public function action($parent) { $c = $parent->config; $util = new Utility(); if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== false || strpos($_POST['path'], './') === 0) { $this->r = array('wrong path', 400); return; } $path = $c['current_path'] . $_POST['path']; $info = pathinfo($path); $base_folder = $c['current_path'] . $util->fix_dirname($_POST['path']) . "/"; switch ($info['extension']) { case "zip": $zip = new \ZipArchive(); if ($zip->open($path) === true) { //make all the folders for ($i = 0; $i < $zip->numFiles; $i++) { $OnlyFileName = $zip->getNameIndex($i); $FullFileName = $zip->statIndex($i); if (substr($FullFileName['name'], -1, 1) == "/") { $util->create_folder($base_folder . $FullFileName['name']); } } //unzip into the folders for ($i = 0; $i < $zip->numFiles; $i++) { $OnlyFileName = $zip->getNameIndex($i); $FullFileName = $zip->statIndex($i); if (!(substr($FullFileName['name'], -1, 1) == "/")) { $fileinfo = pathinfo($OnlyFileName); if (in_array(strtolower($fileinfo['extension']), $ext)) { copy('zip://' . $path . '#' . $OnlyFileName, $base_folder . $FullFileName['name']); } } } $zip->close(); } else { $this->r = array('Could not extract. File might be corrupt.', 500); return; } break; case "gz": $p = new \PharData($path); $p->decompress(); // creates files.tar break; case "tar": // unarchive from the tar $phar = new \PharData($path); $phar->decompressFiles(); $files = array(); $util->check_files_extensions_on_phar($phar, $files, '', $ext); $phar->extractTo($current_path . fix_dirname($_POST['path']) . "/", $files, true); break; default: $this->r = array('This extension is not supported. Valid: zip, gz, tar.', 400); return; break; } }
public function Dialog(Application $app, Request $request) { $config = $app['FileManager']; $config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']); //handle sessions $session = new SessionHandler($app); $util = new Utility(); //handle additional parameters to set views ect if (isset($_GET['view'])) { $session->setViewType($util->fix_get_params($_GET['view'])); } if (isset($_GET["filter"])) { $session->setFilter($util->fix_get_params($_GET['filter'])); } if (isset($_GET["sort_by"])) { $session->setSortBy($util->fix_get_params($_GET["sort_by"])); } if (isset($_GET["descending"])) { $session->setDescending($util->fix_get_params($_GET["descending"])); } $subdir = ''; if (isset($_GET['fldr']) && !empty($_GET['fldr']) && strpos($_GET['fldr'], '../') === FALSE && strpos($_GET['fldr'], './') === FALSE) { $subdir = urldecode(trim(strip_tags($_GET['fldr']), "/") . "/"); $session->setFilter(''); } // If hidden folders are specified if (count($config['hidden_folders'])) { // If hidden folder appears in the path specified in URL parameter "fldr" $dirs = explode('/', $subdir); foreach ($dirs as $dir) { if ($dir !== '' && in_array($dir, $hidden_folders)) { // Ignore the path $subdir = ""; break; } } } /*** *SUB-DIR CODE ***/ if (!isset($_SESSION['RF']["subfolder"])) { $_SESSION['RF']["subfolder"] = ''; } $rfm_subfolder = ''; if (!empty($_SESSION['RF']["subfolder"]) && strpos($_SESSION['RF']["subfolder"], '../') === FALSE && strpos($_SESSION['RF']["subfolder"], './') === FALSE && strpos($_SESSION['RF']["subfolder"], "/") !== 0 && strpos($_SESSION['RF']["subfolder"], '.') === FALSE) { $rfm_subfolder = $_SESSION['RF']['subfolder']; } if ($rfm_subfolder != "" && $rfm_subfolder[strlen($rfm_subfolder) - 1] != "/") { $rfm_subfolder .