From 24c4264d878fbdf6c2ec9b9e66d021958525a826 Mon Sep 17 00:00:00 2001 From: O3-Shop Date: Mon, 10 Apr 2023 22:25:46 +0200 Subject: [PATCH] refactor fileman --- Application/fileman/php/copydir.php | 49 +- Application/fileman/php/copyfile.php | 29 +- Application/fileman/php/createdir.php | 22 +- Application/fileman/php/deletedir.php | 28 +- Application/fileman/php/deletefile.php | 18 +- Application/fileman/php/dirtree.php | 87 +- Application/fileman/php/download.php | 13 +- Application/fileman/php/downloaddir.php | 43 +- Application/fileman/php/fileslist.php | 45 +- Application/fileman/php/functions.inc.php | 1014 ++++++++++++--------- Application/fileman/php/movedir.php | 30 +- Application/fileman/php/movefile.php | 37 +- Application/fileman/php/renamedir.php | 26 +- Application/fileman/php/renamefile.php | 26 +- Application/fileman/php/security.inc.php | 7 +- Application/fileman/php/thumb.php | 17 +- Application/fileman/php/upload.php | 93 +- phpstan.neon | 19 +- 18 files changed, 873 insertions(+), 730 deletions(-) diff --git a/Application/fileman/php/copydir.php b/Application/fileman/php/copydir.php index 48f26aa..63936b0 100755 --- a/Application/fileman/php/copydir.php +++ b/Application/fileman/php/copydir.php @@ -26,32 +26,35 @@ include 'functions.inc.php'; verifyAction('COPYDIR'); checkAccess('COPYDIR'); -$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); -$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); +$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d'])); +$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); verifyPath($path); verifyPath($newPath); -function copyDir($path, $newPath){ - $items = listDirectory($path); - if(!is_dir($newPath)) - mkdir ($newPath, octdec(DIRPERMISSIONS)); - foreach ($items as $item){ - if($item == '.' || $item == '..') - continue; - $oldPath = RoxyFile::FixPath($path.'/'.$item); - $tmpNewPath = RoxyFile::FixPath($newPath.'/'.$item); - if(is_file($oldPath)) - copy($oldPath, $tmpNewPath); - elseif(is_dir($oldPath)){ - copyDir($oldPath, $tmpNewPath); +function copyDir(string $path, string $newPath): void +{ + $items = listDirectory($path); + if (!is_dir($newPath)) { + mkdir($newPath, (int) octdec(DIRPERMISSIONS)); + } + + foreach ($items as $item) { + if ($item == '.' || $item == '..') { + continue; + } + $oldPath = RoxyFile::FixPath($path . '/' . $item); + $tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item); + if (is_file($oldPath)) { + copy($oldPath, $tmpNewPath); + } elseif (is_dir($oldPath)) { + copyDir($oldPath, $tmpNewPath); + } } - } } -if(is_dir(fixPath($path))){ - copyDir(fixPath($path.'/'), fixPath($newPath.'/'.basename($path))); - echo getSuccessRes(); -} -else - echo getErrorRes(t('E_CopyDirInvalidPath')); -?> \ No newline at end of file +if (is_dir(fixPath($path))) { + copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path))); + echo getSuccessRes(); +} else { + echo getErrorRes(t('E_CopyDirInvalidPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/copyfile.php b/Application/fileman/php/copyfile.php index 31ba048..047ccda 100755 --- a/Application/fileman/php/copyfile.php +++ b/Application/fileman/php/copyfile.php @@ -26,21 +26,22 @@ include 'functions.inc.php'; verifyAction('COPYFILE'); checkAccess('COPYFILE'); -$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); -$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); -if(!$newPath) - $newPath = getFilesPath(); +$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f'])); +$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); +if (!$newPath) { + $newPath = getFilesPath(); +} verifyPath($path); verifyPath($newPath); -if(is_file(fixPath($path))){ - $newPath = $newPath.'/'.RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path)); - if(copy(fixPath($path), fixPath($newPath))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_CopyFile')); -} -else - echo getErrorRes(t('E_CopyFileInvalisPath')); -?