$tmpl->setvar('dir', $dir); $tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']); $tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']); } else { $file = tfb_getRequestVar('fileFrom'); $fileTo = tfb_getRequestVar('fileTo'); $dir = tfb_getRequestVar('dir'); $sourceDir = $cfg["path"] . $dir; $targetDir = $cfg["path"] . $dir . $fileTo; // Add slashes if magic_quotes off: if (get_magic_quotes_gpc() !== 1) { $targetDir = addslashes($targetDir); $sourceDir = addslashes($sourceDir); } // only valid dirs + entries with permission if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && tfb_isValidPath($targetDir) && isValidEntry($file) && isValidEntry($fileTo) && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir . " to " . $fileTo); @error("Illegal rename. Action has been logged.", "", ""); } // Use single quote to escape mv args: $cmd = "mv '" . $sourceDir . $file . "' '" . $targetDir . "'"; $cmd .= ' 2>&1'; $handle = popen($cmd, 'r'); $gotError = -1; $buff = fgets($handle); $gotError = $gotError + 1; pclose($handle); // template $tmpl->setvar('is_start', 0); $tmpl->setvar('messages', nl2br($buff)); if ($gotError <= 0) {
array_push($target_list, array('name' => $targetName, 'selected' => $target == $targetName ? 1 : 0)); } } @closedir($dirHandle); } // stop here if no targets found if (empty($target_list)) { $tmpl->setvar('content', "<br><p><strong>No Targets found.</strong></p>"); break; } // set target-list $tmpl->setloop('target_list', $target_list); // target-content $targetFile = _MRTG_DIR_INPUT . "/" . $target . ".inc"; // check target if (!(tfb_isValidPath($targetFile) === true && preg_match('/^[0-9a-zA-Z_]+$/D', $target) && @is_file($targetFile))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MRTG-TARGET: " . $cfg["user"] . " tried to access " . $target); @error("Invalid Target", "", "", array($target)); } $content = @file_get_contents($targetFile); // we are only interested in the "real" content $tempAry = explode("_CONTENT_BEGIN_", $content); if (is_array($tempAry)) { $tempVar = array_pop($tempAry); $tempAry = explode("_CONTENT_END_", $tempVar); if (is_array($tempAry)) { $content = array_shift($tempAry); // rewrite image-links $content = preg_replace('/(.*")(.*)(png".*)/i', '${1}' . _IMAGE_URL . _IMAGE_PREFIX_MRTG . '${2}${3}', $content); // set var $tmpl->setvar('content', $content);
/** * deletes data of a transfer * * @param $transfer name of the transfer * @return array */ function deleteTransferData($transfer) { global $cfg, $transfers; $msgs = array(); $isTransmissionTorrent = false; if ($cfg["transmission_rpc_enable"] == 2 && isHash($transfer)) { require_once 'inc/classes/Transmission.class.php'; $trans = new Transmission(); require_once 'inc/functions/functions.rpc.transmission.php'; $theTorrent = getTransmissionTransfer($transfer, array('hashString', 'id', 'name')); $isTransmissionTorrent = is_array($theTorrent); } if ($isTransmissionTorrent) { $response = $trans->remove($theTorrent['id'], true); if ($response[result] != "success") { @error("Delete of torrent failed", "", "", $response[result]); } } else { if ($cfg['isAdmin'] || IsOwner($cfg["user"], getOwner($transfer))) { // only torrent if (substr($transfer, -8) != ".torrent") { return $msgs; } // delete data $datapath = getTransferDatapath($transfer); if ($datapath != "" && $datapath != ".") { $targetPath = getTransferSavepath($transfer) . $datapath; if (tfb_isValidPath($targetPath)) { if (@is_dir($targetPath) || @is_file($targetPath)) { avddelete($targetPath); AuditAction($cfg["constants"]["fm_delete"], $targetPath); } } else { $msg = "ILLEGAL DELETE: " . $cfg["user"] . " attempted to delete data of " . $transfer; AuditAction($cfg["constants"]["error"], $msg); array_push($msgs, $msg); } } } else { $msg = "ILLEGAL DELETE: " . $cfg["user"] . " attempted to delete data of " . $transfer; AuditAction($cfg["constants"]["error"], $msg); array_push($msgs, $msg); } } return $msgs; }
