function xos_remove($source) { global $messageStack, $xos_remove_error; if (isset($xos_remove_error)) { $xos_remove_error = false; } if (is_dir($source)) { $dir = dir($source); while ($file = $dir->read()) { if ($file != '.' && $file != '..') { if (is_writable($source . '/' . $file)) { xos_remove($source . '/' . $file); } else { $messageStack->add('header', sprintf(ERROR_FILE_NOT_REMOVEABLE, $source . '/' . $file), 'error'); $xos_remove_error = true; } } } $dir->close(); if (is_writable($source)) { rmdir($source); } else { $messageStack->add('header', sprintf(ERROR_DIRECTORY_NOT_REMOVEABLE, $source), 'error'); $xos_remove_error = true; } } else { if (is_writable($source)) { unlink($source); } else { $messageStack->add('header', sprintf(ERROR_FILE_NOT_REMOVEABLE, $source), 'error'); $xos_remove_error = true; } } }
$_SESSION['current_path'] = $dir_fs_document_root; } if (!is_dir($_SESSION['current_path'])) { $_SESSION['current_path'] = $dir_fs_document_root; } $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'reset': $_SESSION['current_path'] = $dir_fs_document_root; break; case 'deleteconfirm': if (strstr($_GET['info'], '..')) { xos_redirect(xos_href_link(FILENAME_FILE_MANAGER)); } xos_remove($_SESSION['current_path'] . '/' . $_GET['info']); if (!$xos_remove_error) { xos_redirect(xos_href_link(FILENAME_FILE_MANAGER)); } break; case 'insert': if (isset($_POST['folder_name']) && xos_not_null(basename($_POST['folder_name'])) && mkdir($_SESSION['current_path'] . '/' . basename($_POST['folder_name']), 0777)) { xos_redirect(xos_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($_POST['folder_name']))); } break; case 'save': if (isset($_POST['filename']) && xos_not_null(basename($_POST['filename']))) { if (is_writable($_SESSION['current_path']) && ($fp = fopen($_SESSION['current_path'] . '/' . basename($_POST['filename']), 'w+'))) { fputs($fp, stripslashes($_POST['file_contents'])); fclose($fp); xos_redirect(xos_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode(basename($_POST['filename']))));
header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header('Content-Type: application/octet-stream'); header('Content-Length: ' . @filesize(DIR_FS_BACKUP . urldecode($_GET['file']))); header('Content-Disposition: attachment; filename="' . urldecode($_GET['file']) . '"'); @readfile(DIR_FS_BACKUP . urldecode($_GET['file'])); exit; } else { $messageStack->add('header', ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error'); } break; case 'deleteconfirm': if (strstr($_GET['file'], '..')) { xos_redirect(xos_href_link(FILENAME_BACKUP)); } xos_remove(DIR_FS_BACKUP . '/' . $_GET['file']); if (!$xos_remove_error) { $messageStack->add_session('header', SUCCESS_BACKUP_DELETED, 'success'); xos_redirect(xos_href_link(FILENAME_BACKUP)); } break; } } // check if the backup directory exists $dir_ok = false; if (is_dir(DIR_FS_BACKUP)) { if (is_writable(DIR_FS_BACKUP)) { $dir_ok = true; } else { $messageStack->add('header', ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error'); }