> \ No newline at end of file +if (is_file(fixPath($path))) { + $newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path)); + if (copy(fixPath($path), fixPath($newPath))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_CopyFile')); + } +} else { + echo getErrorRes(t('E_CopyFileInvalisPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/createdir.php b/Application/fileman/php/createdir.php index 93c1bf6..41cea7c 100755 --- a/Application/fileman/php/createdir.php +++ b/Application/fileman/php/createdir.php @@ -26,16 +26,16 @@ include 'functions.inc.php'; verifyAction('CREATEDIR'); checkAccess('CREATEDIR'); -$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); -$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); +$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d'])); +$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); verifyPath($path); -if(is_dir(fixPath($path))){ - if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_CreateDirFailed').' '.basename($path)); -} -else - echo getErrorRes(t('E_CreateDirInvalidPath')); -?> \ No newline at end of file +if (is_dir(fixPath($path))) { + if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_CreateDirInvalidPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/deletedir.php b/Application/fileman/php/deletedir.php index db8306a..c90c9a8 100755 --- a/Application/fileman/php/deletedir.php +++ b/Application/fileman/php/deletedir.php @@ -26,19 +26,19 @@ include 'functions.inc.php'; verifyAction('DELETEDIR'); checkAccess('DELETEDIR'); -$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); +$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d'])); verifyPath($path); -if(is_dir(fixPath($path))){ - if(fixPath($path.'/') == fixPath(getFilesPath().'/')) - echo getErrorRes(t('E_CannotDeleteRoot')); - elseif(count(glob(fixPath($path)."/*"))) - echo getErrorRes(t('E_DeleteNonEmpty')); - elseif(rmdir(fixPath($path))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_CannotDeleteDir').' '.basename($path)); -} -else - echo getErrorRes(t('E_DeleteDirInvalidPath').' '.$path); -?> \ No newline at end of file +if (is_dir(fixPath($path))) { + if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) { + echo getErrorRes(t('E_CannotDeleteRoot')); + } elseif (count((array) glob(fixPath($path) . "/*"))) { + echo getErrorRes(t('E_DeleteNonEmpty')); + } elseif (rmdir(fixPath($path))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path); +} \ No newline at end of file diff --git a/Application/fileman/php/deletefile.php b/Application/fileman/php/deletefile.php index 25d9ead..a7bb168 100755 --- a/Application/fileman/php/deletefile.php +++ b/Application/fileman/php/deletefile.php @@ -29,12 +29,12 @@ checkAccess('DELETEFILE'); $path = RoxyFile::FixPath(trim($_POST['f'])); verifyPath($path); -if(is_file(fixPath($path))){ - if(unlink(fixPath($path))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_DeletŠµFile').' '.basename($path)); -} -else - echo getErrorRes(t('E_DeleteFileInvalidPath')); -?> \ No newline at end of file +if (is_file(fixPath($path))) { + if (unlink(fixPath($path))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_DeletŠµFile') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_DeleteFileInvalidPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/dirtree.php b/Application/fileman/php/dirtree.php index 12e87ee..aa2b166 100755 --- a/Application/fileman/php/dirtree.php +++ b/Application/fileman/php/dirtree.php @@ -26,47 +26,60 @@ include 'functions.inc.php'; verifyAction('DIRLIST'); checkAccess('DIRLIST'); -function getFilesNumber($path, $type){ - $files = 0; - $dirs = 0; - $tmp = listDirectory($path); - foreach ($tmp as $ff){ - if($ff == '.' || $ff == '..') - continue; - elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))) - $files++; - elseif(is_dir($path.'/'.