PHP ft_stripslashesの例

コード例 #1

ファイル: zip.plugin.php プロジェクト: elmanet/Intersoft_Realty

/**
 * Implementation of hook_page.
 * Zip current file/folder 
 */
function ft_zip_page($act)
{
    global $ft;
    if ($act == 'zip') {
        $_REQUEST['file'] = trim(ft_stripslashes($_REQUEST['file']));
        // nom de fichier/repertoire
        $zip = new zipfile();
        if ($ft["plugins"]["zip"]["filebuffer"]) {
            $zip->setOutFile($ft["plugins"]["zip"]["filebuffer"]);
        }
        $substr_base = strlen(ft_get_dir()) + 1;
        foreach (ft_zip_getfiles(ft_get_dir() . '/' . $_REQUEST['file']) as $file) {
            $filename = substr($file, $substr_base);
            $filesize = filesize($file);
            if ($filesize > 0) {
                $fp = fopen($file, 'r');
                $content = fread($fp, $filesize);
                fclose($fp);
            } else {
                $content = '';
            }
            $zip->addfile($content, $filename);
        }
        if ($ft["plugins"]["zip"]["filebuffer"]) {
            $zip->finish();
            $filesize = filesize($ft["plugins"]["zip"]["filebuffer"]);
        } else {
            $archive = $zip->file();
            $filesize = strlen($archive);
        }
        header('Content-Type: application/x-zip');
        header('Content-Disposition: inline; filename="' . $_REQUEST['file'] . '.zip"');
        header('Content-Length: ' . $filesize);
        if ($ft["plugins"]["zip"]["filebuffer"]) {
            readfile($ft["plugins"]["zip"]["filebuffer"]);
            unlink($ft["plugins"]["zip"]["filebuffer"]);
        } else {
            echo $archive;
        }
        exit;
    }
}

