/** * An augmented scandir() which will ensure any Aliases are included in the relevant * directory scans; this makes the Aliases behave very similarly to actual directories. */ public function scandir($dir, $filemask, $see_thumbnail_dir, $glob_flags_or, $glob_flags_and) { $dir = self::enforceTrailingSlash($dir); // collect the real items first: $coll = parent::scandir($dir, $filemask, $see_thumbnail_dir, $glob_flags_or, $glob_flags_and); FM_vardumper($this, 'scandir4Alias', $coll); if ($coll === false) { return $coll; } $flags = GLOB_NODOTS | GLOB_NOHIDDEN | GLOB_NOSORT; $flags &= $glob_flags_and; $flags |= $glob_flags_or; // make sure we keep the guarantee that the '..' entry, when present, is the very last one, intact: $doubledot = array_pop($coll['dirs']); if ($doubledot !== null && $doubledot !== '..') { $coll['dirs'][] = $doubledot; $doubledot = null; } // we must check against thumbnail path again, as it MAY be an alias, itself! $tndir = null; if (!$see_thumbnail_dir) { $tn_uri = $this->options['thumbnailPath']; $tnpath = $this->url_path2file_path($tn_uri); //if (FileManagerUtility::startswith($dir, $tnpath)) // return false; $tnparent = self::getParentDir($tnpath); $just_below_thumbnail_dir = FileManagerUtility::startswith($dir, $tnparent); if ($just_below_thumbnail_dir) { $tndir = basename(substr($tn_uri, 0, -1)); } } // now see if we need to add any aliases as elements: if (isset($this->scandir_alias_lu_arr) && !empty($this->scandir_alias_lu_arr[$dir])) { $a_base = $this->scandir_alias_lu_arr[$dir]; $d = $coll['dirs']; $f = $coll['files']; foreach ($a_base[false] as $a_elem) { if (!in_array($a_elem, $d, true) && $tndir !== $a_elem && (!($flags & GLOB_NOHIDDEN) || $a_elem[0] != '.')) { //$coll['special_indir_mappings'][1][] = array_push($coll['dirs'], $a_elem) - 1; $coll['dirs'][] = $a_elem; } } foreach ($a_base[true] as $a_elem) { if (!in_array($a_elem, $f, true) && (!($flags & GLOB_NOHIDDEN) || $a_elem[0] != '.')) { //$coll['special_indir_mappings'][0][] = array_push($coll['files'], $a_elem) - 1; $coll['files'][] = $a_elem; } } } // make sure we keep the guarantee that the '..' entry, when present, is the very last one, intact: if ($doubledot !== null) { $coll['dirs'][] = $doubledot; } return $coll; }
</script> </head> <body> <div id="content" class="content"> <div class="go_home"> <a href="index.php" title="Go to the Demo index page"><img src="home_16x16.png"> </a> </div> <h1>FileManager Backend Tests</h1> <h2>Basic PHP tests</h2> <pre> <?php var_dump(gd_info()); // log request data: FM_vardumper(null, 'testFM' . (!empty($_GET['event']) ? '-' . $_GET['event'] : null)); if (01) { $re_extra = '-_., []()~!@+'; $trim_extra = '-_,~@+#&'; echo "pagetitle(str, NULL, '{$re_extra}', '{$trim_extra}'): regex to filter file & dirnames before they are created:\n"; // ASCII range for ($i = 0; $i < 8; $i++) { $msg = ''; $str = ''; for ($j = 0; $j < 16; $j++) { $c = $i * 16 + $j; switch ($c) { case 9: $msg .= "(TAB)"; break; case 13:
function FM_IsAuthorized($mgr, $action, &$info) { // Start session, if not already started session_name('alt_session_name'); session_start_ex(); //$settings = $mgr->getSettings(); //$mimetdefs = $mgr->getMimeTypeDefinitions(); // log request data: FM_vardumper($mgr, $action, $info); // when the session, started in the demo entry pages, doesn't exist or is not valid, we do not allow ANYTHING any more: if (empty($_SESSION)) { session_write_close(); throw new FileManagerException('authorized: The session is non-existent.'); return false; } if (empty($_SESSION['FileManager']) || $_SESSION['FileManager'] !