/** * * get and post actions (router) * */ public function actions() { // no read permissions? if (!gator::checkPermissions('r')) { gator::writeLog('auth bad - no read access'); gator::error(lang::get("Access Forbidden")); die; } // POST actions if (isset($_POST['action'])) { $action = $_POST['action']; unset($_POST['action']); // actions with read & write permissions if (gator::checkPermissions('rw')) { switch ($action) { case 'delete': foreach ($_POST as $post_file) { if (in_array($post_file, gatorconf::get('restricted_files'))) { continue; } $files[] = $this->filterInput($this->decrypt($post_file)); } $this->deleteFiles($files, $_SESSION['cwd']); break; case 'rename': if (gatorconf::get('allow_rename_files') == false || !isset($_POST['oldname']) || !isset($_POST['newname'])) { break; } $oldname = $this->filterInput($this->decrypt($_POST['oldname'])); $newname = $this->filterInput($_POST['newname']); if (in_array($oldname, gatorconf::get('restricted_files')) || in_array($newname, gatorconf::get('restricted_files'))) { break; } $this->renameFile($oldname, $newname); break; case 'edit-save': if (gatorconf::get('allow_edit_files') == false || !isset($_POST['filename'])) { break; } $filename = $this->filterInput($this->decrypt($_POST['filename'])); $content = $_POST['content']; if (in_array($filename, gatorconf::get('restricted_files'))) { break; } file_put_contents($_SESSION['cwd'] . DS . $filename, $content); gator::writeLog('edit file / save - ' . $filename); break; case 'zip': if (!isset($_POST['archivename'])) { break; } $archive_name = $this->filterInput($_POST['archivename']); unset($_POST['archivename']); foreach ($_POST as $post_file) { $files[] = $this->filterInput($this->decrypt($post_file)); } $this->zipFiles($files, $archive_name); break; case 'unzip': if (!isset($_POST['filename'])) { break; } $filename = $this->filterInput($this->decrypt($_POST['filename'])); $this->unzipFile($filename); break; case 'copy': foreach ($_POST as $post_file) { $files[] = $this->filterInput($this->decrypt($post_file)); } $this->pushToBuffer($files, 'copy'); break; case 'cut': foreach ($_POST as $post_file) { $files[] = $this->filterInput($this->decrypt($post_file)); } $this->pushToBuffer($files, 'cut'); break; case 'paste': $this->pasteFromBuffer(); break; case 'simple-copy': case 'simple-move': // link to home dir is blank if (!isset($_POST['destination'])) { $_POST['destination'] = ''; } $destination = $this->filterInput($this->decrypt($_POST['destination']), false); $destination = rawurldecode($destination); unset($_POST['destination']); foreach ($_POST as $post_file) { $files[] = $this->filterInput($this->decrypt($post_file)); } if ($action == 'simple-copy') { $this->copyFiles($files, $_SESSION['cwd'], gatorconf::get('repository') . DS . $destination); } if ($action == 'simple-move') { $this->moveFiles($files, $_SESSION['cwd'], gatorconf::get('repository') . DS . $destination); } break; default: break; } } // actions with read only permissions if (gator::checkPermissions('r')) { switch ($action) { case 'email': if (gatorconf::get('allow_email_links') != true || !isset($_POST['filelink']) || !isset($_POST['email'])) { break; } $to = $_POST['email']; $subject = gatorconf::get('mail_link_subject'); $link = filter_var($_POST['filelink'], FILTER_SANITIZE_STRING); $body = filter_var($_POST['email_content'], FILTER_SANITIZE_STRING); if (gatorconf::get('use_googl_shorturl')) { $link = $this->shortUrl($link); } $body .