= "/"; } if (!file_exists($config['current_path'] . $rfm_subfolder . $subdir)) { $subdir = ''; if (!file_exists($config['current_path'] . $rfm_subfolder . $subdir)) { $rfm_subfolder = ""; } } if (trim($rfm_subfolder) == "") { $this->cur_dir = $config['upload_dir'] . $subdir; $cur_path = $config['current_path'] . $subdir; $thumbs_path = $config['thumbs_base_path']; $parent = $subdir; } else { $this->cur_dir = $config['upload_dir'] . $rfm_subfolder . $subdir; $cur_path = $config['current_path'] . $rfm_subfolder . $subdir; $thumbs_path = $config['thumbs_base_path'] . $rfm_subfolder; $parent = $rfm_subfolder . $subdir; } $cycle = TRUE; $max_cycles = 50; $i = 0; while ($cycle && $i < $max_cycles) { $i++; if ($parent == "./") { $parent = ""; } if (file_exists($config['current_path'] . $parent . "config.php")) { require_once $config['current_path'] . $parent . "config.php"; $cycle = FALSE; } if ($parent == "") { $cycle = FALSE; } else { $parent = $util->fix_dirname($parent) . "/"; } } if (!is_dir($thumbs_path . $subdir)) { $util->create_folder(FALSE, $thumbs_path . $subdir); } if (isset($_GET['popup'])) { $popup = strip_tags($_GET['popup']); } else { $popup = 0; } //Sanitize popup $popup = !!$popup; if (isset($_GET['crossdomain'])) { $crossdomain = strip_tags($_GET['crossdomain']); } else { $crossdomain = 0; } //Sanitize crossdomain $crossdomain = !!$crossdomain; //view type $view = $session->getViewType(); //filter $filter = $session->getFilter(); //sorting method $sort_by = $session->getSortBy(); //sorting order $descending = $session->getDescending(); $boolarray = array(false => 'false', true => 'true'); $return_relative_url = isset($_GET['relative_url']) && $_GET['relative_url'] == "1" ? true : false; if (!isset($_GET['type'])) { $_GET['type'] = 0; } if (isset($_GET['editor'])) { $editor = strip_tags($_GET['editor']); } else { if ($_GET['type'] == 0) { $editor = false; } else { $editor = 'tinymce'; } } if (!isset($_GET['field_id'])) { $_GET['field_id'] = ''; } $field_id = isset($_GET['field_id']) ? $util->fix_get_params($_GET['field_id']) : ''; $type_param = $util->fix_get_params($_GET['type']); if ($type_param == 1) { $apply = 'apply_img'; } elseif ($type_param == 2) { $apply = 'apply_link'; } elseif ($type_param == 0 && $_GET['field_id'] == '') { $apply = 'apply_none'; } elseif ($type_param == 3) { $apply = 'apply_video'; } else { $apply = 'apply'; } $get_params = http_build_query(array('editor' => $editor, 'type' => $type_param, 'lang' => $config['default_language'], 'popup' => $popup, 'crossdomain' => $crossdomain, 'field_id' => $field_id, 'relative_url' => $return_relative_url, 'akey' => isset($_GET['akey']) && $_GET['akey'] != '' ? $_GET['akey'] : 'key', 'fldr' => '')); //get base config options $twigArr = $app['FileManager']; //overwrite specific's $twigArr['lang'] = $app['FileManager']['default_language']; $twigArr['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']); $twigArr['apply'] = $apply; $twigArr['field_id'] = $field_id; $twigArr['popup'] = $popup; $twigArr['crossdomain'] = $crossdomain; $twigArr['editor'] = $editor; $twigArr['view'] = $view; $twigArr['filter'] = $filter; $twigArr['sort_by'] = $sort_by; $twigArr['descending'] = $descending; $twigArr['subdir'] = $subdir; $twigArr['field_id'] = $field_id; $twigArr['type_param'] = $type_param; $twigArr['cur_dir'] = $config['upload_dir'] . $subdir; $twigArr['cur_path'] = $config['current_path'] . $subdir; $twigArr['thumbs_path'] = $config['thumbs_base_path']; $twigArr['cur_dir_thumb'] = $twigArr['thumbs_path'] . $twigArr['subdir']; $twigArr['parent'] = $subdir; $twigArr['duplicate_files'] = 0; $twigArr['rfm_subfolder'] = ""; $twigArr['base_url_func'] = $util->base_url(); $twigArr['current_url'] = str_replace(array('&filter=' . $filter, '&sort_by=' . $sort_by, '&descending=' . intval($descending)), array(''), $twigArr['base_url'] . $_SERVER['REQUEST_URI']); $twigArr['get_type'] = $_GET['type']; $twigArr['home_link'] = $_GET['type']; $twigArr['get_params'] = $get_params; $twigArr['return_relative_url'] = 