== 'DemoMagick') { session_write_close(); throw new FileManagerException('authorized: The session is illegal, as it does not contain the mandatory magic value set up by the demo entry pages.'); return false; } /* * authenticate / authorize: * this sample is a bogus authorization, but you can perform simple to highly * sophisticated authentications / authorizations here, e.g. even ones which also check permissions * related to what is being uploaded right now (different permissions required for file mimetypes, * e.g. images: any authorized user; while other file types which are more susceptible to carrying * illicit payloads requiring at least 'power/trusted user' permissions, ...) */ $rv = false; switch ($action) { case 'upload': /* * Note that the TinyMCE demo currently has this sestting set to 'NO' to simulate an UNauthorized user, for the sake of the demo. */ $rv = $_SESSION['UploadAuth'] == 'yes'; break; case 'download': $rv = true; break; case 'create': // create directory // create directory case 'destroy': case 'move': // move or copy! // move or copy! case 'view': $rv = true; break; case 'detail': /* * For the demo, we deny generation of thumbnails for images in a certain size range: 500KB - 2MB, jpeg only. * * To showcase the nasty/cool (depending on your disposition) things you can do in this callback, we * force the thumbnail to become a thumbnail of the 'nuke': */ $fsize = @filesize($info['file']); /* * When the thumbnail request is made, the demo will error on * bison-head-with-horns (Ray Rauch, U.S. Fish and Wildlife Service).jpg * fruits-vegetables-milk-and-yogurt (Peggy Greb, U.S. Department of Agriculture).jpg * intentionally with the next bit of code; just to give you an idea what can be done in here. * * you can do a similar thing for any other request and have a good file fail or a bad file recover and succeed, * simply by patching the $info[] items. */ if (SHOW_CUSTOM_CALLBACK_WORK && $info['mime'] == 'image/jpeg' && $fsize >= 180 * 1024 && $fsize <= 200 * 1024) { // force the manager to fetch the 'nuke' icon: $info['filename'] = 'is.default-error'; // and nuke the mimetype to make sure it does go for the icon, always: $info['mime'] = 'icon/icon'; // and act as if we authorized the action. Meanwhile, we just nuked it. } $rv = true; break; default: // unknown operation. Internal server error. $rv = false; break; } // make sure the session is closed (and unlocked) before the bulk of the work is performed: better parallelism server-side. session_write_close(); return $rv; }
function FM_IsAuthorized($mgr, $action, &$info) { //$settings = $mgr->getSettings(); //$mimetdefs = $mgr->getMimeTypeDefinitions(); // log request data: FM_vardumper($mgr, $action, $info); /* * authenticate / authorize: * this sample is a bogus authorization, but you can perform simple to highly * sophisticated authentications / authorizations here, e.g. even ones which also check permissions * related to what is being uploaded right now (different permissions required for file mimetypes, * e.g. images: any authorized user; while other file types which are more susceptible to carrying * illicit payloads requiring at least 'power/trusted user' permissions, ...) */ switch ($action) { case 'upload': /* * $fileinfo = array( * 'dir' => (string) directory where the uploaded file will be stored (filesystem absolute) * 'name' => (string) the filename of the uploaded file (already cleaned and resequenced, without the file name extension * 'extension' => (string) the file name extension (already cleaned as well, including 'safe' mode processing, i.e. any uploaded binary executable will have been assigned the extension '.txt' already) * 'size' => (integer) number of bytes of the uploaded file * 'maxsize' => (integer) the configured maximum number of bytes for any single upload * 'mimes' => NULL or an array of mime types which are permitted to be uploaded. This is a reference to the array produced by $mgr->getAllowedMimeTypes(). * 'ext2mime_map' => an array of (key, value) pairs which can be used to map a file name extension (key) to a mime type (value). This is a reference to the array produced by $mgr->getAllowedMimeTypes(). * 'chmod' => (integer) UNIX access rights (default: 0666) for the directory-to-be-created (RW for user,group,world). Note that the eXecutable bits have already been stripped before the callback was invoked. * ); * * Note that this request originates from a Macromedia Flash client: hence you'll need to use the * $_GET['session'] value to manually set the PHP session_id() before you start your your session * again. (Of course, this assumes you've set up the client side FileManager JS object to pass the * session_id() in this 'session' request parameter. * * In examples provided