コード例 #1
0
function checkAuthorizedDirectory($directory)
{
    // --------------
    // 1 - This function checks whether the current $directory name contains a banned
    // keyword.
    // 2 - It also checks if the current $directory is a subdirectory of the
    // homedirectory. The rootdirectory is first checked for the current user;
    // if this is not set, the default rootdirectory is checked.
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_globals, $net2ftp_settings, $net2ftp_result;
    // -------------------------------------------------------------------------
    // 1 - Check if the directory name contains a banned keyword
    // -------------------------------------------------------------------------
    if (checkAuthorizedName($directory) == false) {
        return false;
    }
    // -------------------------------------------------------------------------
    // 2 - Check if the directory is a subdirectory of the homedirectory (set in the DB)
    // -------------------------------------------------------------------------
    // ----------------------------------------------
    // Initial checks
    // ----------------------------------------------
    if ($net2ftp_settings["use_database"] != "yes" || $net2ftp_settings["check_homedirectory"] != "yes") {
        return true;
    }
    // ----------------------------------------------
    // Get the homedirectory from the database, then store it in a global
    // variable, and from then on, don't access the database any more
    // ----------------------------------------------
    $net2ftp_globals["homedirectory"] = getRootdirectory();
    // ----------------------------------------------
    // Check if the current directory is a subdirectory of the homedirectory
    // ----------------------------------------------
    if (isSubdirectory($net2ftp_globals["homedirectory"], $directory) == false) {
        return false;
    } else {
        return true;
    }
}
コード例 #2
0
function ftp_getlist($conn_id, $directory)
{
    // --------------
    // This function connects to the FTP server and returns an array with a list of directories and files.
    // One row per directory or file, with rows from index 1 to n
    //
    // Step 1: send ftp_rawlist request to the FTP server; this returns a string
    // Step 2: parse that string and get a first array ($templist)
    // Step 3: move the rows to another array, to index 1 to n ($list)
    //
    // This function is used in all functions which process directories recursively.
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_globals, $net2ftp_settings;
    // -------------------------------------------------------------------------
    // Initialization
    // -------------------------------------------------------------------------
    $warnings = "";
    // -------------------------------------------------------------------------
    // Step 1: Chdir to the directory and get the current directory
    // -------------------------------------------------------------------------
    // ----------------------------------------------
    // Step 1a - Directory is "/"
    // Chdir to the directory because otherwise the ftp_rawlist does not work on some FTP servers
    // ----------------------------------------------
    if ($directory == "/") {
        $result1a = @ftp_chdir($conn_id, $directory);
    } elseif ($directory == "") {
        $result1b = @ftp_chdir($conn_id, $directory);
        $directory = @ftp_pwd($conn_id);
    } else {
        // 1c1 - Replace \' by \\' to be able to delete directories with names containing \'
        $directory1 = str_replace("\\'", "\\\\'", $directory);
        // 1c2 - Chdir to the directory
        // This is to check if the directory exists, but also because otherwise
        // the ftp_rawlist does not work on some FTP servers.
        $result1c = @ftp_chdir($conn_id, $directory1);
        // 1c3 - If the first ftp_chdir returns false, try a second time without the leading /
        // Some Windows FTP servers do not work when you use a leading /
        if ($result1c == false) {
            $directory2 = stripDirectory($directory1);
            $result2 = @ftp_chdir($conn_id, $directory2);
            // 1c3 - If the second ftp_chdir also does not work:
            //           For the Browse screen ==> go to the user's root directory
            //           For all other screens ==> return error
            if ($result2 == false) {
                if ($net2ftp_globals["state"] == "browse") {
                    $rootdirectory = getRootdirectory();
                    // User's root directory is different from the current directory, so switch to it
                    if ($directory != $rootdirectory) {
                        $warnings .= __("The directory <b>%1\$s</b> does not exist or could not be selected, so the directory <b>%2\$s</b> is shown instead.", $directory, $rootdirectory);
                        $directory = $rootdirectory;
