public static function decodeCssId($id)
{
return SimpleCrypt::decrypt($id);
}
function json_root($path = null)
{
$cryt = new SimpleCrypt();
$mounted_path_decrypted = $cryt->decrypt(base64_decode($_GET["mounted-path"]));
$source_path = $_GET["browse-tree"];
$mountedpath = $_GET["mounted-path"];
$path_requested = $_POST["dir"];
$path_requested = str_replace('//', '/', $path_requested);
$tpl = new templates();
$settings = $tpl->_ENGINE_parse_body('{settings}');
$directory = $tpl->_ENGINE_parse_body('{directory}');
writelogs("Requested {$path_requested} ({$source_path} on {$mounted_path_decrypted}))", __FUNCTION__, __FILE__);
$array = DirCaches($source_path, $mounted_path_decrypted);
$page = CurrentPageName();
if ($path_requested != $source_path) {
writelogs("{$path_requested}<>{$source_path}", __FUNCTION__, __FILE__);
if (substr($path_requested, strlen($path_requested) - 1, 1) == '/') {
writelogs("strip slash of {$path_requested}", __FUNCTION__, __FILE__);
$path_requested = substr($path_requested, 0, strlen($path_requested) - 1);
}
$path_requested = str_replace($source_path, '', $path_requested);
if (substr($path_requested, 0, 1) == '/') {
$path_requested = substr($path_requested, 1, strlen($path_requested));
}
writelogs("path_requested={$path_requested}", __FUNCTION__, __FILE__);
writelogs("DirSubCaches({$source_path},{$path_requested},{$mounted_path_decrypted})", __FUNCTION__, __FILE__);
$path = DirSubCaches($source_path, $path_requested, $mounted_path_decrypted);
} else {
if (is_array($array)) {
while (list($num, $line) = each($array)) {
$path_array = explode('/', $num);
$path[$path_array[0]] = $path_array[0];
}
$newpath = "P:";
}
}
if (!is_array($path)) {
return null;
}
echo "<ul class=\"jqueryFileTree\" style=\"display: none;\">";
echo "<li class=\"file ext_settings\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir']) . "\">" . htmlentities("{$directory} " . basename($_POST['dir']) . " - {$settings}") . "</a></li>";
while (list($num, $val) = each($path)) {
if (trim($val) != null) {
writelogs($val);
echo "<li class=\"directory collapsed\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir'] . '/' . $val) . "/\">" . htmlentities($val) . "</a></li>";
}
}
if (!is_array($arr)) {
return null;
}
$res = implode("\n", $arr);
if (substr($res, strlen($res) - 1, 1) == ',') {
$res = substr($res, 0, strlen($res) - 1);
}
}
function download_file()
{
$ldap = new clladp();
$cr = new SimpleCrypt($ldap->ldap_password);
$path = $cr->decrypt(base64_decode($_GET["download-file"]));
$file = basename($path);
$sock = new sockets();
$datas = base64_decode($sock->getFrameWork("cmd.php?file-content=" . base64_encode($path)));
$content_type = base64_decode($sock->getFrameWork("cmd.php?mime-type=" . base64_encode($path)));
header('Content-Type: ' . $content_type);
header("Content-Disposition: inline; filename=\"{$file}\"");
echo $datas;
}
function dowloadfile(){
if(!isset($_GET["xapian-file"])){return;}
if(($_COOKIE["uid"]==null) OR ($_COOKIE["uid"]==-100)){
$ldap=new clladp();
$pass=$ldap->ldap_password;
}else{
$ct=new user($_COOKIE["uid"]);
$pass=$ct->password;
}
$cr=new SimpleCrypt($pass);
$crypted=base64_decode($_GET["xapian-file"]);
$path=$cr->decrypt(base64_decode($_GET["xapian-file"]));
writelogs("Receive crypted file: $path ",__FUNCTION__,__FILE__,__LINE__);
if(!is_file($path)){die();}
if(strpos($path,'..')>0){die('HACK: ..');}
$file=basename($path);
$sock=new sockets();
$content_type=base64_decode($sock->getFrameWork("cmd.php?mime-type=".base64_encode($path)));
header('Content-type: '.$content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"$file\"");
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date dans le passé
$fsize = filesize($path);
header("Content-Length: ".$fsize);
ob_clean();
flush();
readfile($path);
}
<?php
include_once 'ressources/class.sockets.inc';
include_once 'ressources/logs.inc';
include_once 'ressources/class.crypt.php';
include_once 'ressources/class.user.inc';
if (isset($_GET["path"])) {
$sock = new sockets();
if (strpos($_GET["path"], '..') > 0) {
die('HACK: ..');
}
$path = "{$_GET["org"]}/{$_GET["path"]}";
$sock->download_attach($path, $_GET["file"]);
}
if (isset($_GET["xapian-file"])) {
if ($_SESSION["uid"] == null) {
die;
}
$ct = new user($_SESSION["uid"]);
$crypt = new SimpleCrypt($ct->password);
$sock = new sockets();
$sock->download_srvfile($crypt->decrypt($_GET["xapian-file"]));
}
ob_clean();
flush();
readfile($path);
//$sock->download_attach($path,$_GET["file"]);
}
if (isset($_GET["xapian-file"])) {
if ($_SESSION["uid"] == null or $_SESSION["uid"] == -100) {
$ldap = new clladp();
$pass = $ldap->ldap_password;
} else {
$ct = new user($_SESSION["uid"]);
$pass = $ct->password;
}
$cr = new SimpleCrypt($pass);
$crypted = base64_decode($_GET["xapian-file"]);
$path = $cr->decrypt(base64_decode($_GET["xapian-file"]));
writelogs("Receive crypted file: {$path} ", __FUNCTION__, __FILE__, __LINE__);
if (!is_file($path)) {
die;
}
if (strpos($path, '..') > 0) {
die('HACK: ..');
}
$file = basename($path);
$sock = new sockets();
$content_type = base64_decode($sock->getFrameWork("cmd.php?mime-type=" . base64_encode($path)));
header('Content-type: ' . $content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"{$file}\"");
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
function download_file(){
$ldap=new clladp();
$cr=new SimpleCrypt($ldap->ldap_password);
$path=$cr->decrypt(base64_decode($_GET["download-file"]));
$file=basename($path);
$sock=new sockets();
$content_type=base64_decode($sock->getFrameWork("cmd.php?mime-type=".urlencode(base64_encode($path))));
header('Content-type: '.$content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"$file\"");
header("Pragma: public");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date dans le passé
$fsize = filesize($path);
header("Content-Length: ".$fsize);
ob_clean();
flush();
readfile($path);
}