function checkAuthorizedDirectory($directory)
{
// --------------
// 1 - This function checks whether the current $directory name contains a banned
// keyword.
// 2 - It also checks if the current $directory is a subdirectory of the
// homedirectory. The rootdirectory is first checked for the current user;
// if this is not set, the default rootdirectory is checked.
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_globals, $net2ftp_settings, $net2ftp_result;
// -------------------------------------------------------------------------
// 1 - Check if the directory name contains a banned keyword
// -------------------------------------------------------------------------
if (checkAuthorizedName($directory) == false) {
return false;
}
// -------------------------------------------------------------------------
// 2 - Check if the directory is a subdirectory of the homedirectory (set in the DB)
// -------------------------------------------------------------------------
// ----------------------------------------------
// Initial checks
// ----------------------------------------------
if ($net2ftp_settings["use_database"] != "yes" || $net2ftp_settings["check_homedirectory"] != "yes") {
return true;
}
// ----------------------------------------------
// Get the homedirectory from the database, then store it in a global
// variable, and from then on, don't access the database any more
// ----------------------------------------------
$net2ftp_globals["homedirectory"] = getRootdirectory();
// ----------------------------------------------
// Check if the current directory is a subdirectory of the homedirectory
// ----------------------------------------------
if (isSubdirectory($net2ftp_globals["homedirectory"], $directory) == false) {
return false;
} else {
return true;
}
}
function ftp_getlist($conn_id, $directory)
{
// --------------
// This function connects to the FTP server and returns an array with a list of directories and files.
// One row per directory or file, with rows from index 1 to n
//
// Step 1: send ftp_rawlist request to the FTP server; this returns a string
// Step 2: parse that string and get a first array ($templist)
// Step 3: move the rows to another array, to index 1 to n ($list)
//
// This function is used in all functions which process directories recursively.
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_globals, $net2ftp_settings;
// -------------------------------------------------------------------------
// Initialization
// -------------------------------------------------------------------------
$warnings = "";
// -------------------------------------------------------------------------
// Step 1: Chdir to the directory and get the current directory
// -------------------------------------------------------------------------
// ----------------------------------------------
// Step 1a - Directory is "/"
// Chdir to the directory because otherwise the ftp_rawlist does not work on some FTP servers
// ----------------------------------------------
if ($directory == "/") {
$result1a = @ftp_chdir($conn_id, $directory);
} elseif ($directory == "") {
$result1b = @ftp_chdir($conn_id, $directory);
$directory = @ftp_pwd($conn_id);
} else {
// 1c1 - Replace \' by \\' to be able to delete directories with names containing \'
$directory1 = str_replace("\\'", "\\\\'", $directory);
// 1c2 - Chdir to the directory
// This is to check if the directory exists, but also because otherwise
// the ftp_rawlist does not work on some FTP servers.
$result1c = @ftp_chdir($conn_id, $directory1);
// 1c3 - If the first ftp_chdir returns false, try a second time without the leading /
// Some Windows FTP servers do not work when you use a leading /
if ($result1c == false) {
$directory2 = stripDirectory($directory1);
$result2 = @ftp_chdir($conn_id, $directory2);
// 1c3 - If the second ftp_chdir also does not work:
// For the Browse screen ==> go to the user's root directory
// For all other screens ==> return error
if ($result2 == false) {
if ($net2ftp_globals["state"] == "browse") {
$rootdirectory = getRootdirectory();
// User's root directory is different from the current directory, so switch to it
if ($directory != $rootdirectory) {
