/** * 用户app 添加、编辑 */ public function user_app() { $path = _DIR($this->in['path']); if (isset($this->in['action']) && $this->in['action'] == 'add') { $path .= '.oexe'; } if (!checkExt($path)) { show_json($this->L['error']); exit; } $data = json_decode(rawurldecode($this->in['data']), true); unset($data['name']); unset($data['desc']); unset($data['group']); $res = file_put_contents($path, json_encode($data)); show_json($this->L['success']); }
public function serverDownload() { $uuid = 'download_' . $this->in['uuid']; if ($this->in['type'] == 'percent') { //获取下载进度 //show_json($_SESSION[$uuid]); if (isset($_SESSION[$uuid])) { $info = $_SESSION[$uuid]; $result = array('uuid' => $this->in['uuid'], 'length' => (int) $info['length'], 'size' => (int) filesize($info['path']), 'time' => mtime()); show_json($result); } else { show_json('', false); } } else { if ($this->in['type'] == 'remove') { //取消下载;文件被删掉则自动停止 del_file($_SESSION[$uuid]['path']); unset($_SESSION[$uuid]); show_json('', false); } } //下载 $save_path = _DIR($this->in['save_path']); if (!is_writeable($save_path)) { show_json($this->L['no_permission_write'], false); } $url = rawurldecode($this->in['url']); $header = url_header($url); if (!$header) { show_json($this->L['download_error_exists'], false); } $save_path = $save_path . urldecode($header['name']); if (!checkExt($save_path)) { //不允许的扩展名 $save_path = _DIR($this->in['save_path']) . date() . '.txt'; } $save_path = get_filename_auto(iconv_system($save_path)); $save_path_temp = $save_path . '.downloading'; session_start(); $_SESSION[$uuid] = array('length' => $header['length'], 'path' => $save_path_temp); session_write_close(); if (file_download_this($url, $save_path_temp)) { if (@rename($save_path_temp, $save_path)) { //下载完后重命名 $name = get_path_this(iconv_app($save_path)); show_json($this->L['download_success'], true, $name); } else { show_json($this->L['download_error_create'], false); } } else { show_json($this->L['download_error_create'], false); } }
/** * 权限验证;统一入口检验 */ public function authCheck() { if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) { return; } if (in_array(ACT, $this->notCheck)) { return; } if (!array_key_exists(ST, $this->config['role_setting'])) { return; } if (!in_array(ACT, $this->config['role_setting'][ST])) { return; } //有权限限制的函数 $key = ST . ':' . ACT; $group = new fileCache($this->config['system_file']['group']); $GLOBALS['auth'] = $auth = $group->get($this->user['role']); //默认扩张功能等价权限 $auth['explorer:pathChmod'] = $auth['explorer:pathRname']; $auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag']; if ($auth[$key] !== 1) { show_json($this->L['no_permission'], false); } //扩展名限制:新建文件&上传文件&重命名文件&保存文件&zip解压文件 $check_arr = array('mkfile' => isset($this->in['path']) ? $this->in['path'] : '', 'pathRname' => isset($this->in['rname_to']) ? $this->in['rname_to'] : '', 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => isset($this->in['path']) ? $this->in['path'] : ''); if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) { show_json($this->L['no_permission_ext'], false); } }
/** * 权限验证;统一入口检验 */ public function authCheck() { if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) { return; } if (in_array(ACT, $this->notCheck)) { return; } if (!array_key_exists(ST, $this->config['role_setting'])) { return; } if (!in_array(ACT, $this->config['role_setting'][ST]) && ST . ':' . ACT != 'user:common_js') { return; } //输出处理过的权限 //有权限限制的函数 $key = ST . ':' . ACT; $group = new fileCache(USER_SYSTEM . 