コード例 #2

ファイル: ft2.php プロジェクト: rekysda/filemanager

/**
 * Run all system actions based on the value of $_REQUEST['act'].
 */
function ft_do_action()
{
    if (!empty($_REQUEST['act'])) {
        // Only one callback action is allowed. So only the first hook that acts on an action is run.
        ft_invoke_hook('action', $_REQUEST['act']);
        # mkdir
        if ($_REQUEST['act'] == "createdir" && CREATE === TRUE) {
            $_POST['newdir'] = trim($_POST['newdir']);
            if ($_POST['type'] == 'file') {
                // Check file against blacklists
                if (strlen($_POST['newdir']) > 0 && ft_check_filetype($_POST['newdir']) && ft_check_file($_POST['newdir'])) {
                    // Create file.
                    $newfile = ft_get_dir() . "/{$_POST['newdir']}";
                    if (file_exists($newfile)) {
                        // Redirect
                        ft_set_message(t("File could not be created. File already exists."), 'error');
                        ft_redirect("dir=" . $_REQUEST['dir']);
                    } elseif (@touch($newfile)) {
                        // Redirect.
                        ft_set_message(t("File created."));
                        ft_redirect("dir=" . $_REQUEST['dir']);
                    } else {
                        // Redirect
                        ft_set_message(t("File could not be created."), 'error');
                        ft_redirect("dir=" . $_REQUEST['dir']);
                    }
                } else {
                    // Redirect
                    ft_set_message(t("File could not be created."), 'error');
                    ft_redirect("dir=" . $_REQUEST['dir']);
                }
            } elseif ($_POST['type'] == 'url') {
                // Create from URL.
                $newname = trim(substr($_POST['newdir'], strrpos($_POST['newdir'], '/') + 1));
                if (strlen($newname) > 0 && ft_check_filetype($newname) && ft_check_file($newname)) {
                    // Open file handlers.
                    $rh = fopen($_POST['newdir'], 'rb');
                    if ($rh === FALSE) {
                        ft_set_message(t("Could not open URL. Possible reason: URL wrappers not enabled."), 'error');
                        ft_redirect("dir=" . $_REQUEST['dir']);
                    }
                    $wh = fopen(ft_get_dir() . '/' . $newname, 'wb');
                    if ($wh === FALSE) {
                        ft_set_message(t("File could not be created."), 'error');
                        ft_redirect("dir=" . $_REQUEST['dir']);
                    }
                    // Download anf write file.
                    while (!feof($rh)) {
                        if (fwrite($wh, fread($rh, 1024)) === FALSE) {
                            ft_set_message(t("File could not be saved."), 'error');
                        }
                    }
                    fclose($rh);
                    fclose($wh);
                    ft_redirect("dir=" . $_REQUEST['dir']);
                } else {
                    // Redirect
                    ft_set_message(t("File could not be created."), 'error');
                    ft_redirect("dir=" . $_REQUEST['dir']);
                }
            } else {
                // Create directory.
                // Check input.
                // if (strstr($_POST['newdir'], ".")) {
                // Throw error (redirect).
                // ft_redirect("status=createddirfail&dir=".$_REQUEST['dir']);
                // } else {
                $_POST['newdir'] = ft_stripslashes($_POST['newdir']);
                $newdir = ft_get_dir() . "/{$_POST['newdir']}";
                $oldumask = umask(0);
                if (strlen($_POST['newdir']) > 0 && @mkdir($newdir, DIRPERMISSION)) {
                    ft_set_message(t("Directory created."));
                    ft_redirect("dir=" . $_REQUEST['dir']);
                } else {
                    // Redirect
                    ft_set_message(t("Directory could not be created."), 'error');
                    ft_redirect("dir=" . $_REQUEST['dir']);
                }
                umask($oldumask);
                // }
            }
            # Move
        } elseif ($_REQUEST['act'] == "move" && ft_check_fileactions() === TRUE) {
            // Check that both file and newvalue are set.
            $file = trim(ft_stripslashes($_REQUEST['file']));
            $dir = trim(ft_stripslashes($_REQUEST['newvalue']));
            if (substr($dir, -1, 1) != "/") {
                $dir .= "/";
            }
            // Check for level.
            if (substr_count($dir, "../") <= substr_count(ft_get_dir(), "/") && ft_check_move($dir) === TRUE) {
                $dir = ft_get_dir() . "/" . $dir;
                if (!empty($file) && file_exists(ft_get_dir() . "/" . $file)) {
                    // Check that destination exists and is a directory.
                    if (is_dir($dir)) {
                        // Move file.
                        if (@rename(ft_get_dir() . "/" . $file, $dir . "/" . $file)) {
                            // Success.
                            ft_set_message(t("!old was moved to !new", array('!old' => $file, '!new' => $dir)));
                            ft_redirect("dir={$_REQUEST['dir']}");
                        } else {
                            // Error rename failed.
                            ft_set_message(t("!old could not be moved.", array('!old' => $file)), 'error');
                            ft_redirect("dir={$_REQUEST['dir']}");
                        }
                    } else {
                        // Error dest. isn't a dir or doesn't exist.
                        ft_set_message(t("Could not move file. !old does not exist or is not a directory.", array('!old' => $dir)), 'error');
                        ft_redirect("dir={$_REQUEST['dir']}");
                    }
                } else {
                    // Error source file doesn't exist.
                    ft_set_message(t("!old could not be moved. It doesn't exist.", array('!old' => $file)), 'error');
                    ft_redirect("dir={$_REQUEST['dir']}");
                }
            } else {
                // Error level
                ft_set_message(t("!old could not be moved outside the base directory.", array('!old' => $file)), 'error');
                ft_redirect("dir={$_REQUEST['dir']}");
            }
            # Delete
        } elseif ($_REQUEST['act'] == "delete" && ft_check_fileactions() === TRUE) {
            // Check that file is set.
            $file = ft_stripslashes($_REQUEST['file']);
            if (!empty($file) && ft_check_file($file)) {