@error("Required binary could not be found", "", "", $cfg['isAdmin'] ? array('cksfv is required for sfv-checking', 'Specified cksfv-binary does not exist: ' . $cfg['bin_cksfv'], 'Check Settings on Admin-Server-Settings Page') : array('Please contact an Admin')); } // target $dir = tfb_getRequestVar('dir'); $file = tfb_getRequestVar('file'); // validate dir + file if (!empty($dir)) { $dirS = str_replace($cfg["path"], '', $dir); if (!(tfb_isValidPath($dir) && hasPermission($dirS, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL SFV-ACCESS: " . $cfg["user"] . " tried to check " . $dirS); @error("Illegal access. Action has been logged.", "", ""); } } if (!empty($file)) { $fileS = str_replace($cfg["path"], '', $file); if (!(tfb_isValidPath($file) && isValidEntry(basename($file)) && hasPermission($fileS, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL SFV-ACCESS: " . $cfg["user"] . " tried to check " . $fileS); @error("Illegal access. Action has been logged.", "", ""); } } // init template-instance tmplInitializeInstance($cfg["theme"], "page.checkSFV.tmpl"); // process $cmd = $cfg['bin_cksfv'] . ' -C ' . tfb_shellencode($dir) . ' -f ' . tfb_shellencode($file); $handle = popen($cmd . ' 2>&1', 'r'); $buff = isset($cfg["debuglevel"]) && $cfg["debuglevel"] == 2 ? "<strong>Debug:</strong> Evaluating command:<br/><br/><pre>" . tfb_htmlencode($cmd) . "</pre><br/>Output follows below:<br/>" : ""; $buff .= "<pre>"; while (!feof($handle)) { $buff .= tfb_htmlencode(@fgets($handle, 30)); } $tmpl->setvar('buff', $buff);
} } else { $file = $_POST['file']; $targetDir = ""; if (isset($_POST['dest'])) { $tempDir = trim(rawurldecode($_POST['dest'])); if (strlen($tempDir) > 0) { $targetDir = $tempDir; } else { if (isset($_POST['selector'])) { $targetDir = trim(urldecode($_POST['selector'])); } } } // only valid dirs + entries with permission if (!(tfb_isValidPath($cfg["path"] . $file) && tfb_isValidPath($targetDir) && isValidEntry(basename($cfg["path"] . $file)) && hasPermission($file, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MOVE: " . $cfg["user"] . " tried to move " . $file . " to " . $targetDir); @error("Illegal move. Action has been logged.", "", ""); } // we need absolute paths or stuff will end up in docroot // inform user .. don't move it into a fallback-dir which may be a hassle $dirValid = true; if (strlen($targetDir) <= 0) { $dirValid = false; } else { if ($targetDir[0] != '/') { $tmpl->setvar('not_absolute', 1); $dirValid = false; } else { $tmpl->setvar('not_absolute', 0); }
/** * mrtg */ function image_mrtg() { global $cfg; // filename $fileName = tfb_getRequestVar('f'); if (empty($fileName)) { Image::paintNoOp(); } $targetFile = $cfg["path"] . '.mrtg/' . $fileName; // validate file if (!(tfb_isValidPath($targetFile) === true && preg_match('/^[0-9a-zA-Z_]+(-day|-week|-month|-year)(.png)$/D', $fileName) && @is_file($targetFile))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MRTG-IMAGE: " . $cfg["user"] . " tried to access " . $fileName); Image::paintNoOp(); } // send content @header('Accept-Ranges: bytes'); @header('Content-Length: ' . filesize($targetFile)); @header('Content-Type: image/png'); @fpassthru(fopen($targetFile, 'rb')); exit; }
