D3Public
/
tinymce-editor
8
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

refactor fileman

This commit is contained in:
O3-Shop 2023-04-10 22:25:46 +02:00
parent 192a9aa52d
commit 24c4264d87
18 changed files with 873 additions and 730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Application/fileman/php/copydir.php
View File

@ -26,32 +26,35 @@ include 'functions.inc.php';
verifyAction('COPYDIR');
checkAccess('COPYDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
verifyPath($newPath);
function copyDir($path, $newPath){
$items = listDirectory($path);
if(!is_dir($newPath))
mkdir ($newPath, octdec(DIRPERMISSIONS));
foreach ($items as $item){
if($item == '.' || $item == '..')
continue;
$oldPath = RoxyFile::FixPath($path.'/'.$item);
$tmpNewPath = RoxyFile::FixPath($newPath.'/'.$item);
if(is_file($oldPath))
copy($oldPath, $tmpNewPath);
elseif(is_dir($oldPath)){
copyDir($oldPath, $tmpNewPath);
function copyDir(string $path, string $newPath): void
{
$items = listDirectory($path);
if (!is_dir($newPath)) {
mkdir($newPath, (int) octdec(DIRPERMISSIONS));
}
foreach ($items as $item) {
if ($item == '.' || $item == '..') {
continue;
}
$oldPath = RoxyFile::FixPath($path . '/' . $item);
$tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item);
if (is_file($oldPath)) {
copy($oldPath, $tmpNewPath);
} elseif (is_dir($oldPath)) {
copyDir($oldPath, $tmpNewPath);
}
}
}
}
if(is_dir(fixPath($path))){
copyDir(fixPath($path.'/'), fixPath($newPath.'/'.basename($path)));
echo getSuccessRes();
}
else
echo getErrorRes(t('E_CopyDirInvalidPath'));
?>
if (is_dir(fixPath($path))) {
copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path)));
echo getSuccessRes();
} else {
echo getErrorRes(t('E_CopyDirInvalidPath'));
}

29
Application/fileman/php/copyfile.php
View File

@ -26,21 +26,22 @@ include 'functions.inc.php';
verifyAction('COPYFILE');
checkAccess('COPYFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
if(!$newPath)
$newPath = getFilesPath();
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if(is_file(fixPath($path))){
$newPath = $newPath.'/'.RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if(copy(fixPath($path), fixPath($newPath)))
echo getSuccessRes();
else
echo getErrorRes(t('E_CopyFile'));
}
else
echo getErrorRes(t('E_CopyFileInvalisPath'));
?>
if (is_file(fixPath($path))) {
$newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if (copy(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_CopyFile'));
}
} else {
echo getErrorRes(t('E_CopyFileInvalisPath'));
}

22
Application/fileman/php/createdir.php
View File

@ -26,16 +26,16 @@ include 'functions.inc.php';
verifyAction('CREATEDIR');
checkAccess('CREATEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS)))
echo getSuccessRes();
else
echo getErrorRes(t('E_CreateDirFailed').' '.basename($path));
}
else
echo getErrorRes(t('E_CreateDirInvalidPath'));
?>
if (is_dir(fixPath($path))) {
if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_CreateDirInvalidPath'));
}

28
Application/fileman/php/deletedir.php
View File

@ -26,19 +26,19 @@ include 'functions.inc.php';
verifyAction('DELETEDIR');
checkAccess('DELETEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d']));
$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
echo getErrorRes(t('E_CannotDeleteRoot'));
elseif(count(glob(fixPath($path)."/*")))
echo getErrorRes(t('E_DeleteNonEmpty'));
elseif(rmdir(fixPath($path)))
echo getSuccessRes();
else
echo getErrorRes(t('E_CannotDeleteDir').' '.basename($path));
}
else
echo getErrorRes(t('E_DeleteDirInvalidPath').' '.$path);
?>
if (is_dir(fixPath($path))) {
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotDeleteRoot'));
} elseif (count((array) glob(fixPath($path) . "/*"))) {
echo getErrorRes(t('E_DeleteNonEmpty'));
} elseif (rmdir(fixPath($path))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path);
}