$ff)) - $dirs++; - } +/** + * @param string $path + * @param string $type + * @return int[] + */ +function getFilesNumber(string $path, string $type): array +{ + $files = 0; + $dirs = 0; + $tmp = listDirectory($path); + foreach ($tmp as $ff) { + if ($ff == '.' || $ff == '..') { + continue; + } elseif ( + is_file($path . '/' . $ff) && + ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff))) + ) { + $files++; + } elseif (is_dir($path . '/' . $ff)) { + $dirs++; + } + } - return array('files'=>$files, 'dirs'=>$dirs); -} -function GetDirs($path, $type){ - $ret = $sort = array(); - $files = listDirectory(fixPath($path), 0); - foreach ($files as $f){ - $fullPath = $path.'/'.$f; - if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') - continue; - $tmp = getFilesNumber(fixPath($fullPath), $type); - $ret[$fullPath] = array('path'=>$fullPath,'files'=>$tmp['files'],'dirs'=>$tmp['dirs']); - $sort[$fullPath] = $f; - } - natcasesort($sort); - foreach ($sort as $k => $v) { - $tmp = $ret[$k]; - echo ',{"p":"'.mb_ereg_replace('"', '\\"', $tmp['path']).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}'; - GetDirs($tmp['path'], $type); - } + return array('files' => $files, 'dirs' => $dirs); } -$type = (empty($_GET['type'])?'':strtolower($_GET['type'])); -if($type != 'image' && $type != 'flash') - $type = ''; +function GetDirs(string $path, string $type): void +{ + $ret = $sort = array(); + $files = listDirectory(fixPath($path)); + foreach ($files as $f) { + $fullPath = $path . '/' . $f; + if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') { + continue; + } + $tmp = getFilesNumber(fixPath($fullPath), $type); + $ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']); + $sort[$fullPath] = $f; + } + natcasesort($sort); + foreach ($sort as $k => $v) { + $tmp = $ret[$k]; + echo ',{"p":"' . mb_ereg_replace('"', '\\"', $tmp['path']) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}'; + GetDirs($tmp['path'], $type); + } +} + +$type = (empty($_GET['type']) ? '' : strtolower($_GET['type'])); +if ($type != 'image' && $type != 'flash') { + $type = ''; +} echo "[\n"; $tmp = getFilesNumber(fixPath(getFilesPath()), $type); -echo '{"p":"'. mb_ereg_replace('"', '\\"', getFilesPath()).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}'; +echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}'; GetDirs(getFilesPath(), $type); -echo "\n]"; -?> \ No newline at end of file +echo "\n]"; \ No newline at end of file diff --git a/Application/fileman/php/download.php b/Application/fileman/php/download.php index 764897e..8db641d 100755 --- a/Application/fileman/php/download.php +++ b/Application/fileman/php/download.php @@ -29,10 +29,9 @@ checkAccess('DOWNLOAD'); $path = RoxyFile::FixPath(trim($_GET['f'])); verifyPath($path); -if(is_file(fixPath($path))){ - $file = urldecode(basename($path)); - header('Content-Disposition: attachment; filename="'.$file.'"'); - header('Content-Type: application/force-download'); - readfile(fixPath($path)); -} -?> \ No newline at end of file +if (is_file(fixPath($path))) { + $file = urldecode(basename($path)); + header('Content-Disposition: attachment; filename="' . $file . '"'); + header('Content-Type: application/force-download'); + readfile(fixPath($path)); +} \ No newline at end of file diff --git a/Application/fileman/php/downloaddir.php b/Application/fileman/php/downloaddir.php index 24bb436..e12c8a0 100755 --- a/Application/fileman/php/downloaddir.php +++ b/Application/fileman/php/downloaddir.php @@ -22,7 +22,7 @@ */ include '../system.inc.php'; include 'functions.inc.php'; -@ini_set('memory_limit', -1); +@ini_set('memory_limit', '-1'); verifyAction('DOWNLOADDIR'); checkAccess('DOWNLOADDIR'); @@ -30,26 +30,25 @@ $path = RoxyFile::FixPath(trim($_GET['d'])); verifyPath($path); $path = fixPath($path); -if(!class_exists('ZipArchive')){ - echo ''; -} -else{ - try{ - $filename = basename($path); - $zipFile = $filename.'.zip'; - $zipPath = BASE_PATH.'/tmp/'.