public function create_folder() { if ($this->in->get('name') != "") { $folder = $this->in->get('src_folder') == '/' ? '' : $this->in->get('src_folder'); if (isFilelinkInFolder($this->pfh->FolderPath('files', 'eqdkp') . $folder . '/' . strtolower($this->in->get('name')), $this->pfh->FolderPath('files', 'eqdkp', true))) { $this->pfh->CheckCreateFolder($this->pfh->FolderPath('files', 'eqdkp') . $folder . '/' . strtolower($this->in->get('name'))); } } }
/** * Return file info or false on error * * @param string $hash file hash * @param bool $realpath add realpath field to file info * @return array|false * @author Dmitry (dio) Levashov **/ public function file($hash) { $path = $this->decode($hash); //Security if (!isFilelinkInFolder($path, get_absolute_path($this->root)) && $path !== $this->root) { return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); } return ($file = $this->stat($path)) ? $file : $this->setError(elFinder::ERROR_FILE_NOT_FOUND); if (($file = $this->stat($path)) != false) { if ($realpath) { $file['realpath'] = $path; } return $file; } return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); }
/** * Write a string to a file * * @param string $path file path * @param string $content new file content * @return bool * @author Dmitry (dio) Levashov **/ protected function _filePutContents($path, $content) { //Security if (!isFilelinkInFolder($path, get_absolute_path($this->root))) { return false; } $a = register('pfh')->putContent($path, $content); return $a; }
case 'imageupload_del': // check if the user is logged in if (!registry::fetch('user')->is_signedin()) { echo 'You have no permission to see this page as you are not logged in'; exit; } // set the file name $tmp_filename = registry::register('encrypt')->decrypt(registry::register('input')->get('data', '')); // now check if the input file type is right $fileEnding = pathinfo($tmp_filename, PATHINFO_EXTENSION); if (array_key_exists($fileEnding, $mime_types)) { echo 'You tried to delete a file with an extension which is not allowed.... Bad guy! Do not try to hack this page...'; exit; } // check if the path is ok... if (isFilelinkInFolder($tmp_filename, 'data')) { echo 'Only actions within the data folder are allowed.'; exit; } if ($tmp_filename != '') { registry::register('file_handler')->Delete($tmp_filename); } break; case 'comments': if (!registry::fetch('user')->is_signedin()) { echo 'You have no permission to see this page as you are not logged in'; exit; } if (registry::register('input')->get('deleteid', 0)) { registry::register('comments')->Delete(registry::register('input')->get('page'), registry::register('input')->get('rpath')); } elseif (registry::register('input')->get('comment', '', 'htmlescape')) {
public function create($strFolder, $intSortation, $strPath, $intPageNumber = 0) { $strFolder = str_replace("*+*+*", "/", $strFolder); $strOrigFolder = $strFolder; //Subfolder navigation if ($this->in->get('gf') != "" && $this->in->get('gsf') != "") { if (base64_decode($this->in->get('gf')) == $strOrigFolder) { $strFolder = base64_decode($this->in->get('gsf')); } } $contentFolder = $this->pfh->FolderPath($strFolder, 'files'); $contentFolderSP = $this->pfh->FolderPath($strFolder, 'files', 'serverpath'); $dataFolder = $this->pfh->FolderPath('system', 'files', 'plain'); $blnIsSafe = isFilelinkInFolder($contentFolder, $dataFolder); if (!$blnIsSafe) { return ""; } $arrFiles = sdir($contentFolder); $arrDirs = $arrImages = $arrImagesDate = array(); foreach ($arrFiles as $key => $val) { if (is_dir($contentFolder . $val)) { $arrDirs[] = $val; } else { $extension = strtolower(pathinfo($val, PATHINFO_EXTENSION)); if (in_array($extension, array('jpg', 'png', 'gif', 'jpeg'))) { $arrImages[$val] = pathinfo($val, PATHINFO_FILENAME); $arrImageDimensions[$val] = getimagesize($contentFolder . $val); if ($intSortation == 2 || $intSortation == 3) { $arrImagesDate[$val] = filemtime($contentFolder . $val); } } } } switch ($intSortation) { case 1: natcasesort($arrImages); $arrImages = array_reverse($arrImages); break; case 2: asort($arrImagesDate); $arrImages = $arrImagesDate; break; case 3: arsort($arrImagesDate); $arrImages = $arrImagesDate; break; default: natcasesort($arrImages); } $strOut = '<ul class="image-gallery">'; $strLink = $strPath . ($intPageNumber > 1 ? '&page=' . $intPageNumber : ''); if ($this->in->exists('gsf') && $this->in->get('gsf') != '') { $arrPath = array_filter(explode('/', $strFolder)); array_pop($arrPath); $strFolderUp = implode('/', $arrPath); if ($strFolderUp == $strOrigFolder) { $strFolderUp = ''; } else { $strFolderUp = base64_encode($strFolderUp); } $strOut .