if (!defined('SJ_IS_ADMIN')) { header('Location: http://www.google.com'); exit; } require $sjConfig['lib_dir'] . '/model/image.class.php'; $path = trim($_REQUEST['path']); $action = $_REQUEST['action']; $base_work_space = $sjConfig['root']; $path = $base_work_space . $path; $path = rtrim($path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; try { if (!pathIn($path, $base_work_space) || isset($sjConfig['allowed_actions']) && !in_array($action, $sjConfig['allowed_actions'])) { throw new sjException($_SYSTEM['i18n']->__('Access denied')); } $fs = new iFilesystem(); $fm = iFilemanager::create()->setFilesystem($fs->setI18n($_SYSTEM['i18n'])); $files = array(); $has_files = isset($_REQUEST['files']) && is_array($_REQUEST['files']); if ($has_files) { $files = $_REQUEST['files']; // name of files if (isset($_REQUEST['baseDir'])) { $base_dir = trim($_REQUEST['baseDir']); // in the the path have symbol '/' $base_dir = $base_work_space . $base_dir; if (!pathIn($base_dir, $base_work_space)) { throw new sjException($_SYSTEM['i18n']->__('Access denied')); } } else { $base_dir = $path; }
if (!$realpath || $realLength < $rootLength) { // hack attemt $realpath = $sjConfig['root']; $cur_dir = ''; } // %End validate $dirpath try { $page = 1; $limit = $sjConfig['max_files_per_page']; $offset = 0; if (!empty($_REQUEST['page']) && is_numeric($_REQUEST['page']) && $_REQUEST['page'] > 1) { $page = (int) $_REQUEST['page']; $offset = ($page - 1) * $limit + 1; } $fs = new iFilesystem(); $result = $fs->setI18n($_SYSTEM['i18n'])->readDir($realpath, '!r', array('sort' => true, 'offset' => $offset, 'limit' => $limit)); $data = array(); foreach ($result as $file) { $info = $fs->getPathInfo($file); $is_dir = is_dir($file); if ($info['basename'][0] == '.') { $filename = $info['basename']; $extension = ''; } else { $filename = $is_dir ? $info['basename'] : $info['filename']; $extension = !$is_dir && isset($info['extension']) ? $info['extension'] : ''; } $data[] = array('basename' => $info['basename'], 'name' => $filename, 'size' => $is_dir ? '' : $fs->formatSize($file) . 'b', 'modified_at' => $fs->formatDate(filemtime($file)), 'type' => $extension, 'is_dir' => $is_dir, 'mode' => $fs->getMode($file)); } $_RESULT['files'] = array('cur_dir' => $cur_dir ? $cur_dir : '', 'source' => $data); } catch (sjException $e) {
* (c) 2010-2011 Stotskiy Sergiy <*****@*****.**> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ if (!defined('SJ_IS_ADMIN')) { header('Location: http://www.google.com'); exit; } $files = isset($_REQUEST['files']) ? $_REQUEST['files'] : array(); if (!is_array($files)) { $files = array($files); } $rootPath = rtrim($_SERVER['DOCUMENT_ROOT'], DIRECTORY_SEPARATOR); $fs = new iFilesystem(); $fs->setI18n($_SYSTEM['i18n']); // %Begin Validate $dirpath foreach ($files as $filePath => $newName) { $pathinfo = $fs->getPathInfo($filePath); $dirpath = ltrim($pathinfo['dirname'], '/'); $dirpath = $dirpath ? str_replace('\\', DIRECTORY_SEPARATOR, $dirpath) : ''; $realpath = realpath($rootPath . DIRECTORY_SEPARATOR . $dirpath); $rootLength = strlen($sjConfig['root']); $realLength = strlen($realpath); if (!$realpath || $realLength < $rootLength) { // hack attemt $realpath = $sjConfig['root']; unset($files[$i]); } } // %End validate $dirpath