$zipFile; - RoxyFile::ZipDir($path, $zipPath); +if (!class_exists('ZipArchive')) { + echo ''; +} else { + try { + $filename = basename($path); + $zipFile = $filename . '.zip'; + $zipPath = BASE_PATH . '/tmp/' . $zipFile; + RoxyFile::ZipDir($path, $zipPath); - header('Content-Disposition: attachment; filename="'.$zipFile.'"'); - header('Content-Type: application/force-download'); - readfile($zipPath); - function deleteTmp($zipPath){ - @unlink($zipPath); + header('Content-Disposition: attachment; filename="' . $zipFile . '"'); + header('Content-Type: application/force-download'); + readfile($zipPath); + function deleteTmp(string $zipPath): void + { + @unlink($zipPath); + } + + register_shutdown_function('deleteTmp', $zipPath); + } catch (Exception $ex) { + echo ''; } - register_shutdown_function('deleteTmp', $zipPath); - } - catch(Exception $ex){ - echo ''; - } -} -?> \ No newline at end of file +} \ No newline at end of file diff --git a/Application/fileman/php/fileslist.php b/Application/fileman/php/fileslist.php index c4713c6..080f559 100755 --- a/Application/fileman/php/fileslist.php +++ b/Application/fileman/php/fileslist.php @@ -26,34 +26,35 @@ include 'functions.inc.php'; verifyAction('FILESLIST'); checkAccess('FILESLIST'); -$path = RoxyFile::FixPath(empty($_POST['d'])? getFilesPath(): $_POST['d']); -$type = (empty($_POST['type'])?'':strtolower($_POST['type'])); -if($type != 'image' && $type != 'flash') - $type = ''; +$path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']); +$type = (empty($_POST['type']) ? '' : strtolower($_POST['type'])); +if ($type != 'image' && $type != 'flash') { + $type = ''; +} verifyPath($path); -$files = listDirectory(fixPath($path), 0); +$files = listDirectory(fixPath($path)); natcasesort($files); $str = ''; echo '['; -foreach ($files as $f){ - $fullPath = $path.'/'.$f; - if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) - continue; - $size = filesize(fixPath($fullPath)); - $time = filemtime(fixPath($fullPath)); - $w = 0; - $h = 0; - if(RoxyFile::IsImage($f)){ - $tmp = @getimagesize(fixPath($fullPath)); - if($tmp){ - $w = $tmp[0]; - $h = $tmp[1]; +foreach ($files as $f) { + $fullPath = $path . '/' . $f; + if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) { + continue; } - } - $str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},'; + $size = filesize(fixPath($fullPath)); + $time = filemtime(fixPath($fullPath)); + $w = 0; + $h = 0; + if (RoxyFile::IsImage($f)) { + $tmp = @getimagesize(fixPath($fullPath)); + if ($tmp) { + $w = $tmp[0]; + $h = $tmp[1]; + } + } + $str .= '{"p":"' . mb_ereg_replace('"', '\\"', $fullPath) . '","s":"' . $size . '","t":"' . $time . '","w":"' . $w . '","h":"' . $h . '"},'; } $str = mb_substr($str, 0, -1); echo $str; -echo ']'; -?> \ No newline at end of file +echo ']'; \ No newline at end of file diff --git a/Application/fileman/php/functions.inc.php b/Application/fileman/php/functions.inc.php index 3cc511b..77d43bf 100755 --- a/Application/fileman/php/functions.inc.php +++ b/Application/fileman/php/functions.inc.php @@ -20,470 +20,586 @@ Contact: Lyubomir Arsov, liubo (at) web-lobby.com */ -include 'security.inc.php'; -function t($key){ - global $LANG; - if(empty($LANG)){ - $file = 'en.json'; - $langPath = '../lang/'; - if(defined('LANG')){ - if(LANG == 'auto'){ - $lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2)); - if(is_file($langPath.$lang.'.json')) - $file = $lang.'.json'; - } - elseif(is_file($langPath.LANG.'.json')) - $file = LANG.'.json'; +include_once 'security.inc.php'; + +function t(string $key): string +{ + global $LANG; + + if (empty($LANG)) { + $file = 'en.json'; + $langPath = '../lang/'; + if (defined('LANG')) { + if (LANG == 'auto') { + $lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2)); + if (is_file($langPath . $lang . '.json')) + $file = $lang . '.json'; + } elseif (is_file($langPath . LANG . '.json')) { + $file = LANG . '.json'; + } + } + $file = $langPath . $file; + $LANG = json_decode((string) file_get_contents($file), true); } - $file = $langPath.