all copies or substantial portions of the Software. PGRFileManager IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ //Authorization if (PGRFileManagerConfig::$authorize) { session_start(); if (isset($_POST) && isset($_POST['logoff'])) { unset($_SESSION['PGRFileManagerAuthorized']); include_once dirname(__FILE__) . '/utils.php'; header('Location:' . PGRFileManagerUtils::curPageURL()); die; } if (!isset($_SESSION['PGRFileManagerAuthorized'])) { if (isset($_POST) && isset($_POST['user']) && isset($_POST['pass']) && $_POST['user'] == PGRFileManagerConfig::$authorizeUser && $_POST['pass'] == PGRFileManagerConfig::$authorizePass) { $_SESSION['PGRFileManagerAuthorized'] = true; include_once dirname(__FILE__) . '/utils.php'; header('Location:' . PGRFileManagerUtils::curPageURL()); die; } else { include_once dirname(__FILE__) . '/login.php'; die; } } }
$tempFile = $_FILES['Filedata']['tmp_name']; $targetFile = $directory . '/' . $_FILES['Filedata']['name']; // Validate the file size (Warning: the largest files supported by this code is 2GB) $file_size = filesize($tempFile); if (!$file_size || $file_size > PGRFileManagerConfig::$fileMaxSize) { exit(0); } //check file ext if (PGRFileManagerConfig::$allowedExtensions != "") { if (preg_match('/^.*\\.(' . PGRFileManagerConfig::$allowedExtensions . ')$/', strtolower($_FILES['Filedata']['name'])) === 0) { exit(0); } } move_uploaded_file($tempFile, $targetFile); //if image check size, and rescale if necessary try { if (preg_match('/^.*\\.(jpg|gif|jpeg|png|bmp)$/', strtolower($_FILES['Filedata']['name'])) > 0) { $targetFile = realpath($targetFile); $imageInfo = PGRFileManagerUtils::getImageInfo($targetFile); if ($imageInfo !== false && ($imageInfo['height'] > PGRFileManagerConfig::$imageMaxHeight || $imageInfo['width'] > PGRFileManagerConfig::$imageMaxWidth)) { require_once realpath(dirname(__FILE__) . '/../PGRThumb/php/Image.php'); $image = PGRThumb_Image::factory($targetFile); $image->maxSize(PGRFileManagerConfig::$imageMaxWidth, PGRFileManagerConfig::$imageMaxHeight); $image->saveImage($targetFile, 80); } } } catch (Exception $e) { //todo } } exit(0);
//check for extra function to do if (isset($_POST['fun']) && PGRFileManagerConfig::$allowEdit) { $fun = $_POST['fun']; if ($fun === 'deleteDir' && isset($_POST['dirname'])) { $dirname = $_POST['dirname']; $dir = realpath($directory . $dirname); //check if dir is not a rootdir if ($dir === $directory) { die; } //check if dir is in rootdir if (strpos($dir, $directory) !== 0) { die; } if (is_dir($dir)) { PGRFileManagerUtils::deleteDirectory($dir); } echo json_encode(array('res' => 'OK')); exit(0); } else { if ($fun === 'addDir' && isset($_POST['dirname']) && isset($_POST['newDirname'])) { $dirname = $_POST['dirname']; $newDirname = $_POST['newDirname']; //allowed chars if (preg_match("/^[.A-Z0-9_ !@#\$%^&()+={}\\[\\]\\',~`-]+\$/i", $newDirname) === 0) { die; } $dirnameLength = strlen($newDirname); if ($dirnameLength === 0) { die; }
} //check file ext if (PGRFileManagerConfig::$allowedExtensions != "") { if (preg_match('/^.*\\.(' . PGRFileManagerConfig::$allowedExtensions . ')$/', strtolower($elem)) === 0) { continue; } } $filepath = $directory . '/' . $elem; if (is_file($filepath)) { $file = array(); $file['filename'] = $elem; $file['shortname'] = strlen($elem) > 17 ? substr($elem, 0, 17) . '...' : $elem; $file['size'] = PGRFileManagerUtils::formatBytes(filesize($filepath)); $file['md5'] = md5(filemtime($filepath)); if (PGRFileManagerConfig::$ckEditorExtensions != "") { $file['ckEdit'] = preg_match('/^.*\\.(' . PGRFileManagerConfig::$ckEditorExtensions . ')$/', strtolower($elem)) > 0; } else { $file['ckEdit'] = false; } $file['date'] = date('Y-m-d H:i:s', filemtime($filepath)); $file['imageInfo'] = PGRFileManagerUtils::getImageInfo($filepath); if ($file['imageInfo'] != false) { $file['thumb'] = PGRFileManagerUtils::getPhpThumb("src=" . urlencode(PGRFileManagerConfig::$rootPath . $_POST['dir'] . '/' . $elem) . "&w=64&h=64&md5=" . $file['md5']); } else { $file['thumb'] = false; } $files[] = $file; } } echo json_encode(array('res' => 'OK', 'files' => $files)); exit(0);