with mootools_filemanager itself, the value is set to 'MySessionId'. */ if (!empty($_GET['session'])) { return true; } return false; case 'download': /* * $fileinfo = array( * 'file' => (string) full path of the file (filesystem absolute) * ); */ return true; case 'create': // create directory /* * $fileinfo = array( * 'dir' => (string) parent directory: directory where the directory-to-be-created will exist (filesystem absolute) * 'file' => (string) full path of the directory-to-be-created itself (filesystem absolute) * 'chmod' => (integer) UNIX access rights (default: 0777) for the directory-to-be-created (RWX for user,group,world) * ); */ return true; case 'destroy': /* * $fileinfo = array( * 'dir' => (string) directory where the file / directory-to-be-deleted exists (filesystem absolute) * 'file' => (string) the filename (with extension) of the file / directory to be deleted * ); */ return true; case 'move': // move or copy! /* * $fileinfo = array( * 'dir' => (string) directory where the file / directory-to-be-moved/copied exists (filesystem absolute) * 'file' => (string) the filename (with extension) of the file / directory to be moved/copied * 'newdir' => NULL or (string) target directory: full path of directory where the file/directory will be moved/copied to. (filesystem absolute) * 'newname' => NULL or (string) target path: full path of file/directory. This is the file location the file/.directory should be renamed/moved to. (filesystem absolute) * 'rename' => (boolean) TRUE when a file/directory RENAME operation is requested (name change, staying within the same parent directory). FALSE otherwise. * 'is_dir' => (boolean) TRUE when the subject is a directory itself, FALSE when it is a regular file. * 'function' => (string) PHP call which will perform the operation. ('rename' or 'copy') * ); * * on RENAME these path elements will be set: 'dir', 'file' 'newname'; 'rename' = TRUE, 'function' = 'rename' * on MOVE these path elements will be set: 'dir', 'file', 'newdir', 'newname'; 'rename' = TRUE, 'function' = 'rename' * on COPY these path elements will be set: 'dir', 'file' 'newdir', 'newname'; 'rename' = TRUE, 'function' = 'copy' */ return true; default: // unknown operation. Internal server error. return false; } }
define('DEVELOPMENT', 0); // set to 01 / 1 / nonzero value to enable logging of each incoming event request. require 'FM-common.php'; // this one loads the appropriate FileManager AND the support functions used in this demo /* * when you want to pass absolute paths into FileManager, be reminded that ALL paths * (except for the [mimeTypesPath] one!) are paths in URI space, i.e. the 'root' * is assumed to be DocumentRoot. * * Below is a quick example how a physical filesystem path /could/ be transformed * to a URI path -- assumed you don't get buggered by having Aliases apply to this * particular path, in which case you are between a rock and a hard place: then you * MUST specify URI paths instead, this 'trick' being defective. */ $fm_basedir = str_replace(strtr($_SERVER['DOCUMENT_ROOT'], '\\', '/'), '', dirname(strtr(__FILE__, '\\', '/'))) . '/'; /* * Go to FM-common.php to edit the Alias array there to mirror your local situation. * * See also the 'SITE_USES_ALIASES' define and the mkNewFileManager() function in there. * * mkNewFileManager() is just a wrapper used to keep the demo code lean... */ $browser = mkNewFileManager(array('directory' => 'Files/', 'upload' => true, 'destroy' => true, 'create' => true, 'move' => true, 'download' => true, 'allowExtChange' => true)); $event_cmd = !empty($_GET['event']) ? $_GET['event'] : null; // log request data: FM_vardumper($browser, 'init' . $event_cmd); // and process the request: $browser->fireEvent($event_cmd); // Do *NOT* add a <?php ?-> close tag here! Any whitespace after that makes PHP output both a Content-Type: test/html header AND the whitespace as content. // This BREAKS any operation (such as mootools-filemanager::event=thumbnail) which outputs BINARY DATA (in that particular case, PHP spits out an image) // The safest way to prevent ANY PHP file from producing undesirable [whitespace] output is to never add that ?-> close tag.