                if (is_dir(ft_get_dir() . "/" . $file)) {
                    if (DELETEFOLDERS == TRUE) {
                        ft_rmdir_recurse(ft_get_dir() . "/" . $file);
                    }
                    if (!@rmdir(ft_get_dir() . "/" . $file)) {
                        ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error');
                        ft_redirect("dir={$_REQUEST['dir']}");
                    } else {
                        ft_set_message(t("!old deleted.", array('!old' => $file)));
                        ft_redirect("dir={$_REQUEST['dir']}");
                    }
                } else {
                    if (!@unlink(ft_get_dir() . "/" . $file)) {
                        ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error');
                        ft_redirect("dir={$_REQUEST['dir']}");
                    } else {
                        ft_set_message(t("!old deleted.", array('!old' => $file)));
                        ft_redirect("dir={$_REQUEST['dir']}");
                    }
                }
            } else {
                ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error');
                ft_redirect("dir={$_REQUEST['dir']}");
            }
            # Rename && Duplicate && Symlink
        } elseif ($_REQUEST['act'] == "rename" || $_REQUEST['act'] == "duplicate" || $_REQUEST['act'] == "symlink" && ft_check_fileactions() === TRUE) {
            // Check that both file and newvalue are set.
            $old = trim(ft_stripslashes($_REQUEST['file']));
            $new = trim(ft_stripslashes($_REQUEST['newvalue']));
            if ($_REQUEST['act'] == 'rename') {
                $m['typefail'] = t("!old was not renamed to !new (type not allowed).", array('!old' => $old, '!new' => $new));
                $m['writefail'] = t("!old could not be renamed (write failed).", array('!old' => $old));
                $m['destfail'] = t("File could not be renamed to !new since it already exists.", array('!new' => $new));
                $m['emptyfail'] = t("File could not be renamed since you didn't specify a new name.");
            } elseif ($_REQUEST['act'] == 'duplicate') {
                $m['typefail'] = t("!old was not duplicated to !new (type not allowed).", array('!old' => $old, '!new' => $new));
                $m['writefail'] = t("!old could not be duplicated (write failed).", array('!old' => $old));
                $m['destfail'] = t("File could not be duplicated to !new since it already exists.", array('!new' => $new));
                $m['emptyfail'] = t("File could not be duplicated since you didn't specify a new name.");
            } elseif ($_REQUEST['act'] == 'symlink') {
                $m['typefail'] = t("Could not create symlink to !old (type not allowed).", array('!old' => $old, '!new' => $new));
                $m['writefail'] = t("Could not create symlink to !old (write failed).", array('!old' => $old));
                $m['destfail'] = t("Could not create symlink !new since it already exists.", array('!new' => $new));
                $m['emptyfail'] = t("Symlink could not be created since you didn't specify a name.");
            }
            if (!empty($old) && !empty($new)) {
                if (ft_check_filetype($new) && ft_check_file($new)) {
                    // Make sure destination file doesn't exist.
                    if (!file_exists(ft_get_dir() . "/" . $new)) {
                        // Check that file exists.
                        if (is_writeable(ft_get_dir() . "/" . $old)) {
                            if ($_REQUEST['act'] == "rename") {
                                if (@rename(ft_get_dir() . "/" . $old, ft_get_dir() . "/" . $new)) {
                                    // Success.
                                    ft_set_message(t("!old was renamed to !new", array('!old' => $old, '!new' => $new)));
                                    ft_redirect("dir={$_REQUEST['dir']}");
                                } else {
                                    // Error rename failed.
                                    ft_set_message(t("!old could not be renamed.", array('!old' => $old)), 'error');
                                    ft_redirect("dir={$_REQUEST['dir']}");
                                }
                            } elseif ($_REQUEST['act'] == 'symlink') {
                                if (ADVANCEDACTIONS == TRUE) {
                                    if (@symlink(realpath(ft_get_dir() . "/" . $old), ft_get_dir() . "/" . $new)) {
                                        @chmod(ft_get_dir() . "/{$new}", PERMISSION);
                                        // Success.
                                        ft_set_message(t("Created symlink !new", array('!old' => $old, '!new' => $new)));
                                        ft_redirect("dir={$_REQUEST['dir']}");
                                    } else {
                                        // Error symlink failed.
                                        ft_set_message(t("Symlink to !old could not be created.", array('!old' => $old)), 'error');
                                        ft_redirect("dir={$_REQUEST['dir']}");
                                    }
                                }
                            } else {
                                if (@copy(ft_get_dir() . "/" . $old, ft_get_dir() . "/" . $new)) {
                                    // Success.
                                    ft_set_message(t("!old was duplicated to !new", array('!old' => $old, '!new' => $new)));
                                    ft_redirect("dir={$_REQUEST['dir']}");
                                } else {
                                    // Error rename failed.
                                    ft_set_message(t("!old could not be duplicated.", array('!old' => $old)), 'error');
                                    ft_redirect("dir={$_REQUEST['dir']}");
                                }
                            }
                        } else {
                            // Error old file isn't writeable.
                            ft_set_message($m['writefail'], 'error');
                            ft_redirect("dir={$_REQUEST['dir']}");
                        }
                    } else {
                        // Error destination exists.
                        ft_set_message($m['destfail'], 'error');
                        ft_redirect("dir={$_REQUEST['dir']}");
                    }
                } else {
                    // Error file type not allowed.
                    ft_set_message($m['typefail'], 'error');
                    ft_redirect("dir={$_REQUEST['dir']}");