0; if ($return_relative_url == true) { $twigArr['return_relative_url'] = 1; } if ($twigArr['duplicate_files'] === true) { $twigArr['duplicate_files'] = 1; } // array( // 'ext_img' => $config['ext_img'], // 'ext' => array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']), // 'aviary_active' => $config['aviary_active'], // 'Error_extension' // 'MaxSizeUpload' => (int)$config['MaxSizeUpload'], // ); $template = 'FileManager/view.html.twig'; $class_ext = ''; $src = ''; $files = scandir($config['current_path'] . $rfm_subfolder . $subdir); $n_files = count($files); //php sorting $sorted = array(); $current_folder = array(); $prev_folder = array(); foreach ($files as $k => $file) { if ($file == ".") { $current_folder = array('file' => $file); } elseif ($file == "..") { $prev_folder = array('file' => $file); } elseif (is_dir($config['current_path'] . $rfm_subfolder . $subdir . $file)) { $date = filemtime($config['current_path'] . $rfm_subfolder . $subdir . $file); if ($config['show_folder_size']) { $size = $util->foldersize($config['current_path'] . $rfm_subfolder . $subdir . $file); } else { $size = 0; } $file_ext = 'dir'; $sorted[$k] = array('file' => $file, 'file_lcase' => strtolower($file), 'date' => $date, 'size' => $size, 'extension' => $file_ext, 'extension_lcase' => strtolower($file_ext)); } else { $file_path = $config['current_path'] . $rfm_subfolder . $subdir . $file; $date = filemtime($file_path); $size = filesize($file_path); $file_ext = substr(strrchr($file, '.'), 1); $sorted[$k] = array('file' => $file, 'file_lcase' => strtolower($file), 'date' => $date, 'size' => $size, 'extension' => $file_ext, 'extension_lcase' => strtolower($file_ext)); } } // Should lazy loading be enabled $lazy_loading_enabled = $config['lazy_loading_file_number_threshold'] == 0 || $config['lazy_loading_file_number_threshold'] != -1 && $n_files > $config['lazy_loading_file_number_threshold'] ? true : false; $twigArr['lazy_loading_enabled'] = $lazy_loading_enabled; switch ($sort_by) { case 'date': usort($sorted, array($this, 'dateSort')); break; case 'size': usort($sorted, array($this, 'sizeSort')); break; case 'extension': usort($sorted, array($this, 'extensionSort')); break; default: usort($sorted, array($this, 'filenameSort')); break; } if (!$descending) { $sorted = array_reverse($sorted); } $files = array_merge(array($prev_folder), array($current_folder), $sorted); //Add file / folder stuff to array $twigArr['n_files'] = $n_files; $twigArr['uniqid'] = uniqid(); //can open current dir? $open_dir = false; if (@opendir($config['current_path'] . $rfm_subfolder . $subdir)) { $open_dir = true; } $twigArr['clipboard'] = 0; $clipboard_path = $session->getClipboardPath(); //var_dump($clipboard_path); if (isset($clipboard_path) && trim($clipboard_path) != null) { $twigArr['clipboard'] = 1; } //$twigArr['open_dir'] = uniqid(); $twigArr['open_dir'] = $open_dir; $twigArr['render_need_name'] = $this->render_need_name($app, $files, $twigArr, $config, $subdir, $filter, $config['transliteration'], $thumbs_path, $get_params, $rfm_subfolder); $twigArr['render_need_name_2'] = $this->two; $twigArr['files_prevent_duplicate'] = $this->files_prevent_duplicate; return $app['twig']->render($template, $twigArr); }