$warnings .= __("The directory <b>%1\$s</b> does not exist or could not be selected, so the directory <b>%2\$s</b> is shown instead.", $directory, $rootdirectory);
$directory = $rootdirectory;
$result3 = @ftp_chdir($conn_id, $directory);
} else {
$errormessage = __("Your root directory <b>%1\$s</b> does not exist or could not be selected.", $directory);
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
}
} else {
$errormessage = __("The directory <b>%1\$s</b> could not be selected - you may not have sufficient rights to view this directory, or it may not exist.", $directory);
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
}
}
// end if result2
}
// end if result1
}
// end if / or "" or else
// -------------------------------------------------------------------------
// Step 2 - Get list of directories and files
// The -a option is used to show the hidden files as well on some FTP servers
// Some servers do not return anything when using -a, so in that case try again without the -a option
// -------------------------------------------------------------------------
$rawlist = ftp_rawlist($conn_id, "-a");
if (sizeof($rawlist) <= 1) {
$rawlist = ftp_rawlist($conn_id, "");
}
// -------------------------------------------------------------------------
// Step 3 - Parse the raw list
// -------------------------------------------------------------------------
// ----------------------------------------------
// Initialize variables
// ----------------------------------------------
$list["directories"] = array();
$list["files"] = array();
$list["symlinks"] = array();
$list["unrecognized"] = array();
$directory_index = 1;
$file_index = 1;
$symlink_index = 1;
$unrecognized_index = 1;
$list["stats"]["directories"]["total_number"] = 0;
$list["stats"]["directories"]["total_size"] = 0;
$list["stats"]["directories"]["total_skipped"] = 0;
$list["stats"]["files"]["total_number"] = 0;
$list["stats"]["files"]["total_size"] = 0;
$list["stats"]["files"]["total_skipped"] = 0;
$list["stats"]["symlinks"]["total_number"] = 0;
$list["stats"]["symlinks"]["total_size"] = 0;
$list["stats"]["symlinks"]["total_skipped"] = 0;
$list["stats"]["unrecognized"]["total_number"] = 0;
$list["stats"]["unrecognized"]["total_size"] = 0;
$list["stats"]["unrecognized"]["total_skipped"] = 0;
// ----------------------------------------------
// Loop over the raw list lines
// ----------------------------------------------
$nr_entries_banned_keyword = 0;
$nr_entries_too_big = 0;
for ($i = 0; $i < sizeof($rawlist); $i++) {
// ----------------------------------------------
// Scan each line
// ----------------------------------------------
$listline = ftp_scanline($directory, $rawlist[$i]);
// If $listline is empty (e.g. if it contained ".."), continue to the next line
if ($listline == "") {
continue;
}
// Encode the name for HTML and Javascript
if (isset($listline["dirfilename"])) {
$listline["dirfilename_html"] = htmlEncode2($listline["dirfilename"]);
$listline["dirfilename_url"] = urlEncode2($listline["dirfilename"]);
$listline["dirfilename_js"] = javascriptEncode2($listline["dirfilename"]);
}
// Check if the filename contains a forbidden keyword
// If it does, then this line will not be selectable on the Browse screen
// Note: even if "selectable" is set to true here, it can still be set to false just below if the filesize is too big
if (checkAuthorizedName($listline["dirfilename"]) == true) {
$listline["selectable"] = "ok";
} else {
$listline["selectable"] = "banned_keyword";
$nr_entries_banned_keyword++;
}
// Check if the filesize is bigger than the maximum authorized filesize
if ($listline["dirorfile"] == "-" && isset($listline["size"]) && is_numeric($listline["size"])) {
if ($listline["selectable"] == "ok" && $listline["size"] > $net2ftp_settings["max_filesize"]) {
$listline["selectable"] = "too_big";
$nr_entries_too_big++;
}
}
// Form the new directory filename and encode it too
if ($listline["dirorfile"] == "d") {
$listline["newdir"] = glueDirectories($directory, $listline["dirfilename"]);
$listline["newdir_html"] = htmlEncode2($listline["newdir"]);
$listline["newdir_url"] = urlEncode2($listline["newdir"]);
$listline["newdir_js"] = javascriptEncode2($listline["newdir"]);
}
// ----------------------------------------------
// Depending on if the line contained a directory/file/symlink/unrecognized
