$buffer = fread($fp, filesize(DIR_FS_BACKUP . $HTTP_GET_VARS['file']));
fclose($fp);
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . $HTTP_GET_VARS['file']);
echo $buffer;
exit;
}
} else {
$messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');
}
break;
case 'deleteconfirm':
if (strstr($HTTP_GET_VARS['file'], '..')) {
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
tep_remove(DIR_FS_BACKUP . '/' . $HTTP_GET_VARS['file']);
if (!$tep_remove_error) {
$messageStack->add_session(SUCCESS_BACKUP_DELETED, 'success');
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(DIR_FS_BACKUP)) {
if (is_writeable(DIR_FS_BACKUP)) {
$dir_ok = true;
} else {
$messageStack->add(ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error');
}
function tep_remove($source)
{
global $messageStack, $tep_remove_error;
if (isset($tep_remove_error)) {
$tep_remove_error = false;
}
if (is_dir($source)) {
$dir = dir($source);
while ($file = $dir->read()) {
if ($file != '.' && $file != '..') {
if (tep_is_writable($source . '/' . $file)) {
tep_remove($source . '/' . $file);
} else {
$messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source . '/' . $file), 'error');
$tep_remove_error = true;
}
}
}
$dir->close();
if (tep_is_writable($source)) {
rmdir($source);
} else {
$messageStack->add(sprintf(ERROR_DIRECTORY_NOT_REMOVEABLE, $source), 'error');
$tep_remove_error = true;
}
} else {
if (tep_is_writable($source)) {
unlink($source);
} else {
$messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source), 'error');
$tep_remove_error = true;
}
}
}
$buffer = fread($fp, filesize(DIR_FS_BACKUP . basename($HTTP_GET_VARS['file'])));
fclose($fp);
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . basename($HTTP_GET_VARS['file']));
echo $buffer;
die;
}
} else {
$messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');
}
break;
case 'deleteconfirm':
if (strstr($HTTP_GET_VARS['file'], '..')) {
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
tep_remove(DIR_FS_BACKUP . '/' . basename($HTTP_GET_VARS['file']));
if (!$tep_remove_error) {
$messageStack->add_session(SUCCESS_BACKUP_DELETED, 'success');
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(DIR_FS_BACKUP)) {
if (is_writeable(DIR_FS_BACKUP)) {
$dir_ok = true;
} else {
$messageStack->add(ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error');
}
$buffer = fread($fp, filesize(DIR_FS_BACKUP . $_GET['file']));
fclose($fp);
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . $_GET['file']);
echo $buffer;
exit;
}
} else {
$messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');
}
break;
case 'deleteconfirm':
if (strstr($_GET['file'], '..')) {
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
tep_remove(DIR_FS_BACKUP . '/' . $_GET['file']);
if (!$tep_remove_error) {
$messageStack->add_session(SUCCESS_BACKUP_DELETED, 'success');
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(DIR_FS_BACKUP)) {
if (is_writeable(DIR_FS_BACKUP)) {
$dir_ok = true;
} else {
$messageStack->add(ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error');
}
}
if (!ereg('^' . DIR_FS_DOCUMENT_ROOT, $current_path)) {
$current_path = DIR_FS_DOCUMENT_ROOT;
}
$action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'reset':
tep_session_unregister('current_path');
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
break;
case 'deleteconfirm':
if (strstr($HTTP_GET_VARS['info'], '..')) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
tep_remove($current_path . '/' . $HTTP_GET_VARS['info']);
if (!$tep_remove_error) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
break;
case 'insert':
if (mkdir($current_path . '/' . $HTTP_POST_VARS['folder_name'], 0777)) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['folder_name'])));
}
break;
case 'save':
if ($fp = fopen($current_path . '/' . $HTTP_POST_VARS['filename'], 'w+')) {
fputs($fp, stripslashes($HTTP_POST_VARS['file_contents']));
fclose($fp);
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename'])));
}
if (strpos(DIR_FS_CATALOG . 'images', $real_path) === false) {
$current_path = 'images';
}
$real_path = DIR_FS_CATALOG . $current_path;
$action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'reset':
tep_session_unregister('current_path');
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
break;
case 'deleteconfirm':
if (strstr($HTTP_GET_VARS['info'], '..')) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
tep_remove($real_path . '/' . $HTTP_GET_VARS['info']);
if (!$tep_remove_error) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
break;
case 'insert':
if (mkdir($real_path . '/' . $HTTP_POST_VARS['folder_name'], 0777)) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['folder_name'])));
}
break;
case 'save':
if ($fp = fopen($real_path . '/' . $HTTP_POST_VARS['filename'], 'w+')) {
fputs($fp, stripslashes($HTTP_POST_VARS['file_contents']));
fclose($fp);
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename'])));
}
}
if (!ereg('^' . DIR_FS_DOCUMENT_ROOT, $current_path)) {
$current_path = DIR_FS_DOCUMENT_ROOT;
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'reset':
tep_session_unregister('current_path');
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
break;
case 'deleteconfirm':
if (strstr($_GET['info'], '..')) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
tep_remove($current_path . '/' . $_GET['info']);
if (!$tep_remove_error) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
}
break;
case 'insert':
if (mkdir($current_path . '/' . $_POST['folder_name'], 0777)) {
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($_POST['folder_name'])));
}
break;
case 'save':
if ($fp = fopen($current_path . '/' . $_POST['filename'], 'w+')) {
fputs($fp, stripslashes($_POST['file_contents']));
fclose($fp);
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($_POST['filename'])));
}
$buffer = fread($fp, filesize(DIR_FS_BACKUP . basename($_GET['file'])));
fclose($fp);
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . basename($_GET['file']));
echo $buffer;
exit;
}
} else {
$osC_MessageStack->add('header', ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');
}
}
break;
case 'deleteconfirm':
if (isset($_GET['file'])) {
if (file_exists(DIR_FS_BACKUP . basename($_GET['file']))) {
tep_remove(DIR_FS_BACKUP . basename($_GET['file']));
if (!$tep_remove_error) {
$osC_MessageStack->add_session('header', SUCCESS_BACKUP_DELETED, 'success');
tep_redirect(tep_href_link(FILENAME_BACKUP));
}
}
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(DIR_FS_BACKUP)) {
if (is_writeable(DIR_FS_BACKUP)) {
$dir_ok = true;
} else {
if (substr($current_path, 0, strlen(OSC_ADMIN_FILE_MANAGER_ROOT_PATH)) != OSC_ADMIN_FILE_MANAGER_ROOT_PATH || is_dir($current_path) === false) {
$current_path = OSC_ADMIN_FILE_MANAGER_ROOT_PATH;
$osC_Session->set('fm_directory', $current_path);
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (!empty($action)) {
switch ($action) {
case 'reset':
$osC_Session->remove('fm_directory');
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
break;
case 'deleteconfirm':
if (isset($_GET['entry']) && !empty($_GET['entry'])) {
$target = $current_path . '/' . basename($_GET['entry']);
if (is_writeable($target)) {
tep_remove($target);
} else {
if (is_file($target)) {
$osC_MessageStack->add_session('header', sprintf(ERROR_FILE_NOT_WRITEABLE, $target), 'error');
} else {
$osC_MessageStack->add_session('header', sprintf(ERROR_DIRECTORY_NOT_WRITEABLE, $target), 'error');
}
}
}
tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
break;
case 'new_directory':
if (isset($_POST['directory_name']) && !empty($_POST['directory_name'])) {
if (is_writeable($current_path)) {
$new_directory = $current_path . '/' . basename($_POST['directory_name']);
if (file_exists($new_directory) === false) {