18
Application/fileman/php/deletefile.php
View File

@ -29,12 +29,12 @@ checkAccess('DELETEFILE');
$path = RoxyFile::FixPath(trim($_POST['f']));
verifyPath($path);
if(is_file(fixPath($path))){
if(unlink(fixPath($path)))
echo getSuccessRes();
else
echo getErrorRes(t('E_DeletеFile').' '.basename($path));
}
else
echo getErrorRes(t('E_DeleteFileInvalidPath'));
?>
if (is_file(fixPath($path))) {
if (unlink(fixPath($path))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_DeletеFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_DeleteFileInvalidPath'));
}

87
Application/fileman/php/dirtree.php
View File

@ -26,47 +26,60 @@ include 'functions.inc.php';
verifyAction('DIRLIST');
checkAccess('DIRLIST');
function getFilesNumber($path, $type){
$files = 0;
$dirs = 0;
$tmp = listDirectory($path);
foreach ($tmp as $ff){
if($ff == '.' || $ff == '..')
continue;
elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff))))
$files++;
elseif(is_dir($path.'/'.$ff))
$dirs++;
}
/**
* @param string $path
* @param string $type
* @return int[]
*/
function getFilesNumber(string $path, string $type): array
{
$files = 0;
$dirs = 0;
$tmp = listDirectory($path);
foreach ($tmp as $ff) {
if ($ff == '.' || $ff == '..') {
continue;
} elseif (
is_file($path . '/' . $ff) &&
($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))
) {
$files++;
} elseif (is_dir($path . '/' . $ff)) {
$dirs++;
}
}
return array('files'=>$files, 'dirs'=>$dirs);
}
function GetDirs($path, $type){
$ret = $sort = array();
$files = listDirectory(fixPath($path), 0);
foreach ($files as $f){
$fullPath = $path.'/'.$f;
if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..')
continue;
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path'=>$fullPath,'files'=>$tmp['files'],'dirs'=>$tmp['dirs']);
$sort[$fullPath] = $f;
}
natcasesort($sort);
foreach ($sort as $k => $v) {
$tmp = $ret[$k];
echo ',{"p":"'.mb_ereg_replace('"', '\\"', $tmp['path']).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}';
GetDirs($tmp['path'], $type);
}
return array('files' => $files, 'dirs' => $dirs);
}
$type = (empty($_GET['type'])?'':strtolower($_GET['type']));
if($type != 'image' && $type != 'flash')
$type = '';
function GetDirs(string $path, string $type): void
{
$ret = $sort = array();
$files = listDirectory(fixPath($path));
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') {
continue;
}
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']);
$sort[$fullPath] = $f;
}
natcasesort($sort);
foreach ($sort as $k => $v) {
$tmp = $ret[$k];
echo ',{"p":"' . mb_ereg_replace('"', '\\"', $tmp['path']) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs($tmp['path'], $type);
}
}
$type = (empty($_GET['type']) ? '' : strtolower($_GET['type']));
if ($type != 'image' && $type != 'flash') {
$type = '';
}
echo "[\n";
$tmp = getFilesNumber(fixPath(getFilesPath()), $type);
echo '{"p":"'. mb_ereg_replace('"', '\\"', getFilesPath()).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}';
echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs(getFilesPath(), $type);
echo "\n]";
?>
echo "\n]";

13
Application/fileman/php/download.php
View File

@ -29,10 +29,9 @@ checkAccess('DOWNLOAD');
$path = RoxyFile::FixPath(trim($_GET['f']));
verifyPath($path);
if(is_file(fixPath($path))){
$file = urldecode(basename($path));
header('Content-Disposition: attachment; filename="'.$file.'"');
header('Content-Type: application/force-download');
readfile(fixPath($path));
}
?>
if (is_file(fixPath($path))) {
$file = urldecode(basename($path));
header('Content-Disposition: attachment; filename="' . $file . '"');
header('Content-Type: application/force-download');
readfile(fixPath($path));
}