/** * downloads as archive. * * @param $down * @return string with current */ function downloadArchive($down) { global $cfg; $current = ""; if (tfb_isValidPath($down)) { // This prevents the script from getting killed off when running lengthy tar jobs. @ini_set("max_execution_time", 3600); $down = $cfg["path"] . $down; $arTemp = explode("/", $down); if (count($arTemp) > 1) { array_pop($arTemp); $current = implode("/", $arTemp); } // Find out if we're really trying to access a file within the // proper directory structure. Sadly, this way requires that $cfg["path"] // is a REAL path, not a symlinked one. Also check if $cfg["path"] is part // of the REAL path. if (is_dir($down)) { $sendname = basename($down); switch ($cfg["package_type"]) { case "tar": $command = "tar cf - \"" . addslashes($sendname) . "\""; break; case "zip": $command = "zip -0r - \"" . addslashes($sendname) . "\""; break; default: $cfg["package_type"] = "tar"; $command = "tar cf - \"" . addslashes($sendname) . "\""; break; } // filenames in IE containing dots will screw up the filename $headerName = strstr($_SERVER['HTTP_USER_AGENT'], "MSIE") ? preg_replace('/\\./', '%2e', $sendname, substr_count($sendname, '.') - 1) : $sendname; @header("Cache-Control: no-cache"); @header("Pragma: no-cache"); @header("Content-Description: File Transfer"); @header("Content-Type: application/force-download"); @header('Content-Disposition: attachment; filename="' . $headerName . '.' . $cfg["package_type"] . '"'); // write the session to close so you can continue to browse on the site. @session_write_close(); // Make it a bit easier for tar/zip. chdir(dirname($down)); passthru($command); AuditAction($cfg["constants"]["fm_download"], $sendname . "." . $cfg["package_type"]); exit; } else { AuditAction($cfg["constants"]["error"], "Illegal download: " . $cfg["user"] . " tried to download " . $down); } } else { AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: " . $cfg["user"] . " tried to download " . $down); } return $current; }
/** * deletes data of a transfer * * @param $transfer name of the transfer * @return array */ function deleteTransferData($transfer) { global $cfg, $transfers; $msgs = array(); if ($cfg['isAdmin'] || IsOwner($cfg["user"], getOwner($transfer))) { // only torrent if (substr($transfer, -8) != ".torrent") { return $msgs; } // delete data $datapath = getTransferDatapath($transfer); if ($datapath != "" && $datapath != ".") { $targetPath = getTransferSavepath($transfer) . $datapath; if (tfb_isValidPath($targetPath)) { if (@is_dir($targetPath) || @is_file($targetPath)) { avddelete($targetPath); AuditAction($cfg["constants"]["fm_delete"], $targetPath); } } else { $msg = "ILLEGAL DELETE: " . $cfg["user"] . " attempted to delete data of " . $transfer; AuditAction($cfg["constants"]["error"], $msg); array_push($msgs, $msg); } } } else { $msg = "ILLEGAL DELETE: " . $cfg["user"] . " attempted to delete data of " . $transfer; AuditAction($cfg["constants"]["error"], $msg); array_push($msgs, $msg); } return $msgs; }
} /******************************************************************************/ // common functions require_once 'inc/functions/functions.common.php'; // dir functions require_once 'inc/functions/functions.dir.php'; // is enabled ? if ($cfg["enable_view_nfo"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use nfo-viewer"); @error("nfo-viewer is disabled. Action has been logged.", "", ""); } // target $file = UrlHTMLSlashesDecode(tfb_getRequestVar("path")); $path = $cfg["path"] . $file; // only valid dirs + entries with permission if (!((tfb_isValidPath($path, ".nfo") || tfb_isValidPath($path, ".txt") || tfb_isValidPath($path, ".log")) && isValidEntry($file) && hasPermission($file, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL NFO-ACCESS: " . $cfg["user"] . " tried to view " . $file); @error("Illegal access. Action has been logged.", "", ""); } // init template-instance tmplInitializeInstance($cfg["theme"], "page.viewnfo.tmpl"); // set vars $tmpl->setvar('file', $file); $folder = htmlspecialchars(substr($file, 0, strrpos($file, "/"))); $tmpl->setvar('folder', $folder); if ($fileHandle = @fopen($path, 'r')) { $output = ""; while (!@feof($fileHandle)) { $output .= @fgets($fileHandle, 4096); } @fclose($fileHandle);
