/functions.forms.php
index cbe6d62b7..3718051f4 100644
--- a/includes/functions.forms.php
+++ b/includes/functions.forms.php
@@ -44,6 +44,39 @@ function form_add_existing_parameters( $ignore = array() )
}
}
+/**
+ * Add any existing $_GET parameters to the form's action url
+ */
+function get_form_action_with_existing_parameters( $action = null, $ignore = array() )
+{
+ $use = [];
+
+ // Don't add the pagination parameter
+ $ignore[] = 'page';
+
+ // Remove this parameters so they only exist when the action is done
+ $remove = array('action', 'batch', 'status');
+
+ if ( !empty( $_GET ) ) {
+ foreach ( $_GET as $param => $value ) {
+ // Remove status and actions
+ if ( in_array( $param, $remove ) ) {
+ unset( $_GET[$param] );
+ }
+ if ( !is_array( $value ) && !in_array( $param, $ignore ) ) {
+ $use[$param] = encode_html($value);
+ }
+ }
+ }
+
+ $return = $action;
+ if (!empty($use)) {
+ $return .= '?' . http_build_query($use);
+ }
+
+ return $return;
+}
+
/**
* Returns an existing or empty value to an input
*
diff --git a/includes/functions.php b/includes/functions.php
index 21a81dc44..d284360b0 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1894,4 +1894,10 @@ function recaptcha2ValidateRequest($redirect = true)
}
return $validation_passed;
+}
+
+function ps_redirect($location, $status = 303)
+{
+ header("Location: $location", true, $status);
+ exit;
}
\ No newline at end of file
diff --git a/includes/security/csrf.php b/includes/security/csrf.php
index eceb3e814..61412d419 100644
--- a/includes/security/csrf.php
+++ b/includes/security/csrf.php
@@ -13,6 +13,11 @@ function getCsrfToken()
return $_SESSION['csrf_token'];
}
+function addCsrf()
+{
+ echo '
';
+}
+
/**
* Validates the send csrf token with a stable string comparison algorithm.
* Do not optimize for speed!!!
diff --git a/manage-files.php b/manage-files.php
index 47e8cba09..7224832f7 100644
--- a/manage-files.php
+++ b/manage-files.php
@@ -14,6 +14,8 @@
$page_id = 'manage_files';
+$current_url = get_form_action_with_existing_parameters(basename(__FILE__), array( 'modify_id', 'modify_type' ));
+
/**
* Used to distinguish the current page results.
* Global means all files.
@@ -69,113 +71,113 @@
}
}
+/**
+ * Apply the corresponding action to the selected files.
+ */
+if (isset($_POST['action'])) {
+ /** Continue only if 1 or more files were selected. */
+ if (!empty($_POST['batch'])) {
+ $selected_files = array_map('intval',array_unique($_POST['batch']));
+
+ switch ($_POST['action']) {
+ case 'hide':
+ /**
+ * Changes the value on the "hidden" column value on the database.
+ * This files are not shown on the client's file list. They are
+ * also not counted on the dashboard.php files count when the logged in
+ * account is the client.
+ */
+ foreach ($selected_files as $file_id) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ $file->hide($results_type, $_POST['modify_id']);
+ }
+
+ $flash->success(__('The selected files were marked as hidden.', 'cftp_admin'));
+ break;
+ case 'show':
+ foreach ($selected_files as $file_id) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ $file->show($results_type, $_POST['modify_id']);
+ }
+
+ $flash->success(__('The selected files were marked as visible.', 'cftp_admin'));
+ break;
+ case 'hide_everyone':
+ foreach ($selected_files as $file_id) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ $file->hideFromEveryone();
+ }
+
+ $flash->success(__('The selected files were marked as hidden.', 'cftp_admin'));
+ break;
+ case 'show_everyone':
+ foreach ($selected_files as $file_id) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ $file->showToEveryone();
+ }
+
+ $flash->success(__('The selected files were marked as visible.', 'cftp_admin'));
+ break;
+ case 'unassign':
+ /**
+ * Remove the file from this client or group only.
