Exemplo n.º 1
0
require './config.php';
require './util.php';
require './io.php';
require './commands.php';
require './phpcompat.php';
require_once './SafeFN.class.php';
require_once 'input_utils.php';
function SendError($number, $text)
{
    SendUploadResults($number, '', '', $text);
}
// Check if this uploader has been enabled.
if (!$Config['Enabled']) {
    SendUploadResults('1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/connectors/php/config.php" file');
}
$sCommand = 'QuickUpload';
// The file type (from the QueryString, by default 'File').
$sType = input_strval('Type');
if (!$sType) {
    $sType = 'File';
}
$sCurrentFolder = "/";
// Is enabled the upload?
if (!IsAllowedCommand($sCommand)) {
    SendUploadResults('1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed');
}
// Check if it is an allowed type.
if (!IsAllowedType($sType)) {
    SendUploadResults(1, '', '', 'Invalid type specified');
}
FileUpload($sType, $sCurrentFolder, $sCommand);
Exemplo n.º 2
0
function CreateFolder($resourceType, $currentFolder)
{
    global $_FolderClass;
    global $Config;
    if (!isset($_GET)) {
        global $_GET;
    }
    $sErrorNumber = '0';
    $sErrorMsg = '';
    if (!has_permission($currentFolder, $resourceType) || $_FolderClass < 8) {
        if (!has_open_access()) {
            $sErrorNumber = 103;
            echo '<Error number="' . $sErrorNumber . '" />';
            return;
        }
    }
    $sNewFolderName = input_strval('NewFolderName');
    if (isset($sNewFolderName)) {
        $sess_id = session_id();
        if (!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
            session_id($_COOKIE['FCK_NmSp_acl']);
            session_start();
        }
        global $Dwfck_conf_values;
        global $dwfck_conf;
        $dwfck_conf = $_SESSION['dwfck_conf'];
        if (empty($dwfck_conf)) {
            $dwfck_conf['deaccent'] = isset($Dwfck_conf_values['deaccent']) ? $Dwfck_conf_values['deaccent'] : 1;
            $dwfck_conf['useslash'] = isset($Dwfck_conf_values['useslash']) ? $Dwfck_conf_values['useslash'] : 0;
            $dwfck_conf['sepchar'] = isset($Dwfck_conf_values['sepchar']) ? $Dwfck_conf_values['sepchar'] : '_';
        }
        $sNewFolderName = input_strval('NewFolderName');
        $sNewFolderName = str_replace(' ', $dwfck_conf['sepchar'], $sNewFolderName);
        $sNewFolderName = Dwfck_sanitize($sNewFolderName);
        if (strpos($sNewFolderName, '..') !== FALSE) {
            $sErrorNumber = '102';
        } else {
            // Map the virtual path to the local server path of the current folder.
            $sServerDir = ServerMapFolder($resourceType, $currentFolder, 'CreateFolder');
            if ($Dwfck_conf_values['fnencode'] == 'url' || $Config['osWindows'] && !isset($Dwfck_conf_values['fnencode'])) {
                $sServerDir = encode_dir($sServerDir);
            }
            if ($Config['osWindows']) {
                $sServerDir = normalizeWIN($sServerDir);
            }
            if (is_writable($sServerDir)) {
                $sServerDir .= $sNewFolderName;
                $sErrorMsg = CreateServerFolder($sServerDir);
                switch ($sErrorMsg) {
                    case '':
                        $sErrorNumber = '0';
                        break;
                    case 'Invalid argument':
                    case 'No such file or directory':
                        $sErrorNumber = '102';
                        // Path too long.
                        break;
                    default:
                        $sErrorNumber = '110';
                        break;
                }
            } else {
                $sErrorNumber = '103';
            }
        }
    } else {
        $sErrorNumber = '102';
    }
    // Create the "Error" node.
    echo '<Error number="' . $sErrorNumber . '" />';
}
Exemplo n.º 3
0
Arquivo: io.php Projeto: apoxa/ckgedit
function GetCurrentFolder()
{
    $sCurrentFolder = input_strval('CurrentFolder');
    if (!$sCurrentFolder) {
        $sCurrentFolder = '/';
    }
    // Check the current folder syntax (must begin and start with a slash).
    if (!preg_match('|/$|', $sCurrentFolder)) {
        $sCurrentFolder .= '/';
    }
    if (strpos($sCurrentFolder, '/') !== 0) {
        $sCurrentFolder = '/' . $sCurrentFolder;
    }
    // Ensure the folder path has no double-slashes
    while (strpos($sCurrentFolder, '//') !== false) {
        $sCurrentFolder = str_replace('//', '/', $sCurrentFolder);
    }
    // Check for invalid folder paths (..)
    // if ( $sCurrentFolder == '..' ) SendError( 102, '' ) ;
    if (preg_match(",(/\\.)|(//)|(\\\\)|([\\:\\*\\?\"\\<\\>\\|]),", $sCurrentFolder)) {
        SendError(102, '');
    }
    return $sCurrentFolder;
}
Exemplo n.º 4
0
function DoResponse()
{
    if (!isset($_GET)) {
        global $_GET;
    }
    if (!isset($_GET['Command']) || !isset($_GET['Type']) || !isset($_GET['CurrentFolder'])) {
        return;
    }
    // Get the main request informaiton.
    $sCommand = urlencode($_GET['Command']);
    $sResourceType = urlencode($_GET['Type']);
    $sCurrentFolder = GetCurrentFolder();
    // Check if it is an allowed command
    if (!IsAllowedCommand($sCommand)) {
        SendError(1, 'FileBrowserError_Command' . ';;' . $sCommand);
    }
    // Check if it is an allowed type.
    if (!IsAllowedType($sResourceType)) {
        SendError(1, 'FileBrowserError_Type' . ';;' . $sResourceType);
    }
    // File Upload doesn't have to Return XML, so it must be intercepted before anything.
    if ($sCommand == 'FileUpload') {
        FileUpload($sResourceType, $sCurrentFolder, $sCommand);
        return;
    }
    if ($sCommand == 'GetDwfckNs') {
        GetDwfckNs();
        return;
    }
    CreateXmlHeader($sCommand, $sResourceType, $sCurrentFolder);
    // Execute the required command.
    switch ($sCommand) {
        case 'GetFolders':
            GetFolders($sResourceType, $sCurrentFolder);
            break;
        case 'GetFoldersAndFiles':
            GetFoldersAndFiles($sResourceType, $sCurrentFolder);
            break;
        case 'CreateFolder':
            CreateFolder($sResourceType, $sCurrentFolder);
            break;
        case 'UnlinkFile':
            UnlinkFile($sResourceType, $sCurrentFolder, $sCommand, input_strval('file'));
            break;
    }
    CreateXmlFooter();
    exit;
}