/** * Run all system actions based on the value of $_REQUEST['act']. */ function ft_do_action() { if (!empty($_REQUEST['act'])) { // Only one callback action is allowed. So only the first hook that acts on an action is run. ft_invoke_hook('action', $_REQUEST['act']); # mkdir if ($_REQUEST['act'] == "createdir" && CREATE === TRUE) { $_POST['newdir'] = trim($_POST['newdir']); if ($_POST['type'] == 'file') { // Check file against blacklists if (strlen($_POST['newdir']) > 0 && ft_check_filetype($_POST['newdir']) && ft_check_file($_POST['newdir'])) { // Create file. $newfile = ft_get_dir() . "/{$_POST['newdir']}"; if (file_exists($newfile)) { // Redirect ft_set_message(t("File could not be created. File already exists."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } elseif (@touch($newfile)) { // Redirect. ft_set_message(t("File created.")); ft_redirect("dir=" . $_REQUEST['dir']); } else { // Redirect ft_set_message(t("File could not be created."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } } else { // Redirect ft_set_message(t("File could not be created."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } } elseif ($_POST['type'] == 'url') { // Create from URL. $newname = trim(substr($_POST['newdir'], strrpos($_POST['newdir'], '/') + 1)); if (strlen($newname) > 0 && ft_check_filetype($newname) && ft_check_file($newname)) { // Open file handlers. $rh = fopen($_POST['newdir'], 'rb'); if ($rh === FALSE) { ft_set_message(t("Could not open URL. Possible reason: URL wrappers not enabled."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } $wh = fopen(ft_get_dir() . '/' . $newname, 'wb'); if ($wh === FALSE) { ft_set_message(t("File could not be created."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } // Download anf write file. while (!feof($rh)) { if (fwrite($wh, fread($rh, 1024)) === FALSE) { ft_set_message(t("File could not be saved."), 'error'); } } fclose($rh); fclose($wh); ft_redirect("dir=" . $_REQUEST['dir']); } else { // Redirect ft_set_message(t("File could not be created."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } } else { // Create directory. // Check input. // if (strstr($_POST['newdir'], ".")) { // Throw error (redirect). // ft_redirect("status=createddirfail&dir=".$_REQUEST['dir']); // } else { $_POST['newdir'] = ft_stripslashes($_POST['newdir']); $newdir = ft_get_dir() . "/{$_POST['newdir']}"; $oldumask = umask(0); if (strlen($_POST['newdir']) > 0 && @mkdir($newdir, DIRPERMISSION)) { ft_set_message(t("Directory created.")); ft_redirect("dir=" . $_REQUEST['dir']); } else { // Redirect ft_set_message(t("Directory could not be created."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } umask($oldumask); // } } # Move } elseif ($_REQUEST['act'] == "move" && ft_check_fileactions() === TRUE) { // Check that both file and newvalue are set. $file = trim(ft_stripslashes($_REQUEST['file'])); $dir = trim(ft_stripslashes($_REQUEST['newvalue'])); if (substr($dir, -1, 1) != "/") { $dir .= "/"; } // Check for level. if (substr_count($dir, "../") <= substr_count(ft_get_dir(), "/") && ft_check_move($dir) === TRUE) { $dir = ft_get_dir() . "/" . $dir; if (!empty($file) && file_exists(ft_get_dir() . "/" . $file)) { // Check that destination exists and is a directory. if (is_dir($dir)) { // Move file. if (@rename(ft_get_dir() . "/" . $file, $dir . "/" . $file)) { // Success. ft_set_message(t("!old was moved to !new", array('!old' => $file, '!new' => $dir))); ft_redirect("dir={$_REQUEST['dir']}"); } else { // Error rename failed. ft_set_message(t("!old could not be moved.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error dest. isn't a dir or doesn't exist. ft_set_message(t("Could not move file. !old does not exist or is not a directory.", array('!old' => $dir)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error source file doesn't exist. ft_set_message(t("!old could not be moved. It doesn't exist.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error level ft_set_message(t("!old could not be moved outside the base directory.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } # Delete } elseif ($_REQUEST['act'] == "delete" && ft_check_fileactions() === TRUE) { // Check that file is set. $file = ft_stripslashes($_REQUEST['file']); if (!empty($file) && ft_check_file($file)) { if (is_dir(ft_get_dir() . "/" . $file)) { if (DELETEFOLDERS == TRUE) { ft_rmdir_recurse(ft_get_dir() . "/" . $file); } if (!@rmdir(ft_get_dir() . "/" . $file)) { ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } else { ft_set_message(t("!old deleted.", array('!old' => $file))); ft_redirect("dir={$_REQUEST['dir']}"); } } else { if (!