/**
*
* get and post actions (router)
*
*/
public function actions()
{
// no read permissions?
if (!gator::checkPermissions('r')) {
gator::writeLog('auth bad - no read access');
gator::error(lang::get("Access Forbidden"));
die;
}
// POST actions
if (isset($_POST['action'])) {
$action = $_POST['action'];
unset($_POST['action']);
// actions with read & write permissions
if (gator::checkPermissions('rw')) {
switch ($action) {
case 'delete':
foreach ($_POST as $post_file) {
if (in_array($post_file, gatorconf::get('restricted_files'))) {
continue;
}
$files[] = $this->filterInput($this->decrypt($post_file));
}
$this->deleteFiles($files, $_SESSION['cwd']);
break;
case 'rename':
if (gatorconf::get('allow_rename_files') == false || !isset($_POST['oldname']) || !isset($_POST['newname'])) {
break;
}
$oldname = $this->filterInput($this->decrypt($_POST['oldname']));
$newname = $this->filterInput($_POST['newname']);
if (in_array($oldname, gatorconf::get('restricted_files')) || in_array($newname, gatorconf::get('restricted_files'))) {
break;
}
$this->renameFile($oldname, $newname);
break;
case 'edit-save':
if (gatorconf::get('allow_edit_files') == false || !isset($_POST['filename'])) {
break;
}
$filename = $this->filterInput($this->decrypt($_POST['filename']));
$content = $_POST['content'];
if (in_array($filename, gatorconf::get('restricted_files'))) {
break;
}
file_put_contents($_SESSION['cwd'] . DS . $filename, $content);
gator::writeLog('edit file / save - ' . $filename);
break;
case 'zip':
if (!isset($_POST['archivename'])) {
break;
}
$archive_name = $this->filterInput($_POST['archivename']);
unset($_POST['archivename']);
foreach ($_POST as $post_file) {
$files[] = $this->filterInput($this->decrypt($post_file));
}
$this->zipFiles($files, $archive_name);
break;
case 'unzip':
if (!isset($_POST['filename'])) {
break;
}
$filename = $this->filterInput($this->decrypt($_POST['filename']));
$this->unzipFile($filename);
break;
case 'copy':
foreach ($_POST as $post_file) {
$files[] = $this->filterInput($this->decrypt($post_file));
}
$this->pushToBuffer($files, 'copy');
break;
case 'cut':
foreach ($_POST as $post_file) {
$files[] = $this->filterInput($this->decrypt($post_file));
}
$this->pushToBuffer($files, 'cut');
break;
case 'paste':
$this->pasteFromBuffer();
break;
case 'simple-copy':
case 'simple-move':
// link to home dir is blank
if (!isset($_POST['destination'])) {
$_POST['destination'] = '';
}
$destination = $this->filterInput($this->decrypt($_POST['destination']), false);
$destination = rawurldecode($destination);
unset($_POST['destination']);
foreach ($_POST as $post_file) {
$files[] = $this->filterInput($this->decrypt($post_file));
}
if ($action == 'simple-copy') {
$this->copyFiles($files, $_SESSION['cwd'], gatorconf::get('repository') . DS . $destination);
}
if ($action == 'simple-move') {
$this->moveFiles($files, $_SESSION['cwd'], gatorconf::get('repository') . DS . $destination);
}
break;
default:
break;
}
}
// actions with read only permissions
if (gator::checkPermissions('r')) {
switch ($action) {
case 'email':
if (gatorconf::get('allow_email_links') != true || !isset($_POST['filelink']) || !isset($_POST['email'])) {
break;
}
$to = $_POST['email'];
$subject = gatorconf::get('mail_link_subject');
$link = filter_var($_POST['filelink'], FILTER_SANITIZE_STRING);
$body = filter_var($_POST['email_content'], FILTER_SANITIZE_STRING);
if (gatorconf::get('use_googl_shorturl')) {
$link = $this->shortUrl($link);
}
$body .= "\n\n" . $link;
$this->sendEmail($to, $subject, $body);
break;
}
}
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
}
//
// GET actions
//
// download file
if (isset($_GET['download']) && !empty($_GET['download'])) {
$filename = $this->filterInput($this->decrypt($_GET['download']));