$file; - $LANG = json_decode(file_get_contents($file), true); - } - if(!$LANG[$key]) - $LANG[$key] = $key; - return $LANG[$key]; -} -function checkPath($path){ - $ret = false; - if(mb_strpos($path.'/', getFilesPath()) === 0) - $ret = true; + if (!$LANG[$key]) { + $LANG[$key] = $key; + } - return $ret; + return $LANG[$key]; } -function verifyAction($action){ - if(!defined($action) || !constant($action)) - exit; - else{ + +function checkPath(string $path): bool +{ + return mb_strpos($path . '/', getFilesPath()) === 0; +} + +function verifyAction(string $action): void +{ + if (!defined($action) || !constant($action)) { + exit; + } + $confUrl = constant($action); + if (!is_string($confUrl)) { + die('Error parsing configuration'); + } $qStr = mb_strpos($confUrl, '?'); - if($qStr !== false) - $confUrl = mb_substr ($confUrl, 0, $qStr); - $confUrl = BASE_PATH.'/'.$confUrl; + if ($qStr !== false) { + $confUrl = mb_substr($confUrl, 0, $qStr); + } + $confUrl = BASE_PATH . '/' . $confUrl; $confUrl = RoxyFile::FixPath($confUrl); - $thisUrl = dirname(__FILE__).'/'.basename($_SERVER['PHP_SELF']); + $thisUrl = dirname(__FILE__) . '/' . basename($_SERVER['PHP_SELF']); $thisUrl = RoxyFile::FixPath($thisUrl); - if($thisUrl != $confUrl){ - echo "$confUrl $thisUrl"; - exit; + if ($thisUrl != $confUrl) { + echo "$confUrl $thisUrl"; + exit; } - } } -function verifyPath($path){ - if(!checkPath($path)){ - echo getErrorRes("Access to $path is denied").' '.$path; - exit; - } + +function verifyPath(string $path): void +{ + if (!checkPath($path)) { + echo getErrorRes("Access to $path is denied") . ' ' . $path; + exit; + } } -function fixPath($path){ - $path = $_SERVER['DOCUMENT_ROOT'].'/'.$path; - $path = str_replace('\\', '/', $path); - $path = RoxyFile::FixPath($path); - return $path; -} -function gerResultStr($type, $str = ''){ - return '{"res":"'. addslashes($type).'","msg":"'. addslashes($str).'"}'; -} -function getSuccessRes($str = ''){ - return gerResultStr('ok', $str); -} -function getErrorRes($str = ''){ - return gerResultStr('error', $str); -} -function getFilesPath(){ - $ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != ''?$_SESSION[SESSION_PATH_KEY]:FILES_ROOT); - if(!$ret){ - $ret = RoxyFile::FixPath(BASE_PATH.'/Uploads'); - $tmp = $_SERVER['DOCUMENT_ROOT']; - if(mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\') - $tmp = mb_substr($tmp, 0, -1); - $ret = str_replace(RoxyFile::FixPath($tmp), '', $ret); - } - return $ret; -} -function listDirectory($path){ - $ret = @scandir($path); - if($ret === false){ - $ret = array(); - $d = opendir($path); - if($d){ - while(($f = readdir($d)) !== false){ - $ret[] = $f; - } - closedir($d); - } - } - - return $ret; -} -class RoxyFile{ - static public function CheckWritable($dir){ - $ret = false; - if(self::CreatePath($dir)){ - $dir = self::FixPath($dir.'/'); - $testFile = 'writetest.txt'; - $f = @fopen($dir.$testFile, 'w', false); - if($f){ - fclose($f); - $ret = true; - @unlink($dir.$testFile); - } - } - return $ret; - } - static function CanUploadFile($filename){ - $ret = false; - $forbidden = array_filter(preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS))); - $allowed = array_filter(preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS))); - $ext = RoxyFile::GetExtension($filename); - - if((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) - $ret = true; - - return $ret; - } - static function ZipAddDir($path, $zip, $zipPath){ - $d = opendir($path); - $zipPath = str_replace('//', '/', $zipPath); - if($zipPath && $zipPath != '/'){ - $zip->addEmptyDir($zipPath); - } - while(($f = readdir($d)) !== false){ - if($f == '.' || $f == '..') - continue; - $filePath = $path.'/'.$f; - if(is_file($filePath)){ - $zip->addFile($filePath, ($zipPath?$zipPath.'/':'').