public function delete_media_file($params)
{
only_admin_access();
$target_path = media_base_path() . 'uploaded' . DS;
$target_path = normalize_path($target_path, 0);
$path_restirct = userfiles_path();
$fn_remove_path = $_REQUEST['path'];
$resp = array();
if ($fn_remove_path != false and is_array($fn_remove_path)) {
foreach ($fn_remove_path as $key => $value) {
$fn_remove = $this->app->url_manager->to_path($value);
if (isset($fn_remove) and trim($fn_remove) != '' and trim($fn_remove) != 'false') {
$path = urldecode($fn_remove);
$path = normalize_path($path, 0);
$path = str_replace('..', '', $path);
$path = str_replace($path_restirct, '', $path);
$target_path = userfiles_path() . DS . $path;
$target_path = normalize_path($target_path, false);
if (stristr($target_path, media_base_path())) {
if (is_dir($target_path)) {
mw('Microweber\\Utils\\Files')->rmdir($target_path, false);
$resp = array('success' => 'Directory ' . $target_path . ' is deleted');
} elseif (is_file($target_path)) {
unlink($target_path);
$resp = array('success' => 'File ' . basename($target_path) . ' is deleted');
} else {
$resp = array('error' => 'Not valid file or folder ' . $target_path . ' ');
}
} else {
$resp = array('error' => 'Not allowed to delete on ' . $target_path . ' ');
}
}
}
}
return $resp;
}