public function action($parent)
{
$c = $parent->config;
$util = new Utility();
if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== false || strpos($_POST['path'], './') === 0) {
$this->r = array('wrong path', 400);
return;
}
$path = $c['current_path'] . $_POST['path'];
$info = pathinfo($path);
$base_folder = $c['current_path'] . $util->fix_dirname($_POST['path']) . "/";
switch ($info['extension']) {
case "zip":
$zip = new \ZipArchive();
if ($zip->open($path) === true) {
//make all the folders
for ($i = 0; $i < $zip->numFiles; $i++) {
$OnlyFileName = $zip->getNameIndex($i);
$FullFileName = $zip->statIndex($i);
if (substr($FullFileName['name'], -1, 1) == "/") {
$util->create_folder($base_folder . $FullFileName['name']);
}
}
//unzip into the folders
for ($i = 0; $i < $zip->numFiles; $i++) {
$OnlyFileName = $zip->getNameIndex($i);
$FullFileName = $zip->statIndex($i);
if (!(substr($FullFileName['name'], -1, 1) == "/")) {
$fileinfo = pathinfo($OnlyFileName);
if (in_array(strtolower($fileinfo['extension']), $ext)) {
copy('zip://' . $path . '#' . $OnlyFileName, $base_folder . $FullFileName['name']);
}
}
}
$zip->close();
} else {
$this->r = array('Could not extract. File might be corrupt.', 500);
return;
}
break;
case "gz":
$p = new \PharData($path);
$p->decompress();
// creates files.tar
break;
case "tar":
// unarchive from the tar
$phar = new \PharData($path);
$phar->decompressFiles();
$files = array();
$util->check_files_extensions_on_phar($phar, $files, '', $ext);
$phar->extractTo($current_path . fix_dirname($_POST['path']) . "/", $files, true);
break;
default:
$this->r = array('This extension is not supported. Valid: zip, gz, tar.', 400);
return;
break;
}
}
public function Dialog(Application $app, Request $request)
{
$config = $app['FileManager'];
$config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']);
//handle sessions
$session = new SessionHandler($app);
$util = new Utility();
//handle additional parameters to set views ect
if (isset($_GET['view'])) {
$session->setViewType($util->fix_get_params($_GET['view']));
}
if (isset($_GET["filter"])) {
$session->setFilter($util->fix_get_params($_GET['filter']));
}
if (isset($_GET["sort_by"])) {
$session->setSortBy($util->fix_get_params($_GET["sort_by"]));
}
if (isset($_GET["descending"])) {
$session->setDescending($util->fix_get_params($_GET["descending"]));
}
$subdir = '';
if (isset($_GET['fldr']) && !empty($_GET['fldr']) && strpos($_GET['fldr'], '../') === FALSE && strpos($_GET['fldr'], './') === FALSE) {
$subdir = urldecode(trim(strip_tags($_GET['fldr']), "/") . "/");
$session->setFilter('');
}
// If hidden folders are specified
if (count($config['hidden_folders'])) {
// If hidden folder appears in the path specified in URL parameter "fldr"
$dirs = explode('/', $subdir);
foreach ($dirs as $dir) {
if ($dir !== '' && in_array($dir, $hidden_folders)) {
// Ignore the path
$subdir = "";
break;
}
}
}
/***
*SUB-DIR CODE
***/
if (!isset($_SESSION['RF']["subfolder"])) {
$_SESSION['RF']["subfolder"] = '';
}
$rfm_subfolder = '';
if (!empty($_SESSION['RF']["subfolder"]) && strpos($_SESSION['RF']["subfolder"], '../') === FALSE && strpos($_SESSION['RF']["subfolder"], './') === FALSE && strpos($_SESSION['RF']["subfolder"], "/") !== 0 && strpos($_SESSION['RF']["subfolder"], '.') === FALSE) {
$rfm_subfolder = $_SESSION['RF']['subfolder'];