// row, store the result in different variables
// ----------------------------------------------
if ($listline["dirorfile"] == "d") {
$list["directories"][$directory_index] = $listline;
$directory_index++;
if (isset($listline["size"]) && is_numeric($listline["size"])) {
$list["stats"]["directories"]["total_size"] = $list["stats"]["directories"]["total_size"] + $listline["size"];
} else {
$list["stats"]["directories"]["total_skipped"] = $list["stats"]["directories"]["total_skipped"] + 1;
}
} elseif ($listline["dirorfile"] == "-") {
$list["files"][$file_index] = $listline;
$file_index++;
if (isset($listline["size"]) && is_numeric($listline["size"])) {
$list["stats"]["files"]["total_size"] = $list["stats"]["files"]["total_size"] + $listline["size"];
} else {
$list["stats"]["files"]["total_skipped"] = $list["stats"]["files"]["total_skipped"] + 1;
}
} elseif ($listline["dirorfile"] == "l") {
$list["symlinks"][$symlink_index] = $listline;
$symlink_index++;
} elseif ($listline["dirorfile"] == "u") {
$list["unrecognized"][$unrecognized_index] = $listline;
$unrecognized_index++;
}
// end elseif
}
// end for
// Print a warning message if some directories, files or symlinks contain a banned keyword or if a file is
// too big to be downloaded
if ($nr_entries_banned_keyword > 0) {
$warnings .= __("Entries which contain banned keywords can't be managed using net2ftp. This is to avoid Paypal or Ebay scams from being uploaded through net2ftp.");
$warnings .= "<br />\n";
}
if ($nr_entries_too_big > 0) {
$warnings .= __("Files which are too big can't be downloaded, uploaded, copied, moved, searched, zipped, unzipped, viewed or edited; they can only be renamed, chmodded or deleted.");
$warnings .= "<br />\n";
}
// Store the warnings and new directory in $list["stats"]
if (isset($warnings) == true) {
$list["stats"]["warnings"] = $warnings;
} else {
$list["stats"]["warnings"] = "";
}
$list["stats"]["newdirectory"] = $directory;
// Store the statistics
$list["stats"]["directories"]["total_size_formated"] = formatFilesize($list["stats"]["directories"]["total_size"]);
$list["stats"]["files"]["total_size_formated"] = formatFilesize($list["stats"]["files"]["total_size"]);
$list["stats"]["directories"]["total_number"] = $directory_index - 1;
$list["stats"]["files"]["total_number"] = $file_index - 1;
$list["stats"]["symlinks"]["total_number"] = $symlink_index - 1;
$list["stats"]["unrecognized"]["total_number"] = $unrecognized_index - 1;
// Put everything together in $list["all"]
$list["all"] = $list["directories"] + $list["files"] + $list["symlinks"] + $list["unrecognized"];
// -------------------------------------------------------------------------
// Step 4 - Return the result
// -------------------------------------------------------------------------
return $list;
// -------------------------------------------------------------------------
// Some documentation:
// 1 - Some FTP servers return a total on the first line
// 2 - Some FTP servers return . and .. in their list of directories
// ftp_scanline does not return those entries.
// -------------------------------------------------------------------------
// 1 - After doing some tests on different public FTP servers, it appears that
// they reply differently to the ftp_rawlist request:
// - some FTP servers, like ftp.belnet.be, start with a line summarizing how
// many subdirectories and files there are in the current directory. The
// real list of subdirectories and files starts on the second line.
// [0] => total 15
// [1] => drwxr-xr-x 11 BELNET Archive 512 Feb 6 2000 BELNET
// [2] => drwxr-xr-x 2 BELNET Archive 512 Oct 29 2001 FVD-SFI
// - some other FTP servers, like ftp.redhat.com/pub, start directly with the
// list of subdirectories and files.
// [0] => drwxr-xr-x 9 ftp ftp 4096 Jan 11 06:34 contrib
// [1] => drwxr-xr-x 13 ftp ftp 4096 Jan 29 21:59 redhat
// [2] => drwxrwsr-x 6 ftp ftp 4096 Jun 05 2002 up2date
// 2 - Some FTP servers return "." and ".." as directories. These fake entries
// have to be eliminated!
// They would cause infinite loops in the copy/move/delete functions.
// [0] => drwxr-xr-x 5 80 www 512 Apr 10 09:39 .
// [1] => drwxr-xr-x 16 80 www 512 Apr 9 08:51 ..
// [2] => -rw-r--r-- 1 80 www 5647 Apr 9 08:12 _CHANGES_v0.5
// [3] => -rw-r--r-- 1 80 www 1239 Apr 9 08:12 _CREDITS_v0.5
}