43
Application/fileman/php/downloaddir.php
View File

@ -22,7 +22,7 @@
*/
include '../system.inc.php';
include 'functions.inc.php';
@ini_set('memory_limit', -1);
@ini_set('memory_limit', '-1');
verifyAction('DOWNLOADDIR');
checkAccess('DOWNLOADDIR');
@ -30,26 +30,25 @@ $path = RoxyFile::FixPath(trim($_GET['d']));
verifyPath($path);
$path = fixPath($path);
if(!class_exists('ZipArchive')){
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
}
else{
try{
$filename = basename($path);
$zipFile = $filename.'.zip';
$zipPath = BASE_PATH.'/tmp/'.$zipFile;
RoxyFile::ZipDir($path, $zipPath);
if (!class_exists('ZipArchive')) {
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
} else {
try {
$filename = basename($path);
$zipFile = $filename . '.zip';
$zipPath = BASE_PATH . '/tmp/' . $zipFile;
RoxyFile::ZipDir($path, $zipPath);
header('Content-Disposition: attachment; filename="'.$zipFile.'"');
header('Content-Type: application/force-download');
readfile($zipPath);
function deleteTmp($zipPath){
@unlink($zipPath);
header('Content-Disposition: attachment; filename="' . $zipFile . '"');
header('Content-Type: application/force-download');
readfile($zipPath);
function deleteTmp(string $zipPath): void
{
@unlink($zipPath);
}
register_shutdown_function('deleteTmp', $zipPath);
} catch (Exception $ex) {
echo '<script>alert("' . addslashes(t('E_CreateArchive')) . '");</script>';
}
register_shutdown_function('deleteTmp', $zipPath);
}
catch(Exception $ex){
echo '<script>alert("'. addslashes(t('E_CreateArchive')).'");</script>';
}
}
?>
}

45
Application/fileman/php/fileslist.php
View File

@ -26,34 +26,35 @@ include 'functions.inc.php';
verifyAction('FILESLIST');
checkAccess('FILESLIST');
$path = RoxyFile::FixPath(empty($_POST['d'])? getFilesPath(): $_POST['d']);
$type = (empty($_POST['type'])?'':strtolower($_POST['type']));
if($type != 'image' && $type != 'flash')
$type = '';
$path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']);
$type = (empty($_POST['type']) ? '' : strtolower($_POST['type']));
if ($type != 'image' && $type != 'flash') {
$type = '';
}
verifyPath($path);
$files = listDirectory(fixPath($path), 0);
$files = listDirectory(fixPath($path));
natcasesort($files);
$str = '';
echo '[';
foreach ($files as $f){
$fullPath = $path.'/'.$f;
if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f)))
continue;
$size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath));
$w = 0;
$h = 0;
if(RoxyFile::IsImage($f)){
$tmp = @getimagesize(fixPath($fullPath));
if($tmp){
$w = $tmp[0];
$h = $tmp[1];
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) {
continue;
}
}
$str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},';
$size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath));
$w = 0;
$h = 0;
if (RoxyFile::IsImage($f)) {
$tmp = @getimagesize(fixPath($fullPath));
if ($tmp) {
$w = $tmp[0];
$h = $tmp[1];
}
}
$str .= '{"p":"' . mb_ereg_replace('"', '\\"', $fullPath) . '","s":"' . $size . '","t":"' . $time . '","w":"' . $w . '","h":"' . $h . '"},';
}
$str = mb_substr($str, 0, -1);
echo $str;
echo ']';
?>
echo ']';