}
if ($rfm_subfolder != "" && $rfm_subfolder[strlen($rfm_subfolder) - 1] != "/") {
$rfm_subfolder .= "/";
}
if (!file_exists($config['current_path'] . $rfm_subfolder . $subdir)) {
$subdir = '';
if (!file_exists($config['current_path'] . $rfm_subfolder . $subdir)) {
$rfm_subfolder = "";
}
}
if (trim($rfm_subfolder) == "") {
$this->cur_dir = $config['upload_dir'] . $subdir;
$cur_path = $config['current_path'] . $subdir;
$thumbs_path = $config['thumbs_base_path'];
$parent = $subdir;
} else {
$this->cur_dir = $config['upload_dir'] . $rfm_subfolder . $subdir;
$cur_path = $config['current_path'] . $rfm_subfolder . $subdir;
$thumbs_path = $config['thumbs_base_path'] . $rfm_subfolder;
$parent = $rfm_subfolder . $subdir;
}
$cycle = TRUE;
$max_cycles = 50;
$i = 0;
while ($cycle && $i < $max_cycles) {
$i++;
if ($parent == "./") {
$parent = "";
}
if (file_exists($config['current_path'] . $parent . "config.php")) {
require_once $config['current_path'] . $parent . "config.php";
$cycle = FALSE;
}
if ($parent == "") {
$cycle = FALSE;
} else {
$parent = $util->fix_dirname($parent) . "/";
}
}
if (!is_dir($thumbs_path . $subdir)) {
$util->create_folder(FALSE, $thumbs_path . $subdir);
}
if (isset($_GET['popup'])) {
$popup = strip_tags($_GET['popup']);
} else {
$popup = 0;
}
//Sanitize popup
$popup = !!$popup;
if (isset($_GET['crossdomain'])) {
$crossdomain = strip_tags($_GET['crossdomain']);
} else {
$crossdomain = 0;
}
//Sanitize crossdomain
$crossdomain = !!$crossdomain;
//view type
$view = $session->getViewType();
//filter
$filter = $session->getFilter();
//sorting method
$sort_by = $session->getSortBy();
//sorting order
$descending = $session->getDescending();
$boolarray = array(false => 'false', true => 'true');
$return_relative_url = isset($_GET['relative_url']) && $_GET['relative_url'] == "1" ? true : false;
if (!isset($_GET['type'])) {
$_GET['type'] = 0;
}
if (isset($_GET['editor'])) {
$editor = strip_tags($_GET['editor']);
} else {
if ($_GET['type'] == 0) {
$editor = false;
} else {
$editor = 'tinymce';
}
}
if (!isset($_GET['field_id'])) {
$_GET['field_id'] = '';
}
$field_id = isset($_GET['field_id']) ? $util->fix_get_params($_GET['field_id']) : '';
$type_param = $util->fix_get_params($_GET['type']);
if ($type_param == 1) {
$apply = 'apply_img';
} elseif ($type_param == 2) {
$apply = 'apply_link';
} elseif ($type_param == 0 && $_GET['field_id'] == '') {
$apply = 'apply_none';
} elseif ($type_param == 3) {
$apply = 'apply_video';
} else {
$apply = 'apply';
}
$get_params = http_build_query(array('editor' => $editor, 'type' => $type_param, 'lang' => $config['default_language'], 'popup' => $popup, 'crossdomain' => $crossdomain, 'field_id' => $field_id, 'relative_url' => $return_relative_url, 'akey' => isset($_GET['akey']) && $_GET['akey'] != '' ? $_GET['akey'] : 'key', 'fldr' => ''));
//get base config options
$twigArr = $app['FileManager'];
//overwrite specific's
$twigArr['lang'] = $app['FileManager']['default_language'];
$twigArr['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']);
$twigArr['apply'] = $apply;
$twigArr['field_id'] = $field_id;
$twigArr['popup'] = $popup;
$twigArr['crossdomain'] = $crossdomain;
$twigArr['editor'] = $editor;
$twigArr['view'] = $view;
$twigArr['filter'] = $filter;
$twigArr['sort_by'] = $sort_by;
$twigArr['descending'] = $descending;