                        $result3 = @ftp_chdir($conn_id, $directory);
                    } else {
                        $errormessage = __("Your root directory <b>%1\$s</b> does not exist or could not be selected.", $directory);
                        setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
                    }
                } else {
                    $errormessage = __("The directory <b>%1\$s</b> could not be selected - you may not have sufficient rights to view this directory, or it may not exist.", $directory);
                    setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
                }
            }
            // end if result2
        }
        // end if result1
    }
    // end if / or "" or else
    // -------------------------------------------------------------------------
    // Step 2 - Get list of directories and files
    // The -a option is used to show the hidden files as well on some FTP servers
    // Some servers do not return anything when using -a, so in that case try again without the -a option
    // -------------------------------------------------------------------------
    $rawlist = ftp_rawlist($conn_id, "-a");
    if (sizeof($rawlist) <= 1) {
        $rawlist = ftp_rawlist($conn_id, "");
    }
    // -------------------------------------------------------------------------
    // Step 3 - Parse the raw list
    // -------------------------------------------------------------------------
    // ----------------------------------------------
    // Initialize variables
    // ----------------------------------------------
    $list["directories"] = array();
    $list["files"] = array();
    $list["symlinks"] = array();
    $list["unrecognized"] = array();
    $directory_index = 1;
    $file_index = 1;
    $symlink_index = 1;
    $unrecognized_index = 1;
    $list["stats"]["directories"]["total_number"] = 0;
    $list["stats"]["directories"]["total_size"] = 0;
    $list["stats"]["directories"]["total_skipped"] = 0;
    $list["stats"]["files"]["total_number"] = 0;
    $list["stats"]["files"]["total_size"] = 0;
    $list["stats"]["files"]["total_skipped"] = 0;
    $list["stats"]["symlinks"]["total_number"] = 0;
    $list["stats"]["symlinks"]["total_size"] = 0;
    $list["stats"]["symlinks"]["total_skipped"] = 0;
    $list["stats"]["unrecognized"]["total_number"] = 0;
    $list["stats"]["unrecognized"]["total_size"] = 0;
    $list["stats"]["unrecognized"]["total_skipped"] = 0;
    // ----------------------------------------------
    // Loop over the raw list lines
    // ----------------------------------------------
    $nr_entries_banned_keyword = 0;
    $nr_entries_too_big = 0;
    for ($i = 0; $i < sizeof($rawlist); $i++) {
        // ----------------------------------------------
        // Scan each line
        // ----------------------------------------------
        $listline = ftp_scanline($directory, $rawlist[$i]);
        // If $listline is empty (e.g. if it contained ".."), continue to the next line
        if ($listline == "") {
            continue;
        }
        // Encode the name for HTML and Javascript
        if (isset($listline["dirfilename"])) {
            $listline["dirfilename_html"] = htmlEncode2($listline["dirfilename"]);
            $listline["dirfilename_url"] = urlEncode2($listline["dirfilename"]);
            $listline["dirfilename_js"] = javascriptEncode2($listline["dirfilename"]);
        }
        // Check if the filename contains a forbidden keyword
        // If it does, then this line will not be selectable on the Browse screen
        // Note: even if "selectable" is set to true here, it can still be set to false just below if the filesize is too big
        if (checkAuthorizedName($listline["dirfilename"]) == true) {
            $listline["selectable"] = "ok";
        } else {
            $listline["selectable"] = "banned_keyword";
            $nr_entries_banned_keyword++;
        }
        // Check if the filesize is bigger than the maximum authorized filesize
        if ($listline["dirorfile"] == "-" && isset($listline["size"]) && is_numeric($listline["size"])) {
            if ($listline["selectable"] == "ok" && $listline["size"] > $net2ftp_settings["max_filesize"]) {
                $listline["selectable"] = "too_big";
                $nr_entries_too_big++;
            }
        }
        // Form the new directory filename and encode it too
        if ($listline["dirorfile"] == "d") {
            $listline["newdir"] = glueDirectories($directory, $listline["dirfilename"]);
            $listline["newdir_html"] = htmlEncode2($listline["newdir"]);
            $listline["newdir_url"] = urlEncode2($listline["newdir"]);
            $listline["newdir_js"] = javascriptEncode2($listline["newdir"]);
        }
        // ----------------------------------------------
        // Depending on if the line contained a directory/file/symlink/unrecognized
        // row, store the result in different variables