'group.php'); $auth = $group->get($this->user['role']); //向下版本兼容处理 //未定义;新版本首次使用默认开放的功能 if (!isset($auth['userShare:set'])) { $auth['userShare:set'] = 1; } if (!isset($auth['explorer:fileDownload'])) { $auth['explorer:fileDownload'] = 1; } //默认扩展功能 等价权限 $auth['user:common_js'] = 1; //权限数据配置后输出到前端 $auth['explorer:pathChmod'] = $auth['explorer:pathRname']; $auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete']; $auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag']; $auth['explorer:fileDownloadRemove'] = $auth['explorer:fileDownload']; $auth['explorer:zipDownload'] = $auth['explorer:fileDownload']; $auth['explorer:fileProxy'] = $auth['explorer:fileDownload']; $auth['editor:fileGet'] = $auth['explorer:fileDownload']; $auth['explorer:officeView'] = $auth['explorer:fileDownload']; $auth['explorer:officeSave'] = $auth['editor:fileSave']; $auth['userShare:del'] = $auth['userShare:set']; if ($auth[$key] != 1) { show_json($this->L['no_permission'], false); } $GLOBALS['auth'] = $auth; //全局 //扩展名限制:新建文件&上传文件&重命名文件&保存文件&zip解压文件 $check_arr = array('mkfile' => $this->check_key('path'), 'pathRname' => $this->check_key('rname_to'), 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => $this->check_key('path')); if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) { show_json($this->L['no_permission_ext'], false); } }
function checkExtUnzip($s, $info) { return checkExt($info['stored_filename']); }
function addUrls($urls) { if (is_array($urls)) { for ($i = 0; $i < count($urls['href']); $i++) { $skip = 0; # Cycle through to make sure url is unique for ($x = 0; $x < count($GLOBALS['urls']); $x++) { if ($GLOBALS['urls'][$x] == $urls['href'][$i]) { $skip = 1; break; } } # Check extension $extgood = 0; foreach ($GLOBALS['extensions'] as $ext) { if (checkExt($urls['href'][$i], $ext)) { $extgood = 1; } } # And finally make sure its in the current website if (!stristr($urls['href'][$i], $GLOBALS['siteurl'])) { $skip = 1; } if ($skip == 0 && $extgood == 1) { $GLOBALS['urls'][] = $urls['href'][$i]; } } } }
* @author Jan Pecha, <*****@*****.**> * @license New BSD License */ if (($dir = getcwd()) !== false) { include __DIR__ . '/nette.min.php'; $args = NULL; if (isset($_SERVER['argc']) && $_SERVER['argc'] > 1) { $args = $_SERVER['argv']; array_shift($args); } else { $args = array('mp4', 'flv'); } $errors = array(); $masks = array(); foreach ($args as $arg) { if (checkExt($arg)) { $masks[] = "*.{$arg}"; } else { $errors[] = $arg; } } if (count($errors)) { foreach ($errors as $ext) { echo "[error] Pripona '{$ext}' je divna, zkus to opravit nebo smazat (pripona muze obsahovat pouze a-Z a 0-9 a nesmi byt 'mp3')\n"; } exit; } $numOfFiles = 0; $errors = array(); foreach (\Nette\Utils\Finder::findFiles($masks)->in($dir) as $file) { if (($pos = strrpos($file, '.')) !== false) {
/** * Permission Validation; unified entrance examination */ public function authCheck() { if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) { return; } if (in_array(ACT, $this->notCheck)) { return; } if (!array_key_exists(ST, $this->config['role_setting'])) { return; } if (!in_array(ACT, $this->config['role_setting'][ST]) && ST . ':' . ACT != 'user:common_js') { return; } //Outputs the processed permissions //With restricted access function $key = ST . ':' . ACT; $group = new fileCache(USER_SYSTEM . 'group.php'); $auth = $group->get($this->user['role']); // Downward compatible with version handling // Undefined; the new version features the first use of the default open if (!isset($auth['userShare:set'])) { $auth['userShare:set'] = 1; } if (!isset($auth['explorer:fileDownload'])) { $auth['explorer:fileDownload'] = 1; } //The default extension is functionally equivalent authority $auth['user:common_js'] = 1; //After permission to configure the output data to the front end $auth['explorer:pathChmod'] = $auth['explorer:pathRname']; $auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete']; $auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag']; $auth['explorer:fileDownloadRemove'] = $auth['explorer:fileDownload']; $auth['explorer:zipDownload'] = $auth['explorer:fileDownload']; $auth['explorer:fileProxy'] = $auth['explorer:fileDownload']; $auth['editor:fileGet'] = $auth['explorer:fileDownload']; $auth['explorer:officeView'] = $auth['explorer:fileDownload']; $auth['explorer:officeSave'] = $auth['editor:fileSave']; $auth['userShare:del'] = $auth['userShare:set']; if ($auth[$key] != 1) { show_json($this->L['no_permission'], false); } $GLOBALS['auth'] = $auth; //Overall situation //Extension restrictions: New File Upload & File & rename files & save files Unzip & zip file $check_arr = array('mkfile' => $this->check_key('path'), 'pathRname' => $this->check_key('rname_to'), 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => $this->check_key('path')); if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) { show_json($this->L['no_permission_ext'], false); } }
public function serverDownload() { if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) { if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { $uuid = 'download_' . $this->in['uuid']; if ($this->in['type'] == 'percent') { //Get the download progress //show_json($_SESSION[$uuid]); if (isset($_SESSION[$uuid])) { $info = $_SESSION[$uuid]; $result = array('uuid' => $this->in['uuid'], 'length' => (int) $info['length'], 'size' => (int) filesize($info['path']), 'time' => mtime()); show_json($result); } else { show_json('', false); } } else { if ($this->in['type'] == 'remove') { //Cancel download; files are deleted automatically stops del_file($_SESSION[$uuid]['path']); unset($_SESSION[$uuid]); show_json('', false); } } //download $save_path = _DIR($this->in['save_path']); if (!is_writeable($save_path)) { show_json($this->L['no_permission_write'], false); } $url = rawurldecode($this->in['url']); $header = url_header($url); if (!$header) { show_json($this->L['download_error_exists'], false); } $save_path = $save_path . urldecode($header['name']); if (!checkExt($save_path)) { //Allowed extension $save_path = _DIR($this->in['save_path']) . date() . '.txt'; } $save_path = get_filename_auto(iconv_system($save_path)); $save_path_temp = $save_path . '.downloading'; session_start(); $_SESSION[$uuid] = array('length' => $header['length'], 'path' => $save_path_temp); session_write_close(); if (file_download_this($url, $save_path_temp)) { if (@rename($save_path_temp, $save_path)) { //After downloading rename $name = get_path_this(iconv_app($save_path)); show_json($this->L['download_success'], true, $name); } else { show_json($this->L['download_error_create'], false); } } else { show_json($this->L['download_error_create'], false); } } } else { header('Location: 403.php'); } }
return false; } /* * Check if the file name has not allowed characters, removes them, and check if it is windows reserved */ $tmp_fn = $file_name; $file_name = checkName($file_name); if (!$file_name) { echo json_encode(array('name' => $tmp_fn, 'size' => $full_size, 'status' => -1, 'info' => 'File name is not allowed. Windows reserved.')); return false; } /* * Check if file extension is in the allowed extensions * By defaul php, exe, html, js... are deny */ if (!checkExt($file_name, $allow_ext)) { echo json_encode(array('name' => $file_name, 'size' => $full_size, 'status' => -1, 'info' => 'File extension is not allowed')); return false; } } /* * Calculate full upload path and check if file already exists. * If file exists just rename it in the format :filename(N).ext */ $full_path = ''; if ($is_ajax) { //we get the path only for the first chunk $full_path = $currByte == 0 ? checkFileExits($file_name, $upload_path) : $upload_path . $file_name; //Just optional, avoid to write on exisiting file, but in theory filename should be unique from the checkFileExits function $flag = $currByte == 0 ? 0 : FILE_APPEND; //formData post files just normal upload in $_FILES, older ajax upload post it in input