if (in_array($filename, gatorconf::get('restricted_files'))) {
die;
}
if (!file_exists($_SESSION['cwd'] . DS . $filename)) {
die;
}
// Set headers
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"{$filename}\"");
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
// output file
set_time_limit(0);
$file = @fopen($_SESSION['cwd'] . DS . $filename, "rb");
while (!feof($file)) {
print @fread($file, 1024 * 8);
ob_flush();
flush();
}
gator::writeLog('download - ' . $filename);
die;
}
// edit action - load file content via this ajax
if (isset($_GET['edit-load']) && gator::checkPermissions('rw') && gatorconf::get('allow_edit_files') == true) {
$filename = $this->filterInput($this->decrypt($_GET['edit-load']));
if (in_array($filename, gatorconf::get('restricted_files'))) {
die;
}
if (!file_exists($_SESSION['cwd'] . DS . $filename)) {
die;
}
echo file_get_contents($_SESSION['cwd'] . DS . $filename);
gator::writeLog('edit file / load - ' . $filename);
die;
}
// new folder / new file
if ((isset($_GET['newdir']) || isset($_GET['newfile'])) && gator::checkPermissions('rw')) {
$newdir = $newfile = '';
if (isset($_GET['newdir']) && $_GET['newdir'] != '') {
$newdir = $this->filterInput($_GET['newdir']);
if (!in_array($newdir, gatorconf::get('restricted_files'))) {
mkdir($_SESSION['cwd'] . DS . $newdir, gatorconf::get('new_dir_mode'));
}
} elseif (isset($_GET['newfile']) && $_GET['newfile'] != '') {
$newfile = $this->filterInput($_GET['newfile']);
if (!in_array($newfile, gatorconf::get('restricted_files'))) {
touch($_SESSION['cwd'] . DS . $newfile);
}
}
gator::writeLog('create new - ' . $newdir . $newfile);
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
}
// sorting
if (isset($_GET['sortby']) || isset($_GET['sortinvert'])) {
if (isset($_GET['sortby'])) {
$_SESSION['sort']['by'] = $this->filterInput($_GET['sortby']);
$_SESSION['sort']['order'] = 1;
} elseif (isset($_GET['sortinvert'])) {
$_SESSION['sort']['order'] *= -1;
}
gator::writeLog('sort order ' . $_SESSION['sort']['by']);
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
} elseif (!isset($_SESSION['sort']['by'])) {
$_SESSION['sort']['by'] = 'name';
$_SESSION['sort']['order'] = 1;
}
// directory tree - ajax load
if (isset($_GET['tree']) || !empty($_GET['tree'])) {
$tree_action = $this->filterInput($_GET['tree']);
$dirs = '';
if ($tree_action == 'cd') {
$dirs = $this->getDirectoryTree(gatorconf::get('repository'), false, '?cd=');
}
if ($tree_action == 'copy' || $tree_action == 'move') {
$dirs = $this->getDirectoryTree(gatorconf::get('repository'), true, '');
}
echo $dirs;
gator::writeLog('tree load');
die;
}
// change password
if (gatorconf::get('allow_change_password') && isset($_POST['changepassword']) && !empty($_POST['changepassword'])) {
$new_password = rawurldecode($_POST['changepassword']);
gator::updateUser($_SESSION['simple_auth']['username'], array('password' => $new_password));
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
}
return;
}
<div class="bottom-actions">
<?php
if (gator::checkPermissions('rw')) {
?>
<button type="button" class="nice radius button select-button"><?php
echo lang::get("Select All");
?>
</button>
<div class="selection-buttons">
<?php
if (gatorconf::get('simple_copy_move')) {
?>
<button type="button" class="nice secondary radius button simple-copy-selected"><?php
echo lang::get("Copy");
?>
</button>
<button type="button" class="nice secondary radius button simple-move-selected"><?php
echo lang::get("Move");
?>
</button>
<?php
} else {
?>
<button type="button" class="nice secondary radius button cut-selected"><?php
echo lang::get("Cut");
?>
</button>
<button type="button" class="nice secondary radius button copy-selected"><?php
echo lang::get("Copy");
?>