        // ----------------------------------------------
        if ($listline["dirorfile"] == "d") {
            $list["directories"][$directory_index] = $listline;
            $directory_index++;
            if (isset($listline["size"]) && is_numeric($listline["size"])) {
                $list["stats"]["directories"]["total_size"] = $list["stats"]["directories"]["total_size"] + $listline["size"];
            } else {
                $list["stats"]["directories"]["total_skipped"] = $list["stats"]["directories"]["total_skipped"] + 1;
            }
        } elseif ($listline["dirorfile"] == "-") {
            $list["files"][$file_index] = $listline;
            $file_index++;
            if (isset($listline["size"]) && is_numeric($listline["size"])) {
                $list["stats"]["files"]["total_size"] = $list["stats"]["files"]["total_size"] + $listline["size"];
            } else {
                $list["stats"]["files"]["total_skipped"] = $list["stats"]["files"]["total_skipped"] + 1;
            }
        } elseif ($listline["dirorfile"] == "l") {
            $list["symlinks"][$symlink_index] = $listline;
            $symlink_index++;
        } elseif ($listline["dirorfile"] == "u") {
            $list["unrecognized"][$unrecognized_index] = $listline;
            $unrecognized_index++;
        }
        // end elseif
    }
    // end for
    // Print a warning message if some directories, files or symlinks contain a banned keyword or if a file is
    // too big to be downloaded
    if ($nr_entries_banned_keyword > 0) {
        $warnings .= __("Entries which contain banned keywords can't be managed using net2ftp. This is to avoid Paypal or Ebay scams from being uploaded through net2ftp.");
        $warnings .= "<br />\n";
    }
    if ($nr_entries_too_big > 0) {
        $warnings .= __("Files which are too big can't be downloaded, uploaded, copied, moved, searched, zipped, unzipped, viewed or edited; they can only be renamed, chmodded or deleted.");
        $warnings .= "<br />\n";
    }
    // Store the warnings and new directory in $list["stats"]
    if (isset($warnings) == true) {
        $list["stats"]["warnings"] = $warnings;
    } else {
        $list["stats"]["warnings"] = "";
    }
    $list["stats"]["newdirectory"] = $directory;
    // Store the statistics
    $list["stats"]["directories"]["total_size_formated"] = formatFilesize($list["stats"]["directories"]["total_size"]);
    $list["stats"]["files"]["total_size_formated"] = formatFilesize($list["stats"]["files"]["total_size"]);
    $list["stats"]["directories"]["total_number"] = $directory_index - 1;
    $list["stats"]["files"]["total_number"] = $file_index - 1;
    $list["stats"]["symlinks"]["total_number"] = $symlink_index - 1;
    $list["stats"]["unrecognized"]["total_number"] = $unrecognized_index - 1;
    // Put everything together in $list["all"]
    $list["all"] = $list["directories"] + $list["files"] + $list["symlinks"] + $list["unrecognized"];
    // -------------------------------------------------------------------------
    // Step 4 - Return the result
    // -------------------------------------------------------------------------
    return $list;
    // -------------------------------------------------------------------------
    // Some documentation:
    // 1 - Some FTP servers return a total on the first line
    // 2 - Some FTP servers return . and .. in their list of directories
    // ftp_scanline does not return those entries.
    // -------------------------------------------------------------------------
    // 1 - After doing some tests on different public FTP servers, it appears that
    // they reply differently to the ftp_rawlist request:
    //      - some FTP servers, like ftp.belnet.be, start with a line summarizing how
    //        many subdirectories and files there are in the current directory. The
    //        real list of subdirectories and files starts on the second line.
    //               [0] => total 15
    //               [1] => drwxr-xr-x 11 BELNET Archive 512 Feb 6 2000 BELNET
    //               [2] => drwxr-xr-x 2 BELNET Archive 512 Oct 29 2001 FVD-SFI
    //      - some other FTP servers, like ftp.redhat.com/pub, start directly with the
    //        list of subdirectories and files.
    //               [0] => drwxr-xr-x 9 ftp ftp 4096 Jan 11 06:34 contrib
    //               [1] => drwxr-xr-x 13 ftp ftp 4096 Jan 29 21:59 redhat
    //               [2] => drwxrwsr-x 6 ftp ftp 4096 Jun 05 2002 up2date
    // 2 - Some FTP servers return "." and ".." as directories. These fake entries
    // have to be eliminated!
    // They would cause infinite loops in the copy/move/delete functions.
    //               [0] => drwxr-xr-x 5 80 www 512 Apr 10 09:39 .
    //               [1] => drwxr-xr-x 16 80 www 512 Apr 9 08:51 ..
    //               [2] => -rw-r--r-- 1 80 www 5647 Apr 9 08:12 _CHANGES_v0.5
    //               [3] => -rw-r--r-- 1 80 www 1239 Apr 9 08:12 _CREDITS_v0.5
}