1014
Application/fileman/php/functions.inc.php
View File

File diff suppressed because it is too large Load Diff

30
Application/fileman/php/movedir.php
View File

@ -26,21 +26,21 @@ include 'functions.inc.php';
verifyAction('MOVEDIR');
checkAccess('MOVEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n'])?'':$_GET['n']));
$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n']) ? '' : $_GET['n']));
verifyPath($path);
verifyPath($newPath);
if(is_dir(fixPath($path))){
if(mb_strpos($newPath, $path) === 0)
echo getErrorRes(t('E_CannotMoveDirToChild'));
elseif(file_exists(fixPath($newPath).'/'.basename($path)))
echo getErrorRes(t('E_DirAlreadyExists'));
elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path)))
echo getSuccessRes();
else
echo getErrorRes(t('E_MoveDir').' '.basename($path));
}
else
echo getErrorRes(t('E_MoveDirInvalisPath'));
?>
if (is_dir(fixPath($path))) {
if (mb_strpos($newPath, $path) === 0) {
echo getErrorRes(t('E_CannotMoveDirToChild'));
} elseif (file_exists(fixPath($newPath) . '/' . basename($path))) {
echo getErrorRes(t('E_DirAlreadyExists'));
} elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_MoveDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_MoveDirInvalisPath'));
}

37
Application/fileman/php/movefile.php
View File

@ -26,25 +26,24 @@ include 'functions.inc.php';
verifyAction('MOVEFILE');
checkAccess('MOVEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
if(!$newPath)
$newPath = getFilesPath();
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if(!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden'));
}
elseif(is_file(fixPath($path))){
if(file_exists(fixPath($newPath)))
echo getErrorRes(t('E_MoveFileAlreadyExists').' '.basename($newPath));
elseif(rename(fixPath($path), fixPath($newPath)))
echo getSuccessRes();
else
echo getErrorRes(t('E_MoveFile').' '.basename($path));
}
else {
echo getErrorRes(t('E_MoveFileInvalisPath'));
}
?>
if (!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden'));
} elseif (is_file(fixPath($path))) {
if (file_exists(fixPath($newPath))) {
echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath));
} elseif (rename(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_MoveFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_MoveFileInvalisPath'));
}

26
Application/fileman/php/renamedir.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEDIR');
checkAccess('RENAMEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])? '': $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
echo getErrorRes(t('E_CannotRenameRoot'));
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
echo getSuccessRes();
else
echo getErrorRes(t('E_RenameDir').' '.basename($path));
}
else
echo getErrorRes(t('E_RenameDirInvalidPath'));
?>
if (is_dir(fixPath($path))) {
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotRenameRoot'));
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_RenameDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_RenameDirInvalidPath'));
}

26
Application/fileman/php/renamefile.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEFILE');
checkAccess('RENAMEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_file(fixPath($path))){
if(!RoxyFile::CanUploadFile($name))
echo getErrorRes(t('E_FileExtensionForbidden').' ".'.RoxyFile::GetExtension($name).'"');
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
echo getSuccessRes();
else
echo getErrorRes(t('E_RenameFile').' '.basename($path));
}
else
echo getErrorRes(t('E_RenameFileInvalidPath'));
?>
if (is_file(fixPath($path))) {
if (!RoxyFile::CanUploadFile($name)) {
echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"');
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
} else {
echo getErrorRes(t('E_RenameFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_RenameFileInvalidPath'));
}

7
Application/fileman/php/security.inc.php
View File

@ -20,7 +20,8 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
function checkAccess($action) {
function checkAccess(string $action): void
{
unset($action);
if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.');
}
?>
}

17
Application/fileman/php/thumb.php
View File

@ -29,18 +29,17 @@ header("Cache-Control: max-age=3600");
verifyAction('GENERATETHUMB');
checkAccess('GENERATETHUMB');
$path = RoxyFile::FixPath(urldecode(empty($_GET['f'])?'':$_GET['f']));
$path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f']));
verifyPath($path);
@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS));
@chmod(fixPath($path), octdec(FILEPERMISSIONS));
@chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS));
@chmod(fixPath($path), (int) octdec(FILEPERMISSIONS));
$w = intval(empty($_GET['width'])?'100':$_GET['width']);
$h = intval(empty($_GET['height'])?'0':$_GET['height']);
$w = intval(empty($_GET['width']) ? '100' : $_GET['width']);
$h = intval(empty($_GET['height']) ? '0' : $_GET['height']);
header('Content-type: '.RoxyFile::GetMIMEType(basename($path)));
if($w && $h)
RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else
RoxyImage::Resize(fixPath($path), null, $w, $h);
?>
RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else
RoxyImage::Resize(fixPath($path), null, $w, $h);