$twigArr['subdir'] = $subdir;
$twigArr['field_id'] = $field_id;
$twigArr['type_param'] = $type_param;
$twigArr['cur_dir'] = $config['upload_dir'] . $subdir;
$twigArr['cur_path'] = $config['current_path'] . $subdir;
$twigArr['thumbs_path'] = $config['thumbs_base_path'];
$twigArr['cur_dir_thumb'] = $twigArr['thumbs_path'] . $twigArr['subdir'];
$twigArr['parent'] = $subdir;
$twigArr['duplicate_files'] = 0;
$twigArr['rfm_subfolder'] = "";
$twigArr['base_url_func'] = $util->base_url();
$twigArr['current_url'] = str_replace(array('&filter=' . $filter, '&sort_by=' . $sort_by, '&descending=' . intval($descending)), array(''), $twigArr['base_url'] . $_SERVER['REQUEST_URI']);
$twigArr['get_type'] = $_GET['type'];
$twigArr['home_link'] = $_GET['type'];
$twigArr['get_params'] = $get_params;
$twigArr['return_relative_url'] = 0;
if ($return_relative_url == true) {
$twigArr['return_relative_url'] = 1;
}
if ($twigArr['duplicate_files'] === true) {
$twigArr['duplicate_files'] = 1;
}
// array(
// 'ext_img' => $config['ext_img'],
// 'ext' => array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']),
// 'aviary_active' => $config['aviary_active'],
// 'Error_extension'
// 'MaxSizeUpload' => (int)$config['MaxSizeUpload'],
// );
$template = 'FileManager/view.html.twig';
$class_ext = '';
$src = '';
$files = scandir($config['current_path'] . $rfm_subfolder . $subdir);
$n_files = count($files);
//php sorting
$sorted = array();
$current_folder = array();
$prev_folder = array();
foreach ($files as $k => $file) {
if ($file == ".") {
$current_folder = array('file' => $file);
} elseif ($file == "..") {
$prev_folder = array('file' => $file);
} elseif (is_dir($config['current_path'] . $rfm_subfolder . $subdir . $file)) {
$date = filemtime($config['current_path'] . $rfm_subfolder . $subdir . $file);
if ($config['show_folder_size']) {
$size = $util->foldersize($config['current_path'] . $rfm_subfolder . $subdir . $file);
} else {
$size = 0;
}
$file_ext = 'dir';
$sorted[$k] = array('file' => $file, 'file_lcase' => strtolower($file), 'date' => $date, 'size' => $size, 'extension' => $file_ext, 'extension_lcase' => strtolower($file_ext));
} else {
$file_path = $config['current_path'] . $rfm_subfolder . $subdir . $file;
$date = filemtime($file_path);
$size = filesize($file_path);
$file_ext = substr(strrchr($file, '.'), 1);
$sorted[$k] = array('file' => $file, 'file_lcase' => strtolower($file), 'date' => $date, 'size' => $size, 'extension' => $file_ext, 'extension_lcase' => strtolower($file_ext));
}
}
// Should lazy loading be enabled
$lazy_loading_enabled = $config['lazy_loading_file_number_threshold'] == 0 || $config['lazy_loading_file_number_threshold'] != -1 && $n_files > $config['lazy_loading_file_number_threshold'] ? true : false;
$twigArr['lazy_loading_enabled'] = $lazy_loading_enabled;
switch ($sort_by) {
case 'date':
usort($sorted, array($this, 'dateSort'));
break;
case 'size':
usort($sorted, array($this, 'sizeSort'));
break;
case 'extension':
usort($sorted, array($this, 'extensionSort'));
break;
default:
usort($sorted, array($this, 'filenameSort'));
break;
}
if (!$descending) {
$sorted = array_reverse($sorted);
}
$files = array_merge(array($prev_folder), array($current_folder), $sorted);
//Add file / folder stuff to array
$twigArr['n_files'] = $n_files;
$twigArr['uniqid'] = uniqid();
//can open current dir?