$f); - } - elseif(is_dir($filePath)){ - self::ZipAddDir($filePath, $zip, ($zipPath?$zipPath.'/':'').$f); - } - } - closedir($d); - } - static function ZipDir($path, $zipFile, $zipPath = ''){ - $zip = new ZipArchive(); - $zip->open($zipFile, ZIPARCHIVE::CREATE); - self::ZipAddDir($path, $zip, $zipPath); - $zip->close(); - } - static function IsImage($fileName){ - $ret = false; - $ext = strtolower(self::GetExtension($fileName)); - if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'jpe' || $ext == 'png' || $ext == 'gif' || $ext == 'ico') - $ret = true; - return $ret; - } - static function IsFlash($fileName){ - $ret = false; - $ext = strtolower(self::GetExtension($fileName)); - if($ext == 'swf' || $ext == 'flv' || $ext == 'swc' || $ext == 'swt') - $ret = true; - return $ret; - } - /** - * Returns human formated file size - * - * @param int $filesize - * @return string - */ - static function FormatFileSize($filesize){ - $ret = ''; - $unit = 'B'; - if($filesize > 1024){ - $unit = 'KB'; - $filesize = $filesize / 1024; - } - if($filesize > 1024){ - $unit = 'MB'; - $filesize = $filesize / 1024; - } - if($filesize > 1024){ - $unit = 'GB'; - $filesize = $filesize / 1024; - } - - $ret = round($filesize, 2).' '.$unit; - return $ret; - } - /** - * Returns MIME type of $filename - * - * @param string $filename - * @return string - */ - static function GetMIMEType($filename){ - $type = 'application/octet-stream'; - $ext = self::GetExtension($filename); - - switch(strtolower($ext)){ - case 'jpg': $type = 'image/jpeg';break; - case 'jpeg': $type = 'image/jpeg';break; - case 'gif': $type = 'image/gif';break; - case 'png': $type = 'image/png';break; - case 'bmp': $type = 'image/bmp';break; - case 'tiff': $type = 'image/tiff';break; - case 'tif': $type = 'image/tiff';break; - case 'pdf': $type = 'application/pdf';break; - case 'rtf': $type = 'application/msword';break; - case 'doc': $type = 'application/msword';break; - case 'xls': $type = 'application/vnd.ms-excel'; break; - case 'zip': $type = 'application/zip'; break; - case 'swf': $type = 'application/x-shockwave-flash'; break; - default: $type = 'application/octet-stream'; - } - - return $type; - } - - /** - * Replaces any character that is not letter, digit or underscore from $filename with $sep - * - * @param string $filename - * @param string $sep - * @return string - */ - static function CleanupFilename($filename, $sep = '_'){ - $str = ''; - if(strpos($filename,'.')){ - $ext = self::GetExtension($filename) ; - $name = self::GetName($filename); - } - else{ - $ext = ''; - $name = $filename; - } - if(mb_strlen($name) > 32) - $name = mb_substr($name, 0, 32); - $str = str_replace('.php', '', $str); - $str = mb_ereg_replace("[^\\w]", $sep, $name); - - $str = mb_ereg_replace("$sep+", $sep, $str).($ext?'.'.$ext:''); - - return $str; - } - - /** - * Returns file extension without dot - * - * @param string $filename - * @return string - */ - static function GetExtension($filename) { - $ext = ''; - - if(mb_strrpos($filename, '.') !== false) - $ext = mb_substr($filename, mb_strrpos($filename, '.') + 1); - - return strtolower($ext); - } - - /** - * Returns file name without extension - * - * @param string $filename - * @return string - */ - static function GetName($filename) { - $name = ''; - $tmp = mb_strpos($filename, '?'); - if($tmp !== false) - $filename = mb_substr ($filename, 0, $tmp); - $dotPos = mb_strrpos($filename, '.'); - if($dotPos !== false) - $name = mb_substr($filename, 0, $dotPos); - else - $name = $filename; - - return $name; - } - static function GetFullName($filename) { - $tmp = mb_strpos($filename, '?'); - if($tmp !== false) - $filename = mb_substr ($filename, 0, $tmp); - $filename = basename($filename); - - return $filename; - } - static public function FixPath($path){ - $path = mb_ereg_replace('[\\\/]+', '/', $path); - $path = mb_ereg_replace('\.\.