= '<li class="folderup"><a href="' . $strLink . '&gf=' . base64_encode($strOrigFolder) . '&gsf=' . $strFolderUp . '"><i class="fa fa-level-up fa-flip-horizontal"></i><br/>' . $this->user->lang('back') . '</a></li>'; } natcasesort($arrDirs); foreach ($arrDirs as $foldername) { $strOut .= '<li class="folder"><a href="' . $strLink . '&gf=' . base64_encode($strOrigFolder) . '&gsf=' . base64_encode($strFolder . '/' . $foldername) . '"><i class="fa fa-folder"></i><br/>' . sanitize($foldername) . '</a></li>'; } $strThumbFolder = $this->pfh->FolderPath('system/thumbs', 'files'); $strThumbFolderSP = $this->pfh->FolderPath('system/thumbs', 'files', 'serverpath'); foreach ($arrImages as $key => $val) { //Check for thumbnail $strThumbname = "thumb_" . pathinfo($key, PATHINFO_FILENAME) . "-150x150." . pathinfo($key, PATHINFO_EXTENSION); $strThumbnail = ""; if (is_file($strThumbFolder . $strThumbname)) { $strThumbnail = $strThumbFolderSP . $strThumbname; } else { //Create thumbnail $this->pfh->thumbnail($contentFolder . $key, $strThumbFolder, $strThumbname, 150); if (is_file($strThumbFolder . $strThumbname)) { $strThumbnail = $strThumbFolderSP . $strThumbname; } } if ($strThumbnail != "") { $strOut .= '<li class="image"><a href="' . $contentFolderSP . $key . '" class="lightbox_' . md5($strFolder) . '" rel="' . md5($strFolder) . '" title="' . sanitize($key) . '; ' . $arrImageDimensions[$key][0] . 'x' . $arrImageDimensions[$key][1] . ' px"><img src="' . $strThumbnail . '" alt="Image" /></a></li>'; } } $strOut .= "</ul><div class=\"clear\"></div>"; $this->jquery->lightbox(md5($strFolder), array('slideshow' => true, 'transition' => "elastic", 'slideshowSpeed' => 4500, 'slideshowAuto' => false)); return $strOut; }
public function _inpval() { $tempname = $_FILES[$this->name]['tmp_name']; $filename = $_FILES[$this->name]['name']; $filetype = $_FILES[$this->name]['type']; if ($tempname == '') { return false; } $fileEnding = pathinfo($filename, PATHINFO_EXTENSION); if ($this->mimetypes) { $mime = false; if (function_exists('finfo_open') && function_exists('finfo_file') && function_exists('finfo_close')) { $finfo = finfo_open(FILEINFO_MIME); $mime = finfo_file($finfo, $tempname); finfo_close($finfo); $mime = array_shift(preg_split('/[; ]/', $mime)); if (!in_array($mime, $this->mimetypes)) { return false; } } elseif (function_exists('mime_content_type')) { $mime = mime_content_type($tempname); $mime = array_shift(preg_split('/[; ]/', $mime)); if (!in_array($mime, $this->mimetypes)) { return false; } } else { // try to get the extension... not really secure... if (!in_array($fileEnding, $this->extensions)) { return false; } } } else { if (!in_array($fileEnding, $this->extensions)) { return false; } } if ($this->numerate) { //Do no overwrite existing files $offset = 0; $files = array(); $file = scandir($this->root_path . $this->folder); foreach ($file as $this_file) { if (valid_folder($this_file) && !is_dir($this_file)) { $files[] = $this_file; } } $pathinfo = pathinfo($filename); $name = $pathinfo['filename']; $arrFiles = preg_grep('/^' . preg_quote($name, '/') . '.*\\.' . preg_quote($fileEnding, '/') . '/', $files); foreach ($arrFiles as $strFile) { if (preg_match('/_[0-9]+\\.' . preg_quote($pathinfo['extension'], '/') . '$/', $strFile)) { $strFile = str_replace('.' . $pathinfo['extension'], '', $strFile); $intValue = intval(substr($strFile, strrpos($strFile, '_') + 1)); $offset = max($offset, $intValue); } } $filename = str_replace($name, $name . '_' . ++$offset, $filename); } if (isFilelinkInFolder(str_replace(registry::get_const('root_path'), "", $this->folder . $filename), str_replace(registry::get_const('root_path'), "", $this->folder))) { $this->pfh->FileMove($tempname, $this->folder . $filename, true); } else { unlink($tempname); return false; } return str_replace(registry::get_const('root_path'), "", $this->folder . $filename); }