                }
            } else {
                // Error. File name not set.
                ft_set_message($m['emptyfail'], 'error');
                ft_redirect("dir={$_REQUEST['dir']}");
            }
            # upload
        } elseif ($_REQUEST['act'] == "upload" && ft_check_upload() === TRUE && (LIMIT <= 0 || LIMIT > ROOTDIRSIZE)) {
            // If we are to upload a file we will do so.
            $msglist = 0;
            foreach ($_FILES as $k => $c) {
                if (!empty($c['name'])) {
                    $c['name'] = ft_stripslashes($c['name']);
                    if ($c['error'] == 0) {
                        // Upload was successfull
                        if (ft_validate_filename($c['name']) && ft_check_filetype($c['name']) && ft_check_file($c['name'])) {
                            if (file_exists(ft_get_dir() . "/{$c['name']}")) {
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File already exists"), 'error');
                            } else {
                                if (@move_uploaded_file($c['tmp_name'], ft_get_dir() . "/{$c['name']}")) {
                                    @chmod(ft_get_dir() . "/{$c['name']}", PERMISSION);
                                    // Success!
                                    $msglist++;
                                    ft_set_message(t('!file was uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))));
                                    ft_invoke_hook('upload', ft_get_dir(), $c['name']);
                                } else {
                                    // File couldn't be moved. Throw error.
                                    $msglist++;
                                    ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File couldn't be moved"), 'error');
                                }
                            }
                        } else {
                            // File type is not allowed. Throw error.
                            $msglist++;
                            ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File type not allowed"), 'error');
                        }
                    } else {
                        // An error occurred.
                        switch ($_FILES["localfile"]["error"]) {
                            case 1:
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("The file was too large"), 'error');
                                break;
                            case 2:
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("The file was larger than MAXSIZE setting."), 'error');
                                break;
                            case 3:
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("Partial upload. Try again"), 'error');
                                break;
                            case 4:
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("No file was uploaded. Please try again"), 'error');
                                break;
                            default:
                                $msglist++;
                                ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("Unknown error"), 'error');
                                break;
                        }
                    }
                }
            }
            if ($msglist > 0) {
                ft_redirect("dir=" . $_REQUEST['dir']);
            } else {
                ft_set_message(t("Upload failed."), 'error');
                ft_redirect("dir=" . $_REQUEST['dir']);
            }
            # Unzip
        } elseif ($_REQUEST['act'] == "unzip" && ft_check_fileactions() === TRUE) {
            // Check that file is set.
            $file = ft_stripslashes($_REQUEST['file']);
            if (!empty($file) && ft_check_file($file) && ft_check_filetype($file) && strtolower(ft_get_ext($file)) == 'zip' && is_file(ft_get_dir() . "/" . $file)) {
                $escapeddir = escapeshellarg(ft_get_dir() . "/");
                $escapedfile = escapeshellarg(ft_get_dir() . "/" . $file);
                if (!@exec("unzip -n " . $escapedfile . " -d " . $escapeddir)) {
                    ft_set_message(t("!old could not be unzipped.", array('!old' => $file)), 'error');
                    ft_redirect("dir={$_REQUEST['dir']}");
                } else {
                    ft_set_message(t("!old unzipped.", array('!old' => $file)));
                    ft_redirect("dir={$_REQUEST['dir']}");
                }
            } else {
                ft_set_message(t("!old could not be unzipped.", array('!old' => $file)), 'error');
                ft_redirect("dir={$_REQUEST['dir']}");
            }
            # chmod
        } elseif ($_REQUEST['act'] == "chmod" && ft_check_fileactions() === TRUE && ADVANCEDACTIONS == TRUE) {
            // Check that file is set.
            $file = ft_stripslashes($_REQUEST['file']);
            if (!empty($file) && ft_check_file($file) && ft_check_filetype($file)) {
                // Check that chosen permission i valid
                if (is_numeric($_REQUEST['newvalue'])) {
                    $chmod = $_REQUEST['newvalue'];
                    if (substr($chmod, 0, 1) == '0') {
                        $chmod = substr($chmod, 0, 4);
                    } else {
                        $chmod = '0' . substr($chmod, 0, 3);
                    }
                    // Chmod
                    if (@chmod(ft_get_dir() . "/" . $file, intval($chmod, 8))) {
                        ft_set_message(t("Permissions changed for !old.", array('!old' => $file)));
                        ft_redirect("dir={$_REQUEST['dir']}");
                        clearstatcache();
                    } else {
                        ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error');
                        ft_redirect("dir={$_REQUEST['dir']}");
                    }
                } else {
                    ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error');
                    ft_redirect("dir={$_REQUEST['dir']}");
                }
            } else {
                ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error');
                ft_redirect("dir={$_REQUEST['dir']}");
            }
            # logout
        } elseif ($_REQUEST['act'] == "logout") {
            ft_invoke_hook('logout', $_SESSION['ft_user_' . MUTEX]);
            $_SESSION = array();
            if (isset($_COOKIE[session_name()])) {
                setcookie(session_name(), '', time() - 42000, '/');
            }
            session_destroy();
            // Delete persistent cookie
            setcookie('ft_user_' . MUTEX, '', time() - 3600);
            ft_redirect();
        }
    }
}

