case 'save_text_file': $content = $_POST['new_content']; // $content = htmlspecialchars($content); not needed // $content = stripslashes($content); // no file if (!file_exists($path)) { response(trans('File_Not_Found') . AddErrorLocation())->send(); exit; } // not writable or edit not allowed if (!is_writable($path) || $edit_text_files === FALSE) { response(sprintf(trans('File_Open_Edit_Not_Allowed'), strtolower(trans('Edit'))) . AddErrorLocation())->send(); exit; } if (!checkresultingsize(strlen($content))) { response(sprintf(trans('max_size_reached'), $MaxSizeTotal) . AddErrorLocation())->send(); exit; } if (@file_put_contents($path, $content) === FALSE) { response(trans('File_Save_Error') . AddErrorLocation())->send(); exit; } else { response(trans('File_Save_OK'))->send(); exit; } break; default: response(trans('wrong action') . AddErrorLocation())->send(); exit; } }
response(trans('wrong path' . AddErrorLocation()), 400)->send(); exit; } if (strpos($_POST['name'], '/') !== false) { response(trans('wrong path' . AddErrorLocation()), 400)->send(); exit; } $path = $current_path . $_POST['path']; $name = $_POST['name']; $info = pathinfo($name); if (!in_array(fix_strtolower($info['extension']), $ext)) { response(trans('wrong extension' . AddErrorLocation()), 400)->send(); exit; } if (!file_exists($path . $name)) { response(trans('File_Not_Found' . AddErrorLocation()), 404)->send(); exit; } $file_name = $info['basename']; $file_ext = $info['extension']; $file_path = $path . $name; // make sure the file exists if (is_file($file_path) && is_readable($file_path)) { $size = filesize($file_path); $file_name = rawurldecode($file_name); $mime_type = get_file_mime_type($file_path); @ob_end_clean(); if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header('Content-Type: ' . $mime_type);
$srcHeight = $image_max_height; if ($image_max_width == 0) { $srcWidth = $image_max_height * $srcWidth / $srcHeight; } } if ($resize) { create_img($targetFile, $targetFile, $srcWidth, $srcHeight, $image_max_mode); } } } // not enough memory if ($memory_error) { unlink($targetFile); response(trans("Not enought Memory") . AddErrorLocation(), 406)->send(); exit; } } echo $_FILES['file']['name']; } else { response(trans("Error_extension") . AddErrorLocation(), 406)->send(); exit; } } else { response(trans("no file") . AddErrorLocation(), 405)->send(); exit; } // redirect if (isset($_POST['submit'])) { $query = http_build_query(array('type' => $_POST['type'], 'lang' => $_POST['lang'], 'popup' => $_POST['popup'], 'field_id' => $_POST['field_id'], 'fldr' => $_POST['fldr'])); header("location: dialog.php?" . $query); }
$data = stripslashes(htmlspecialchars(file_get_contents($selected_file))); $ret = ''; if (!in_array($info['extension'], $previewable_text_file_exts_no_prettify)) { $ret .= '<script src="https://cdn.rawgit.com/google/code-prettify/master/loader/run_prettify.js?lang=' . $info['extension'] . '&skin=sunburst"></script>'; $ret .= '<pre class="prettyprint">' . $data . '</pre>'; } else { $ret .= '<pre class="no-prettify">' . $data . '</pre>'; } } elseif ($preview_mode == 'viewerjs') { $ret = '<iframe id="viewer" src="js/ViewerJS/#../../' . $selected_file . '" allowfullscreen="" webkitallowfullscreen="" class="viewer-iframe"></iframe>'; } elseif ($preview_mode == 'google') { $url_file = $base_url . $upload_dir . str_replace($current_path, '', $_GET["file"]); $googledoc_url = urlencode($url_file); $googledoc_html = "<iframe src=\"http://docs.google.com/viewer?url=" . $googledoc_url . "&embedded=true\" class=\"google-iframe\"></iframe>"; $ret = $googledoc_html; } } else { $data = stripslashes(htmlspecialchars(file_get_contents($selected_file))); $ret = '<textarea id="textfile_edit_area" style="width:100%;height:300px;">' . $data . '</textarea>'; } response($ret)->send(); exit; break; default: response(trans('no action passed') . AddErrorLocation())->send(); exit; } } else { response(trans('no action passed') . AddErrorLocation())->send(); exit; }