public function upload(Application $app, Request $req) { $config = $app['FileManager']; $util = new Utility(); $current_path = $config['current_path']; $thumbs_base_path = $config['thumbs_base_path']; $config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']); $ext = $config['ext']; $transliteration = $config['transliteration']; $convert_spaces = $config['convert_spaces']; $replace_with = $config['replace_with']; $ext_img = $config['ext_img']; if (isset($_POST['path'])) { $storeFolder = $_POST['path']; $storeFolderThumb = $_POST['path_thumb']; } else { $storeFolder = $current_path . $_POST["fldr"]; // correct for when IE is in Compatibility mode $storeFolderThumb = $thumbs_base_path . $_POST["fldr"]; } $path_pos = strpos($storeFolder, $current_path); $thumb_pos = strpos($storeFolderThumb, $thumbs_base_path); if ($path_pos !== 0 || $thumb_pos !== 0 || strpos($storeFolderThumb, '../', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolderThumb, './', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolder, '../', strlen($current_path)) !== FALSE || strpos($storeFolder, './', strlen($current_path)) !== FALSE) { die('wrong path'); } $path = $storeFolder; $cycle = TRUE; $max_cycles = 50; $i = 0; while ($cycle && $i < $max_cycles) { $i++; if ($path == $current_path) { $cycle = FALSE; } if (file_exists($path . "config.php")) { require_once $path . "config.php"; $cycle = FALSE; } $path = $util->fix_dirname($path) . '/'; } if (!empty($_FILES)) { $info = pathinfo($_FILES['file']['name']); if (in_array($util->fix_strtolower($info['extension']), $ext)) { $tempFile = $_FILES['file']['tmp_name']; $targetPath = $storeFolder; $targetPathThumb = $storeFolderThumb; $_FILES['file']['name'] = $util->fix_filename($_FILES['file']['name'], $transliteration, $convert_spaces, $replace_with); // Gen. new file name if exists if (file_exists($targetPath . $_FILES['file']['name'])) { $i = 1; $info = pathinfo($_FILES['file']['name']); // append number while (file_exists($targetPath . $info['filename'] . "_" . $i . "." . $info['extension'])) { $i++; } $_FILES['file']['name'] = $info['filename'] . "_" . $i . "." . $info['extension']; } $targetFile = $targetPath . $_FILES['file']['name']; $targetFileThumb = $targetPathThumb . $_FILES['file']['name']; // check if image (and supported) if (in_array($util->fix_strtolower($info['extension']), $ext_img)) { $is_img = TRUE; } else { $is_img = FALSE; } // upload move_uploaded_file($tempFile, $targetFile); chmod($targetFile, 0755); if ($is_img) { $memory_error = FALSE; if (!$util->create_img($targetFile, $targetFileThumb, 122, 91)) { $memory_error = FALSE; } else { // TODO something with this long function baaaah... if (!$util->new_thumbnails_creation($targetPath, $targetFile, $_FILES['file']['name'], $current_path, $relative_image_creation, $relative_path_from_current_pos, $relative_image_creation_name_to_prepend, $relative_image_creation_name_to_append, $relative_image_creation_width, $relative_image_creation_height, $relative_image_creation_option, $fixed_image_creation, $fixed_path_from_filemanager, $fixed_image_creation_name_to_prepend, $fixed_image_creation_to_append, $fixed_image_creation_width, $fixed_image_creation_height, $fixed_image_creation_option)) { $memory_error = FALSE; } else { $imginfo = getimagesize($targetFile); $srcWidth = $imginfo[0]; $srcHeight = $imginfo[1]; // resize images if set if ($image_resizing) { if ($image_resizing_width == 0) { if ($image_resizing_height == 0) { $image_resizing_width = $srcWidth; $image_resizing_height = $srcHeight; } else { $image_resizing_width = $image_resizing_height * $srcWidth / $srcHeight; } } elseif ($image_resizing_height == 0) { $image_resizing_height = $image_resizing_width * $srcHeight / $srcWidth; } // new dims and create $srcWidth = $image_resizing_width; $srcHeight = $image_resizing_height; $util->create_img($targetFile, $targetFile, $image_resizing_width, $image_resizing_height, $image_resizing_mode); } //max resizing limit control $resize = FALSE; if ($image_max_width != 0 && $srcWidth > $image_max_width && $image_resizing_override === FALSE) { $resize = TRUE; $srcWidth = $image_max_width; if ($image_max_height == 0) { $srcHeight = $image_max_width * $srcHeight / $srcWidth; } } if ($image_max_height != 0 && $srcHeight > $image_max_height && $image_resizing_override === FALSE) { $resize = TRUE; $srcHeight = $image_max_height; if ($image_max_width == 0) { $srcWidth = $image_max_height * $srcWidth / $srcHeight; } } if ($resize) { $util->create_img($targetFile, $targetFile, $srcWidth, $srcHeight, $image_max_mode); } } } // not enough memory if ($memory_error) { unlink($targetFile); header('HTTP/1.1 406 Not enought Memory', TRUE, 406); exit; } } return $app->json($_FILES['file']['name'], 200); } else { header('HTTP/1.1 406 file not permitted', TRUE, 406); exit; } } else { header('HTTP/1.1 405 Bad Request', TRUE, 405); exit; } // redirect if (isset($_POST['submit'])) { $query = http_build_query(array('type' => $_POST['type'], 'lang' => $_POST['lang'], 'popup' => $_POST['popup'], 'field_id' => $_POST['field_id'], 'fldr' => $_POST['fldr'])); header("location: dialog.php?" . $query); } }
public function action(Application $app, Request $req, $action) { $this->app = $app; $this->request = $req; $allowed_action = array("CreateFolder", "RenameFolder", "DeleteFolder", "CreateFile", "RenameFile", "DeleteFile", "DuplicateFile", "PasteClipboard", "Chmod", "SaveTextFile"); if (!in_array($action, $allowed_action)) { //action is not allowed return $app->json('Action Denied', 400); } $config = $app['FileManager']; $config['ext'] = array_merge($config['ext_img'], $config['ext_file'], $config['ext_misc'], $config['ext_video'], $config['ext_music']); $util = new Utility(); $thumb_pos = strpos($_POST['path_thumb'], $config['thumbs_base_path']); if ($thumb_pos != 0) { return $app->json('Wrong path', 400); } if (strpos($_POST['path_thumb'], '../', strlen($config['thumbs_base_path']) + $thumb_pos) !== FALSE) { return $app->json('Wrong path 1', 400); } if (strpos($_POST['path'], '/') === 0) { return $app->json('Wrong path 2', 400); } if (strpos($_POST['path'], '../') !== FALSE) { return $app->json('Wrong path 3', 400); } if (strpos($_POST['path'], './') === 0) { return $app->json('Wrong path 4', 400); } // if (isset($_SESSION['RF']['language_file']) && file_exists($_SESSION['RF']['language_file'])) // { // //TODO Very bad practice // require_once $_SESSION['RF']['language_file']; // } // else // { // response('Language file is missing!', 500)->send(); // exit; // } $base = $config['current_path']; $path = $base . $_POST['path']; $cycle = TRUE; $max_cycles = 50; $i = 0; while ($cycle && $i < $max_cycles) { $i++; if ($path == $base) { $cycle = FALSE; } if (file_exists($path . "config.php")) { require_once $path . "config.php"; $cycle = FALSE; } $path = $util->fix_dirname($path) . "/"; $cycle = FALSE; } $path = $base . $_POST['path']; $this->path = $path; $path_thumb = $_POST['path_thumb']; $this->path_thumb = $path_thumb; if (isset($_POST['name'])) { $name = $util->fix_filename($_POST['name'], $config['transliteration'], $config['convert_spaces'], $config['replace_with']); if (strpos($name, '../') !== FALSE) { return $app->json('Wrong name', 400); } $this->name = $name; } $info = pathinfo($path); if (isset($info['extension']) && !(isset($action) && $action == 'DeleteFolder') && !in_array(strtolower($info['extension']), $config['ext']) && $action != 'CreateFile') { return $app->json('Wrong extension', 400); } // Perform Action $action = "Rabies\\FileManager\\Action\\" . $action; $perform = new $action(); $this->config = $config; $perform->action($this); return $app->json($perform->r[0], $perform->r[1]); }