public function create_folder()
{
if ($this->in->get('name') != "") {
$folder = $this->in->get('src_folder') == '/' ? '' : $this->in->get('src_folder');
if (isFilelinkInFolder($this->pfh->FolderPath('files', 'eqdkp') . $folder . '/' . strtolower($this->in->get('name')), $this->pfh->FolderPath('files', 'eqdkp', true))) {
$this->pfh->CheckCreateFolder($this->pfh->FolderPath('files', 'eqdkp') . $folder . '/' . strtolower($this->in->get('name')));
}
}
}
/**
* Return file info or false on error
*
* @param string $hash file hash
* @param bool $realpath add realpath field to file info
* @return array|false
* @author Dmitry (dio) Levashov
**/
public function file($hash)
{
$path = $this->decode($hash);
//Security
if (!isFilelinkInFolder($path, get_absolute_path($this->root)) && $path !== $this->root) {
return $this->setError(elFinder::ERROR_FILE_NOT_FOUND);
}
return ($file = $this->stat($path)) ? $file : $this->setError(elFinder::ERROR_FILE_NOT_FOUND);
if (($file = $this->stat($path)) != false) {
if ($realpath) {
$file['realpath'] = $path;
}
return $file;
}
return $this->setError(elFinder::ERROR_FILE_NOT_FOUND);
}
/**
* Write a string to a file
*
* @param string $path file path
* @param string $content new file content
* @return bool
* @author Dmitry (dio) Levashov
**/
protected function _filePutContents($path, $content)
{
//Security
if (!isFilelinkInFolder($path, get_absolute_path($this->root))) {
return false;
}
$a = register('pfh')->putContent($path, $content);
return $a;
}
case 'imageupload_del':
// check if the user is logged in
if (!registry::fetch('user')->is_signedin()) {
echo 'You have no permission to see this page as you are not logged in';
exit;
}
// set the file name
$tmp_filename = registry::register('encrypt')->decrypt(registry::register('input')->get('data', ''));
// now check if the input file type is right
$fileEnding = pathinfo($tmp_filename, PATHINFO_EXTENSION);
if (array_key_exists($fileEnding, $mime_types)) {
echo 'You tried to delete a file with an extension which is not allowed.... Bad guy! Do not try to hack this page...';
exit;
}
// check if the path is ok...
if (isFilelinkInFolder($tmp_filename, 'data')) {
echo 'Only actions within the data folder are allowed.';
exit;
}
if ($tmp_filename != '') {
registry::register('file_handler')->Delete($tmp_filename);
}
break;
case 'comments':
if (!registry::fetch('user')->is_signedin()) {
echo 'You have no permission to see this page as you are not logged in';
exit;
}
if (registry::register('input')->get('deleteid', 0)) {
registry::register('comments')->Delete(registry::register('input')->get('page'), registry::register('input')->get('rpath'));
} elseif (registry::register('input')->get('comment', '', 'htmlescape')) {
public function create($strFolder, $intSortation, $strPath, $intPageNumber = 0)
{
$strFolder = str_replace("*+*+*", "/", $strFolder);
$strOrigFolder = $strFolder;
//Subfolder navigation
if ($this->in->get('gf') != "" && $this->in->get('gsf') != "") {
if (base64_decode($this->in->get('gf')) == $strOrigFolder) {
$strFolder = base64_decode($this->in->get('gsf'));
}
}
$contentFolder = $this->pfh->FolderPath($strFolder, 'files');
$contentFolderSP = $this->pfh->FolderPath($strFolder, 'files', 'serverpath');
$dataFolder = $this->pfh->FolderPath('system', 'files', 'plain');
$blnIsSafe = isFilelinkInFolder($contentFolder, $dataFolder);
if (!$blnIsSafe) {
return "";
}
$arrFiles = sdir($contentFolder);
$arrDirs = $arrImages = $arrImagesDate = array();
foreach ($arrFiles as $key => $val) {
if (is_dir($contentFolder . $val)) {
$arrDirs[] = $val;
} else {
$extension = strtolower(pathinfo($val, PATHINFO_EXTENSION));
if (in_array($extension, array('jpg', 'png', 'gif', 'jpeg'))) {
$arrImages[$val] = pathinfo($val, PATHINFO_FILENAME);
$arrImageDimensions[$val] = getimagesize($contentFolder . $val);
if ($intSortation == 2 || $intSortation == 3) {
$arrImagesDate[$val] = filemtime($contentFolder . $val);
}
}
}
}
switch ($intSortation) {
case 1:
natcasesort($arrImages);
$arrImages = array_reverse($arrImages);
break;
case 2:
asort($arrImagesDate);
$arrImages = $arrImagesDate;
break;
case 3:
arsort($arrImagesDate);
$arrImages = $arrImagesDate;
break;
default:
natcasesort($arrImages);
}
$strOut = '<ul class="image-gallery">';