* download as archive ******************************************************************************/ if ($tar != "") { // is enabled ? if ($cfg["enable_file_download"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use download (" . $tar . ")"); @error("download is disabled", "index.php?iid=index", ""); } // only valid entry with permission if (isValidEntry(basename($tar)) && hasPermission($tar, $cfg["user"], 'r')) { @ini_set("zlib.output_compression", "Off"); $current = downloadArchive($tar); } else { AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: " . $cfg["user"] . " tried to download " . $tar); $current = $tar; if (tfb_isValidPath($tar)) { $arTemp = explode("/", $tar); if (count($arTemp) > 1) { array_pop($arTemp); $current = implode("/", $arTemp); } } } @header("Location: index.php?iid=dir&dir=" . UrlHTMLSlashesEncode($current)); exit; } /******************************************************************************* * wget ******************************************************************************/ function _dir_cleanFileName($inName) {
@error("Required binary could not be found", "", "", $cfg['isAdmin'] ? array('python is required for maketorrent', 'Specified python-binary does not exist: ' . $cfg['pythonCmd'], 'Check Settings on Admin-Server-Settings Page') : array('Please contact an Admin')); } /******************************************************************************* * create + page ******************************************************************************/ // file + torrent vars $path = tfb_getRequestVarRaw('path'); $torrent = ""; if (!empty($path)) { $torrent = tfb_cleanFileName(StripFolders($path) . ".torrent"); if ($torrent === false) { @error("Invalid torrent-name", "", "", array($path)); } } // only valid dirs + entries with permission if (!(tfb_isValidPath($cfg["path"] . $path) && hasPermission($path, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MAKETORRENT: " . $cfg["user"] . " tried to maketorrent with " . $path); @error("Illegal maketorrent. Action has been logged.", "", ""); } // check if there is a var sent for client, if not use default $client = isset($_REQUEST["client"]) ? tfb_getRequestVar('client') : $cfg["dir_maketorrent_default"]; // client-generic vars $tfile = tfb_getRequestVar('torrent'); $comment = tfb_getRequestVar('comments'); $alert = isset($_POST["alert"]) ? 1 : 0; // client-switch switch ($client) { default: case "tornado": $announce = isset($_POST['announce']) ? $_POST['announce'] : "http://"; $ancelist = tfb_getRequestVar('announcelist');
$buff = ""; while (!feof($handle)) { $buff .= fgets($handle, 30); } $tmpl->setvar('buff', nl2br($buff)); pclose($handle); } // set vars if (isset($_REQUEST['file']) && $_REQUEST['file'] != "") { $file = tfb_getRequestVar('file'); $dir = tfb_getRequestVar('dir'); $file = str_replace($cfg["path"], '', $file); $dir = str_replace($cfg["path"], '', $dir); $targetFile = $cfg["path"] . $file; // only valid dirs + entries with permission if (!(tfb_isValidPath($targetFile) && isValidEntry(basename($targetFile)) && hasPermission($file, $cfg["user"], 'r') && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL UNCOMPRESS-ACCESS: " . $cfg["user"] . " tried to uncompress " . $file); @error("Illegal access. Action has been logged.", "", ""); } // $tmpl->setvar('is_file', 1); $tmpl->setvar('url_file', str_replace('%2F', '/', urlencode($cfg["path"] . $file))); $tmpl->setvar('url_dir', str_replace('%2F', '/', urlencode($cfg["path"] . $dir))); $tmpl->setvar('type', tfb_getRequestVar('type')); } else { $tmpl->setvar('is_file', 0); } // tmplSetTitleBar('Uncompress File', false); tmplSetIidVars(); // parse template