} elseif (isset($_REQUEST['viewmodev'])) {
$viewmode = false;
} else {
// default visual mode
$viewmode = false;
}
// select current dir
if (isset($_REQUEST['d'])) {
$dir = urldecode($_REQUEST['d']);
} elseif (isset($_REQUEST['dir'])) {
$dir = $_REQUEST['dir'];
} else {
$dir = $usr_dir;
}
// get the authorized dirs
$authdirs = F_getAuthorizedDirs();
// check if the user is authorized to use this directory
if (!F_isAuthorizedDir($dir, $root_dir, $authdirs)) {
$dir = $root_dir;
}
// select file
if (isset($_REQUEST['f'])) {
$file = urldecode($_REQUEST['f']);
} elseif (isset($_REQUEST['file'])) {
$file = $_REQUEST['file'];
} else {
$file = '';
}
// check if the user is authorized to use this file
if (!F_isAuthorizedDir($file . '/', $root_dir, $authdirs)) {
$file = '';
/**
* Returns true if the user is authorized to use the specified directory, false otherwise.
* @param $dir (string) the directory to check.
* @param $rootdir (string) the user root dir.
* @param $authdirs (string) regular expression containing the authorized dirs.
* @return true if the user is authorized to use the specified directory, false otherwise.
*/
function F_isAuthorizedDir($dir, $rootdir, $authdirs = '')
{
require_once '../config/tce_config.php';
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
return true;
}
if (empty($authdirs)) {
$authdirs = F_getAuthorizedDirs();
}
if (preg_match('#^' . $rootdir . '(' . $authdirs . ')/#', $dir) > 0) {
return true;
}
return false;
}