+ */
+ foreach ($selected_files as $file_id) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ $file->removeAssignment($results_type, $_POST['modify_id']);
+ }
+
+ $flash->success(__('The selected files were successfully unassigned.', 'cftp_admin'));
+ break;
+ case 'delete':
+ $delete_results = array(
+ 'ok' => 0,
+ 'errors' => 0,
+ );
+ foreach ($selected_files as $index => $file_id) {
+ if (!empty($file_id)) {
+ $file = new \ProjectSend\Classes\Files;
+ $file->get($file_id);
+ if ($file->deleteFiles()) {
+ $delete_results['ok']++;
+ }
+ else {
+ $delete_results['errors']++;
+ }
+ }
+ }
+
+ if ( $delete_results['ok'] > 0 ) {
+ $flash->success(__('The selected files were deleted.', 'cftp_admin'));
+ }
+ if ( $delete_results['errors'] > 0 ) {
+ $flash->error(__('Some files could not be deleted.', 'cftp_admin'));
+ }
+ break;
+ case 'edit':
+ $url = BASE_URI.'files-edit.php?ids='.implode(',', $selected_files);
+ header("Location: ".$url);
+ exit;
+ break;
+ }
+ }
+ else {
+ $flash->error(__('Please select at least one file.', 'cftp_admin'));
+ }
+
+ ps_redirect($current_url);
+}
+
include_once ADMIN_VIEWS_DIR . DS . 'header.php';
?>
get($file_id);
- $file->hide($results_type, $_GET['modify_id']);
- }
- $msg = __('The selected files were marked as hidden.','cftp_admin');
- echo system_message('success',$msg);
- break;
- case 'show':
- foreach ($selected_files as $file_id) {
- $file = new \ProjectSend\Classes\Files;
- $file->get($file_id);
- $file->show($results_type, $_GET['modify_id']);
- }
- $msg = __('The selected files were marked as visible.','cftp_admin');
- echo system_message('success',$msg);
- break;
- case 'hide_everyone':
- foreach ($selected_files as $file_id) {
- $file = new \ProjectSend\Classes\Files;
- $file->get($file_id);
- $file->hideFromEveryone();
- }
- $msg = __('The selected files were marked as hidden.','cftp_admin');
- echo system_message('success',$msg);
- break;
- case 'show_everyone':
- foreach ($selected_files as $file_id) {
- $file = new \ProjectSend\Classes\Files;
- $file->get($file_id);
- $file->showToEveryone();
- }
- $msg = __('The selected files were marked as visible.','cftp_admin');
- echo system_message('success',$msg);
- break;
- case 'unassign':
- /**
- * Remove the file from this client or group only.
- */
- foreach ($selected_files as $file_id) {
- $file = new \ProjectSend\Classes\Files;
- $file->get($file_id);
- $file->removeAssignment($results_type, $_GET['modify_id']);
- }
- $msg = __('The selected files were successfully unassigned.','cftp_admin');
- echo system_message('success',$msg);
- break;
- case 'delete':
- $delete_results = array(
- 'ok' => 0,
- 'errors' => 0,
- );
- foreach ($selected_files as $index => $file_id) {
- if (!empty($file_id)) {
- $file = new \ProjectSend\Classes\Files;
- $file->get($file_id);
- if ($file->deleteFiles()) {
- $delete_results['ok']++;
- }
- else {
- $delete_results['errors']++;
- }
- }
- }
-
- if ( $delete_results['ok'] > 0 ) {
- $msg = __('The selected files were deleted.','cftp_admin');
- echo system_message('success',$msg);
- }
- if ( $delete_results['errors'] > 0 ) {
- $msg = __('Some files could not be deleted.','cftp_admin');
- echo system_message('danger',$msg);
- }
- break;
- case 'edit':
- $url = BASE_URI.'files-edit.php?ids='.implode(',', $selected_files);
- header("Location: ".$url);
- exit;
- break;
- }
- }
- else {
- $msg = __('Please select at least one file.','cftp_admin');
- echo system_message('danger',$msg);
- }
- }
-
/**
* Global form action
*/
@@ -407,8 +409,8 @@
-