コード例 #3

ファイル: edit.plugin.php プロジェクト: elmanet/Intersoft_Realty

/**
 * Implementation of hook_ajax.
 */
function ft_edit_ajax($act)
{
    if ($act == 'saveedit') {
        // Do save file.
        $file = trim(ft_stripslashes($_POST["file"]));
        // Check if file type can be edited.
        if (ft_check_dir(ft_get_dir()) && ft_check_edit($file) && ft_check_fileactions() === TRUE && ft_check_filetype($file) && ft_check_filetype($file)) {
            $filecontent = ft_stripslashes($_POST["filecontent"]);
            if ($_POST["convertspaces"] != "") {
                $filecontent = str_replace("    ", "\t", $filecontent);
            }
            if (is_writeable(ft_get_dir() . "/{$file}")) {
                $fp = @fopen(ft_get_dir() . "/{$file}", "wb");
                if ($fp) {
                    fputs($fp, $filecontent);
                    fclose($fp);
                    // edit
                    echo '<p class="ok">' . t("!old was saved.", array('!old' => $file)) . '</p>';
                } else {
                    // editfilefail
                    echo '<p class="error">' . t("!old could not be edited.", array('!old' => $file)) . '</p>';
                }
            } else {
                // editfilefail
                echo '<p class="error">' . t("!old could not be edited.", array('!old' => $file)) . '</p>';
            }
        } else {
            // edittypefail
            echo '<p class="error">' . t("Could not edit file. This file type is not editable.") . '</p>';
        }
    } elseif ($act == 'edit_get_lock') {
        ft_edit_lock_set($_POST['file'], $_POST['dir'], $_SESSION['ft_user_' . MUTEX]);
        echo 'File locked.';
    }
}