$open_dir = false;
if (@opendir($config['current_path'] . $rfm_subfolder . $subdir)) {
$open_dir = true;
}
$twigArr['clipboard'] = 0;
$clipboard_path = $session->getClipboardPath();
//var_dump($clipboard_path);
if (isset($clipboard_path) && trim($clipboard_path) != null) {
$twigArr['clipboard'] = 1;
}
//$twigArr['open_dir'] = uniqid();
$twigArr['open_dir'] = $open_dir;
$twigArr['render_need_name'] = $this->render_need_name($app, $files, $twigArr, $config, $subdir, $filter, $config['transliteration'], $thumbs_path, $get_params, $rfm_subfolder);
$twigArr['render_need_name_2'] = $this->two;
$twigArr['files_prevent_duplicate'] = $this->files_prevent_duplicate;
return $app['twig']->render($template, $twigArr);
}
public function upload(Application $app, Request $req)
{
$config = $app['FileManager'];
$util = new Utility();
$current_path = $config['current_path'];
$thumbs_base_path = $config['thumbs_base_path'];
$config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']);
$ext = $config['ext'];
$transliteration = $config['transliteration'];
$convert_spaces = $config['convert_spaces'];
$replace_with = $config['replace_with'];
$ext_img = $config['ext_img'];
if (isset($_POST['path'])) {
$storeFolder = $_POST['path'];
$storeFolderThumb = $_POST['path_thumb'];
} else {
$storeFolder = $current_path . $_POST["fldr"];
// correct for when IE is in Compatibility mode
$storeFolderThumb = $thumbs_base_path . $_POST["fldr"];
}
$path_pos = strpos($storeFolder, $current_path);
$thumb_pos = strpos($storeFolderThumb, $thumbs_base_path);
if ($path_pos !== 0 || $thumb_pos !== 0 || strpos($storeFolderThumb, '../', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolderThumb, './', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolder, '../', strlen($current_path)) !== FALSE || strpos($storeFolder, './', strlen($current_path)) !== FALSE) {
die('wrong path');
}
$path = $storeFolder;
$cycle = TRUE;
$max_cycles = 50;
$i = 0;
while ($cycle && $i < $max_cycles) {
$i++;
if ($path == $current_path) {
$cycle = FALSE;
}
if (file_exists($path . "config.php")) {
require_once $path . "config.php";
$cycle = FALSE;
}
$path = $util->fix_dirname($path) . '/';
}
if (!empty($_FILES)) {
$info = pathinfo($_FILES['file']['name']);
if (in_array($util->fix_strtolower($info['extension']), $ext)) {
$tempFile = $_FILES['file']['tmp_name'];
$targetPath = $storeFolder;
$targetPathThumb = $storeFolderThumb;
$_FILES['file']['name'] = $util->fix_filename($_FILES['file']['name'], $transliteration, $convert_spaces, $replace_with);
// Gen. new file name if exists
if (file_exists($targetPath . $_FILES['file']['name'])) {
$i = 1;
$info = pathinfo($_FILES['file']['name']);
// append number
while (file_exists($targetPath . $info['filename'] . "_" . $i . "." . $info['extension'])) {
$i++;
}
$_FILES['file']['name'] = $info['filename'] . "_" . $i . "." . $info['extension'];
}
$targetFile = $targetPath . $_FILES['file']['name'];
$targetFileThumb = $targetPathThumb . $_FILES['file']['name'];
// check if image (and supported)
if (in_array($util->fix_strtolower($info['extension']), $ext_img)) {
$is_img = TRUE;
} else {
$is_img = FALSE;
}
// upload
move_uploaded_file($tempFile, $targetFile);
chmod($targetFile, 0755);
if ($is_img) {
$memory_error = FALSE;
if (!$util->create_img($targetFile, $targetFileThumb, 122, 91)) {
$memory_error = FALSE;
} else {
// TODO something with this long function baaaah...
if (!$util->new_thumbnails_creation($targetPath, $targetFile, $_FILES['file']['name'], $current_path, $relative_image_creation, $relative_path_from_current_pos, $relative_image_creation_name_to_prepend, $relative_image_creation_name_to_append, $relative_image_creation_width, $relative_image_creation_height, $relative_image_creation_option, $fixed_image_creation, $fixed_path_from_filemanager, $fixed_image_creation_name_to_prepend, $fixed_image_creation_to_append, $fixed_image_creation_width, $fixed_image_creation_height, $fixed_image_creation_option)) {
$memory_error = FALSE;
} else {
$imginfo = getimagesize($targetFile);
$srcWidth = $imginfo[0];
$srcHeight = $imginfo[1];
// resize images if set
if ($image_resizing) {
if ($image_resizing_width == 0) {