93
Application/fileman/php/upload.php
View File

@ -26,58 +26,57 @@ include 'functions.inc.php';
verifyAction('UPLOAD');
checkAccess('UPLOAD');
$isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?getFilesPath():$_POST['d']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d']));
verifyPath($path);
$res = '';
if(is_dir(fixPath($path))){
if(!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])){
$errors = $errorsExt = array();
foreach($_FILES['files']['tmp_name'] as $k=>$v){
$filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path).'/'.$filename;
$isUploaded = true;
if(!RoxyFile::CanUploadFile($filename)){
$errorsExt[] = $filename;
$isUploaded = false;
}
elseif(!move_uploaded_file($v, $filePath)){
$errors[] = $filename;
$isUploaded = false;
}
if(is_file($filePath)){
@chmod ($filePath, octdec(FILEPERMISSIONS));
}
if($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)){
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if($errors && $errorsExt)
$res = getSuccessRes(t('E_UploadNotAll').' '.t('E_FileExtensionForbidden'));
elseif($errorsExt)
$res = getSuccessRes(t('E_FileExtensionForbidden'));
elseif($errors)
$res = getSuccessRes(t('E_UploadNotAll'));
else
$res = getSuccessRes();
}
else
$res = getErrorRes(t('E_UploadNoFiles'));
}
else
$res = getErrorRes(t('E_UploadInvalidPath'));
$errors = $errorsExt = array();
if($isAjax){
if($errors || $errorsExt)
$res = getErrorRes(t('E_UploadNotAll'));
echo $res;
if (is_dir(fixPath($path))) {
if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) {
foreach ($_FILES['files']['tmp_name'] as $k => $v) {
$filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path) . '/' . $filename;
$isUploaded = true;
if (!RoxyFile::CanUploadFile($filename)) {
$errorsExt[] = $filename;
$isUploaded = false;
} elseif (!move_uploaded_file($v, $filePath)) {
$errors[] = $filename;
$isUploaded = false;
}
if (is_file($filePath)) {
@chmod($filePath, (int) octdec(FILEPERMISSIONS));
}
if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) {
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if ($errors && $errorsExt) {
$res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden'));
} elseif ($errorsExt) {
$res = getSuccessRes(t('E_FileExtensionForbidden'));
} elseif ($errors) {
$res = getSuccessRes(t('E_UploadNotAll'));
} else {
$res = getSuccessRes();
}
} else {
$res = getErrorRes(t('E_UploadNoFiles'));
}
} else {
$res = getErrorRes(t('E_UploadInvalidPath'));
}
else{
echo '
if ($isAjax) {
if ($errors || $errorsExt) {
$res = getErrorRes(t('E_UploadNotAll'));
}
echo $res;
} else {
echo '
<script>
parent.fileUploaded('.$res.');
parent.fileUploaded(' . $res . ')
</script>';
}
?>

19
phpstan.neon
View File

@ -4,7 +4,20 @@ parameters:
- ../../o3-shop/shop-ce/source/oxfunctions.php
paths:
- Application
excludePaths:
- Application/fileman
level: 9
phpVersion: 70400
phpVersion: 70400
ignoreErrors:
- '#Constant FILES_ROOT not found.#'
- '#Constant SESSION_PATH_KEY not found.#'
- '#Constant FORBIDDEN_UPLOADS not found.#'
- '#Constant ALLOWED_UPLOADS not found.#'
- '#Constant BASE_PATH not found.#'
- '#Constant DIRPERMISSIONS not found.#'
- '#Constant FILEPERMISSIONS not found.#'
- '#Constant MAX_IMAGE_HEIGHT not found.#'
- '#Constant MAX_IMAGE_WIDTH not found.#'
- '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#'
- '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#'