$strLink = $strPath . ($intPageNumber > 1 ? '&page=' . $intPageNumber : '');
if ($this->in->exists('gsf') && $this->in->get('gsf') != '') {
$arrPath = array_filter(explode('/', $strFolder));
array_pop($arrPath);
$strFolderUp = implode('/', $arrPath);
if ($strFolderUp == $strOrigFolder) {
$strFolderUp = '';
} else {
$strFolderUp = base64_encode($strFolderUp);
}
$strOut .= '<li class="folderup"><a href="' . $strLink . '&gf=' . base64_encode($strOrigFolder) . '&gsf=' . $strFolderUp . '"><i class="fa fa-level-up fa-flip-horizontal"></i><br/>' . $this->user->lang('back') . '</a></li>';
}
natcasesort($arrDirs);
foreach ($arrDirs as $foldername) {
$strOut .= '<li class="folder"><a href="' . $strLink . '&gf=' . base64_encode($strOrigFolder) . '&gsf=' . base64_encode($strFolder . '/' . $foldername) . '"><i class="fa fa-folder"></i><br/>' . sanitize($foldername) . '</a></li>';
}
$strThumbFolder = $this->pfh->FolderPath('system/thumbs', 'files');
$strThumbFolderSP = $this->pfh->FolderPath('system/thumbs', 'files', 'serverpath');
foreach ($arrImages as $key => $val) {
//Check for thumbnail
$strThumbname = "thumb_" . pathinfo($key, PATHINFO_FILENAME) . "-150x150." . pathinfo($key, PATHINFO_EXTENSION);
$strThumbnail = "";
if (is_file($strThumbFolder . $strThumbname)) {
$strThumbnail = $strThumbFolderSP . $strThumbname;
} else {
//Create thumbnail
$this->pfh->thumbnail($contentFolder . $key, $strThumbFolder, $strThumbname, 150);
if (is_file($strThumbFolder . $strThumbname)) {
$strThumbnail = $strThumbFolderSP . $strThumbname;
}
}
if ($strThumbnail != "") {
$strOut .= '<li class="image"><a href="' . $contentFolderSP . $key . '" class="lightbox_' . md5($strFolder) . '" rel="' . md5($strFolder) . '" title="' . sanitize($key) . '; ' . $arrImageDimensions[$key][0] . 'x' . $arrImageDimensions[$key][1] . ' px"><img src="' . $strThumbnail . '" alt="Image" /></a></li>';
}
}
$strOut .= "</ul><div class=\"clear\"></div>";
$this->jquery->lightbox(md5($strFolder), array('slideshow' => true, 'transition' => "elastic", 'slideshowSpeed' => 4500, 'slideshowAuto' => false));
return $strOut;
}
public function _inpval()
{
$tempname = $_FILES[$this->name]['tmp_name'];
$filename = $_FILES[$this->name]['name'];
$filetype = $_FILES[$this->name]['type'];
if ($tempname == '') {
return false;
}
$fileEnding = pathinfo($filename, PATHINFO_EXTENSION);
if ($this->mimetypes) {
$mime = false;
if (function_exists('finfo_open') && function_exists('finfo_file') && function_exists('finfo_close')) {
$finfo = finfo_open(FILEINFO_MIME);
$mime = finfo_file($finfo, $tempname);
finfo_close($finfo);
$mime = array_shift(preg_split('/[; ]/', $mime));
if (!in_array($mime, $this->mimetypes)) {
return false;
}
} elseif (function_exists('mime_content_type')) {
$mime = mime_content_type($tempname);
$mime = array_shift(preg_split('/[; ]/', $mime));
if (!in_array($mime, $this->mimetypes)) {
return false;
}
} else {
// try to get the extension... not really secure...
if (!in_array($fileEnding, $this->extensions)) {
return false;
}
}
} else {
if (!in_array($fileEnding, $this->extensions)) {
return false;
}
}
if ($this->numerate) {
//Do no overwrite existing files
$offset = 0;
$files = array();
$file = scandir($this->root_path . $this->folder);
foreach ($file as $this_file) {
if (valid_folder($this_file) && !is_dir($this_file)) {
$files[] = $this_file;
}
}
$pathinfo = pathinfo($filename);
$name = $pathinfo['filename'];
$arrFiles = preg_grep('/^' . preg_quote($name, '/') . '.*\\.' . preg_quote($fileEnding, '/') . '/', $files);
foreach ($arrFiles as $strFile) {
if (preg_match('/_[0-9]+\\.' . preg_quote($pathinfo['extension'], '/') . '$/', $strFile)) {
$strFile = str_replace('.' . $pathinfo['extension'], '', $strFile);
$intValue = intval(substr($strFile, strrpos($strFile, '_') + 1));
$offset = max($offset, $intValue);
}
}
$filename = str_replace($name, $name . '_' . ++$offset, $filename);
}
if (isFilelinkInFolder(str_replace(registry::get_const('root_path'), "", $this->folder . $filename), str_replace(registry::get_const('root_path'), "", $this->folder))) {
$this->pfh->FileMove($tempname, $this->folder . $filename, true);
} else {
unlink($tempname);
return false;
}
return str_replace(registry::get_const('root_path'), "", $this->folder . $filename);
}