if ($image_resizing_height == 0) {
$image_resizing_width = $srcWidth;
$image_resizing_height = $srcHeight;
} else {
$image_resizing_width = $image_resizing_height * $srcWidth / $srcHeight;
}
} elseif ($image_resizing_height == 0) {
$image_resizing_height = $image_resizing_width * $srcHeight / $srcWidth;
}
// new dims and create
$srcWidth = $image_resizing_width;
$srcHeight = $image_resizing_height;
$util->create_img($targetFile, $targetFile, $image_resizing_width, $image_resizing_height, $image_resizing_mode);
}
//max resizing limit control
$resize = FALSE;
if ($image_max_width != 0 && $srcWidth > $image_max_width && $image_resizing_override === FALSE) {
$resize = TRUE;
$srcWidth = $image_max_width;
if ($image_max_height == 0) {
$srcHeight = $image_max_width * $srcHeight / $srcWidth;
}
}
if ($image_max_height != 0 && $srcHeight > $image_max_height && $image_resizing_override === FALSE) {
$resize = TRUE;
$srcHeight = $image_max_height;
if ($image_max_width == 0) {
$srcWidth = $image_max_height * $srcWidth / $srcHeight;
}
}
if ($resize) {
$util->create_img($targetFile, $targetFile, $srcWidth, $srcHeight, $image_max_mode);
}
}
}
// not enough memory
if ($memory_error) {
unlink($targetFile);
header('HTTP/1.1 406 Not enought Memory', TRUE, 406);
exit;
}
}
return $app->json($_FILES['file']['name'], 200);
} else {
header('HTTP/1.1 406 file not permitted', TRUE, 406);
exit;
}
} else {
header('HTTP/1.1 405 Bad Request', TRUE, 405);
exit;
}
// redirect
if (isset($_POST['submit'])) {
$query = http_build_query(array('type' => $_POST['type'], 'lang' => $_POST['lang'], 'popup' => $_POST['popup'], 'field_id' => $_POST['field_id'], 'fldr' => $_POST['fldr']));
header("location: dialog.php?" . $query);
}
}
public function action(Application $app, Request $req, $action)
{
$this->app = $app;
$this->request = $req;
$allowed_action = array("CreateFolder", "RenameFolder", "DeleteFolder", "CreateFile", "RenameFile", "DeleteFile", "DuplicateFile", "PasteClipboard", "Chmod", "SaveTextFile");
if (!in_array($action, $allowed_action)) {
//action is not allowed
return $app->json('Action Denied', 400);
}
$config = $app['FileManager'];
$config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']);
$util = new Utility();
$thumb_pos = strpos($_POST['path_thumb'], $config['thumbs_base_path']);
if ($thumb_pos != 0) {
return $app->json('Wrong path', 400);
}
if (strpos($_POST['path_thumb'], '../', strlen($config['thumbs_base_path']) + $thumb_pos) !== FALSE) {
return $app->json('Wrong path 1', 400);
}
if (strpos($_POST['path'], '/') === 0) {
return $app->json('Wrong path 2', 400);
}
if (strpos($_POST['path'], '../') !== FALSE) {
return $app->json('Wrong path 3', 400);
}
if (strpos($_POST['path'], './') === 0) {
return $app->json('Wrong path 4', 400);
}
// if (isset($_SESSION['RF']['language_file']) && file_exists($_SESSION['RF']['language_file']))
// {
// //TODO Very bad practice
// require_once $_SESSION['RF']['language_file'];
// }
// else
// {
// response('Language file is missing!', 500)->send();
// exit;
// }
$base = $config['current_path'];
$path = $base . $_POST['path'];
$cycle = TRUE;
$max_cycles = 50;
$i = 0;
while ($cycle && $i < $max_cycles) {
$i++;
if ($path == $base) {
$cycle = FALSE;
}
if (file_exists($path . "config.php")) {
require_once $path . "config.php";
$cycle = FALSE;
}
$path = $util->fix_dirname($path) . "/";
$cycle = FALSE;
}
$path = $base . $_POST['path'];
$this->path = $path;
$path_thumb = $_POST['path_thumb'];
$this->path_thumb = $path_thumb;
if (isset($_POST['name'])) {
$name = $util->fix_filename($_POST['name'], $config['transliteration'], $config['convert_spaces'], $config['replace_with']);
if (strpos($name, '../') !== FALSE) {
return $app->json('Wrong name', 400);
}
$this->name = $name;
}
$info = pathinfo($path);
if (isset($info['extension']) && !(isset($action) && $action == 'DeleteFolder') && !in_array(strtolower($info['extension']), $config['ext']) && $action != 'CreateFile') {
return $app->json('Wrong extension', 400);
}
// Perform Action
$action = "Rabies\\FileManager\\Action\\" . $action;
$perform = new $action();
$this->config = $config;
$perform->action($this);
return $app->json($perform->r[0], $perform->r[1]);
}