@unlink(ft_get_dir() . "/" . $file)) { ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } else { ft_set_message(t("!old deleted.", array('!old' => $file))); ft_redirect("dir={$_REQUEST['dir']}"); } } } else { ft_set_message(t("!old could not be deleted.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } # Rename && Duplicate && Symlink } elseif ($_REQUEST['act'] == "rename" || $_REQUEST['act'] == "duplicate" || $_REQUEST['act'] == "symlink" && ft_check_fileactions() === TRUE) { // Check that both file and newvalue are set. $old = trim(ft_stripslashes($_REQUEST['file'])); $new = trim(ft_stripslashes($_REQUEST['newvalue'])); if ($_REQUEST['act'] == 'rename') { $m['typefail'] = t("!old was not renamed to !new (type not allowed).", array('!old' => $old, '!new' => $new)); $m['writefail'] = t("!old could not be renamed (write failed).", array('!old' => $old)); $m['destfail'] = t("File could not be renamed to !new since it already exists.", array('!new' => $new)); $m['emptyfail'] = t("File could not be renamed since you didn't specify a new name."); } elseif ($_REQUEST['act'] == 'duplicate') { $m['typefail'] = t("!old was not duplicated to !new (type not allowed).", array('!old' => $old, '!new' => $new)); $m['writefail'] = t("!old could not be duplicated (write failed).", array('!old' => $old)); $m['destfail'] = t("File could not be duplicated to !new since it already exists.", array('!new' => $new)); $m['emptyfail'] = t("File could not be duplicated since you didn't specify a new name."); } elseif ($_REQUEST['act'] == 'symlink') { $m['typefail'] = t("Could not create symlink to !old (type not allowed).", array('!old' => $old, '!new' => $new)); $m['writefail'] = t("Could not create symlink to !old (write failed).", array('!old' => $old)); $m['destfail'] = t("Could not create symlink !new since it already exists.", array('!new' => $new)); $m['emptyfail'] = t("Symlink could not be created since you didn't specify a name."); } if (!empty($old) && !empty($new)) { if (ft_check_filetype($new) && ft_check_file($new)) { // Make sure destination file doesn't exist. if (!file_exists(ft_get_dir() . "/" . $new)) { // Check that file exists. if (is_writeable(ft_get_dir() . "/" . $old)) { if ($_REQUEST['act'] == "rename") { if (@rename(ft_get_dir() . "/" . $old, ft_get_dir() . "/" . $new)) { // Success. ft_set_message(t("!old was renamed to !new", array('!old' => $old, '!new' => $new))); ft_redirect("dir={$_REQUEST['dir']}"); } else { // Error rename failed. ft_set_message(t("!old could not be renamed.", array('!old' => $old)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } elseif ($_REQUEST['act'] == 'symlink') { if (ADVANCEDACTIONS == TRUE) { if (@symlink(realpath(ft_get_dir() . "/" . $old), ft_get_dir() . "/" . $new)) { @chmod(ft_get_dir() . "/{$new}", PERMISSION); // Success. ft_set_message(t("Created symlink !new", array('!old' => $old, '!new' => $new))); ft_redirect("dir={$_REQUEST['dir']}"); } else { // Error symlink failed. ft_set_message(t("Symlink to !old could not be created.", array('!old' => $old)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } } else { if (@copy(ft_get_dir() . "/" . $old, ft_get_dir() . "/" . $new)) { // Success. ft_set_message(t("!old was duplicated to !new", array('!old' => $old, '!new' => $new))); ft_redirect("dir={$_REQUEST['dir']}"); } else { // Error rename failed. ft_set_message(t("!old could not be duplicated.", array('!old' => $old)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } } else { // Error old file isn't writeable. ft_set_message($m['writefail'], 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error destination exists. ft_set_message($m['destfail'], 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error file type not allowed. ft_set_message($m['typefail'], 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { // Error. File name not set. ft_set_message($m['emptyfail'], 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } # upload } elseif ($_REQUEST['act'] == "upload" && ft_check_upload() === TRUE && (LIMIT <= 0 || LIMIT > ROOTDIRSIZE)) { // If we are to upload a file we will do so. $msglist = 0; foreach ($_FILES as $k => $c) { if (!empty($c['name'])) { $c['name'] = ft_stripslashes($c['name']); if ($c['error'] == 0) { // Upload was successfull if (ft_validate_filename($c['name']) && ft_check_filetype($c['name']) && ft_check_file($c['name'])) { if (file_exists(ft_get_dir() . "/{$c['name']}")) { $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File already exists"), 'error'); } else { if (@move_uploaded_file($c['tmp_name'], ft_get_dir() . "/{$c['name']}")) { @chmod(ft_get_dir() . "/{$c['name']}", PERMISSION); // Success! $msglist++; ft_set_message(t('!file was uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20)))); ft_invoke_hook('upload', ft_get_dir(), $c['name']); } else { // File couldn't be moved. Throw error. $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File couldn't be moved"), 'error'); } } } else { // File type is not allowed. Throw error. $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("File type not allowed"), 'error'); } } else { // An error occurred. switch ($_FILES["localfile"]["error"]) { case 1: $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("The file was too large"), 'error'); break; case 2: $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("The file was larger than MAXSIZE setting."), 'error'); break; case 3: $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("Partial upload. Try again"), 'error'); break; case 4: $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("No file was uploaded. Please try again"), 'error'); break; default: $msglist++; ft_set_message(t('!file was not uploaded.', array('!file' => ft_get_nice_filename($c['name'], 20))) . ' ' . t("Unknown error"), 'error'); break; } } } } if ($msglist > 0) { ft_redirect("dir=" . $_REQUEST['dir']); } else { ft_set_message(t("Upload failed."), 'error'); ft_redirect("dir=" . $_REQUEST['dir']); } # Unzip } elseif ($_REQUEST['act'] == "unzip" && ft_check_fileactions() === TRUE) { // Check that file is set. $file = ft_stripslashes($_REQUEST['file']); if (!empty($file) && ft_check_file($file) && ft_check_filetype($file) && strtolower(ft_get_ext($file)) == 'zip' && is_file(ft_get_dir() . "/" . $file)) { $escapeddir = escapeshellarg(ft_get_dir() . "/"); $escapedfile = escapeshellarg(ft_get_dir() . "/" . $file); if (!@exec("unzip -n " . $escapedfile . " -d " . $escapeddir)) { ft_set_message(t("!old could not be unzipped.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } else { ft_set_message(t("!old unzipped.", array('!old' => $file))); ft_redirect("dir={$_REQUEST['dir']}"); } } else { ft_set_message(t("!old could not be unzipped.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } # chmod } elseif ($_REQUEST['act'] == "chmod" && ft_check_fileactions() === TRUE && ADVANCEDACTIONS == TRUE) { // Check that file is set. $file = ft_stripslashes($_REQUEST['file']); if (!empty($file) && ft_check_file($file) && ft_check_filetype($file)) { // Check that chosen permission i valid if (is_numeric($_REQUEST['newvalue'])) { $chmod = $_REQUEST['newvalue']; if (substr($chmod, 0, 1) == '0') { $chmod = substr($chmod, 0, 4); } else { $chmod = '0' . substr($chmod, 0, 3); } // Chmod if (@chmod(ft_get_dir() . "/" . $file, intval($chmod, 8))) { ft_set_message(t("Permissions changed for !old.", array('!old' => $file))); ft_redirect("dir={$_REQUEST['dir']}"); clearstatcache(); } else { ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } } else { ft_set_message(t("Could not change permissions for !old.", array('!old' => $file)), 'error'); ft_redirect("dir={$_REQUEST['dir']}"); } # logout } elseif ($_REQUEST['act'] == "logout") { ft_invoke_hook('logout', $_SESSION['ft_user_' . MUTEX]); $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); // Delete persistent cookie setcookie('ft_user_' . MUTEX, '', time() - 3600); ft_redirect(); } } }
/** * Private function. Searches for file names and directories recursively. * * @param $dir * Directory to search. * @param $q * Search query. * @return An array of files. Each item is an array: * array( * 'name' => '', // File name. * 'shortname' => '', // File name. * 'type' => '', // 'file' or 'dir'. * 'dir' => '', // Directory where file is located. * ) */ function _ft_search_find_files($dir, $q) { $output = array(); if (ft_check_dir($dir) && ($dirlink = @opendir($dir))) { while (($file = readdir($dirlink)) !== false) { if ($file != "." && $file != ".." && (ft_check_file($file) && ft_check_filetype($file) || is_dir($dir . "/" . $file) && ft_check_dir($file))) { $path = $dir . '/' . $file; // Check if filename/directory name is a match. if (stristr($file, $q)) { $new['name'] = $file; $new['shortname'] = ft_get_nice_filename($file, 20); $new['dir'] = substr($dir, strlen(ft_get_root())); if (is_dir($path)) { if (ft_check_dir($path)) { $new['type'] = "dir"; $output[] = $new; } } else { $new['type'] = "file"; $output[] = $new; } } // Check subdirs for matches. if (is_dir($path)) { $dirres = _ft_search_find_files($path, $q); if (is_array($dirres) && count($dirres) > 0) { $output = array_merge($dirres, $output); unset($dirres); } } } } sort($output); closedir($dirlink); return $output; } else { return FALSE; } }