- elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${page}"; then
- . "$_EXEC/multipart.sh"
- multipart_cache
-
- # Validate session id from form to prevent CSRF
- # Only validate if username is present, because no username means
- # anonymous uploads are allowed via acl and cgilite/session.sh does not
- # validate anonymous sessions from a multipart/formdata
- if [ "$USER_NAME" -a "$(multipart session_id)" != "$SESSION_ID" ]; then
- rm -- "$multipart_cachefile"
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- return 0
- fi
-
- mkdir -p "$_DATA/pages${page}#attachments/"
- n=1; while filename=$(multipart_filename "file" "$n"); do
- filename="$(printf %s "$filename" |tr /\\0 __)"
- multipart "file" "$n" >"$_DATA/pages${page}#attachments/$filename"
- n=$((n + 1))
- done
- rm -- "$multipart_cachefile"
- REDIRECT "${_BASE}${PATH_INFO}"