= "\n\n" . $link; $this->sendEmail($to, $subject, $body); break; } } // flush url header('Location: ' . gatorconf::get('base_url')); die; } // // GET actions // // download file if (isset($_GET['download']) && !empty($_GET['download'])) { $filename = $this->filterInput($this->decrypt($_GET['download'])); if (in_array($filename, gatorconf::get('restricted_files'))) { die; } if (!file_exists($_SESSION['cwd'] . DS . $filename)) { die; } // Set headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"{$filename}\""); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); // output file set_time_limit(0); $file = @fopen($_SESSION['cwd'] . DS . $filename, "rb"); while (!feof($file)) { print @fread($file, 1024 * 8); ob_flush(); flush(); } gator::writeLog('download - ' . $filename); die; } // edit action - load file content via this ajax if (isset($_GET['edit-load']) && gator::checkPermissions('rw') && gatorconf::get('allow_edit_files') == true) { $filename = $this->filterInput($this->decrypt($_GET['edit-load'])); if (in_array($filename, gatorconf::get('restricted_files'))) { die; } if (!file_exists($_SESSION['cwd'] . DS . $filename)) { die; } echo file_get_contents($_SESSION['cwd'] . DS . $filename); gator::writeLog('edit file / load - ' . $filename); die; } // new folder / new file if ((isset($_GET['newdir']) || isset($_GET['newfile'])) && gator::checkPermissions('rw')) { $newdir = $newfile = ''; if (isset($_GET['newdir']) && $_GET['newdir'] != '') { $newdir = $this->filterInput($_GET['newdir']); if (!in_array($newdir, gatorconf::get('restricted_files'))) { mkdir($_SESSION['cwd'] . DS . $newdir, gatorconf::get('new_dir_mode')); } } elseif (isset($_GET['newfile']) && $_GET['newfile'] != '') { $newfile = $this->filterInput($_GET['newfile']); if (!in_array($newfile, gatorconf::get('restricted_files'))) { touch($_SESSION['cwd'] . DS . $newfile); } } gator::writeLog('create new - ' . $newdir . $newfile); // flush url header('Location: ' . gatorconf::get('base_url')); die; } // sorting if (isset($_GET['sortby']) || isset($_GET['sortinvert'])) { if (isset($_GET['sortby'])) { $_SESSION['sort']['by'] = $this->filterInput($_GET['sortby']); $_SESSION['sort']['order'] = 1; } elseif (isset($_GET['sortinvert'])) { $_SESSION['sort']['order'] *= -1; } gator::writeLog('sort order ' . $_SESSION['sort']['by']); // flush url header('Location: ' . gatorconf::get('base_url')); die; } elseif (!isset($_SESSION['sort']['by'])) { $_SESSION['sort']['by'] = 'name'; $_SESSION['sort']['order'] = 1; } // directory tree - ajax load if (isset($_GET['tree']) || !empty($_GET['tree'])) { $tree_action = $this->filterInput($_GET['tree']); $dirs = ''; if ($tree_action == 'cd') { $dirs = $this->getDirectoryTree(gatorconf::get('repository'), false, '?cd='); } if ($tree_action == 'copy' || $tree_action == 'move') { $dirs = $this->getDirectoryTree(gatorconf::get('repository'), true, ''); } echo $dirs; gator::writeLog('tree load'); die; } // change password if (gatorconf::get('allow_change_password') && isset($_POST['changepassword']) && !empty($_POST['changepassword'])) { $new_password = rawurldecode($_POST['changepassword']); gator::updateUser($_SESSION['simple_auth']['username'], array('password' => $new_password)); // flush url header('Location: ' . gatorconf::get('base_url')); die; } return; }
<div class="bottom-actions"> <?php if (gator::checkPermissions('rw')) { ?> <button type="button" class="nice radius button select-button"><?php echo lang::get("Select All"); ?> </button> <div class="selection-buttons"> <?php if (gatorconf::get('simple_copy_move')) { ?> <button type="button" class="nice secondary radius button simple-copy-selected"><?php echo lang::get("Copy"); ?> </button> <button type="button" class="nice secondary radius button simple-move-selected"><?php echo lang::get("Move"); ?> </button> <?php } else { ?> <button type="button" class="nice secondary radius button cut-selected"><?php echo lang::get("Cut"); ?> </button> <button type="button" class="nice secondary radius button copy-selected"><?php echo lang::get("Copy"); ?>