} elseif (isset($_REQUEST['viewmodev'])) { $viewmode = false; } else { // default visual mode $viewmode = false; } // select current dir if (isset($_REQUEST['d'])) { $dir = urldecode($_REQUEST['d']); } elseif (isset($_REQUEST['dir'])) { $dir = $_REQUEST['dir']; } else { $dir = $usr_dir; } // get the authorized dirs $authdirs = F_getAuthorizedDirs(); // check if the user is authorized to use this directory if (!F_isAuthorizedDir($dir, $root_dir, $authdirs)) { $dir = $root_dir; } // select file if (isset($_REQUEST['f'])) { $file = urldecode($_REQUEST['f']); } elseif (isset($_REQUEST['file'])) { $file = $_REQUEST['file']; } else { $file = ''; } // check if the user is authorized to use this file if (!F_isAuthorizedDir($file . '/', $root_dir, $authdirs)) { $file = '';
/** * Returns true if the user is authorized to use the specified directory, false otherwise. * @param $dir (string) the directory to check. * @param $rootdir (string) the user root dir. * @param $authdirs (string) regular expression containing the authorized dirs. * @return true if the user is authorized to use the specified directory, false otherwise. */ function F_isAuthorizedDir($dir, $rootdir, $authdirs = '') { require_once '../config/tce_config.php'; if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) { return true; } if (empty($authdirs)) { $authdirs = F_getAuthorizedDirs(); } if (preg_match('#^' . $rootdir . '(' . $authdirs . ')/#', $dir) > 0) { return true; } return false; }