\/', '', $path); - +function fixPath(string $path): string +{ + $path = $_SERVER['DOCUMENT_ROOT'] . '/' . $path; + $path = str_replace('\\', '/', $path); + $path = RoxyFile::FixPath($path); return $path; - } - /** - * creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir - * - * @param string $dir - * @param string $filename - * @return string - */ - static function MakeUniqueFilename($dir, $filename){ - $temp = ''; - $dir .= '/'; - $dir = self::FixPath($dir.'/'); - $ext = self::GetExtension($filename); - $name = self::GetName($filename); - $name = self::CleanupFilename($name); - $name = mb_ereg_replace(' \\- Copy \\d+$', '', $name); - if($ext) - $ext = '.'.$ext; - if(!$name) - $name = 'file'; - - $i = 0; - do{ - $temp = ($i > 0? $name." - Copy $i": $name).$ext; - $i++; - }while(file_exists($dir.$temp)); - - return $temp; - } - /** - * creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir - * - * @param string $dir - * @param string $name - * @return string - */ - static function MakeUniqueDirname($dir, $name){ - $temp = ''; - $dir = self::FixPath($dir.'/'); - $name = mb_ereg_replace(' - Copy \\d+$', '', $name); - if(!$name) - $name = 'directory'; - - $i = 0; - do{ - $temp = ($i? $name." - Copy $i": $name); - $i++; - }while(is_dir($dir.$temp)); - - return $temp; - } } -class RoxyImage{ - public static function GetImage($path){ - $img = null; - $ext = RoxyFile::GetExtension(basename($path)); - switch($ext){ - case 'png': - $img = imagecreatefrompng($path); - break; - case 'gif': - $img = imagecreatefromgif($path); - break; - default: - $img = imagecreatefromjpeg($path); - } - - - - return $img; - } - public static function OutputImage($img, $type, $destination = '', $quality = 90){ - if(is_string($img)) - $img = self::GetImage ($img); - switch(strtolower($type)){ - case 'png': - imagepng($img, $destination); - break; - case 'gif': - imagegif($img, $destination); - break; - default: - imagejpeg($img, $destination, $quality); - } - } - - public static function SetAlpha($img, $path) { - $ext = RoxyFile::GetExtension(basename($path)); - if($ext == "gif" || $ext == "png"){ - imagecolortransparent($img, imagecolorallocatealpha($img, 0, 0, 0, 127)); - imagealphablending($img, false); - imagesavealpha($img, true); - } - - return $img; - } - - public static function Resize($source, $destination, $width = '150',$height = 0, $quality = 90) { - $tmp = getimagesize($source); - $w = $tmp[0]; - $h = $tmp[1]; - $r = $w / $h; - if($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))){ - if($source != $destination) - self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality); - return; - } - - $newWidth = $width; - $newHeight = floor($newWidth / $r); - if(($height > 0 && $newHeight > $height) || !$width){ - $newHeight = $height; - $newWidth = intval($newHeight * $r); - } - - $thumbImg = imagecreatetruecolor($newWidth, $newHeight); - $img = self::GetImage($source); - - $thumbImg = self::SetAlpha($thumbImg, $source); - - imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, $newWidth, $newHeight, $w, $h); - - self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); - } - public static function CropCenter($source, $destination, $width, $height, $quality = 90) { - $tmp = getimagesize($source); - $w = $tmp[0]; - $h = $tmp[1]; - if(($w <= $width) && (!$height || ($h <= $height))){ - self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality); - } - $ratio = $width / $height; - $top = $left = 0; - - $cropWidth = floor($h * $ratio); - $cropHeight = floor($cropWidth / $ratio); - if($cropWidth > $w){ - $cropWidth = $w; - $cropHeight = $w / $ratio; - } - if($cropHeight > $h){ - $cropHeight = $h; - $cropWidth = $h * $ratio; - } - - if($cropWidth < $w){ - $left = floor(($w - $cropWidth) / 2); - } - if($cropHeight < $h){ - $top = floor(($h- $cropHeight) / 2); - } - - self::Crop($source, $destination, $left, $top, $cropWidth, $cropHeight, $width, $height, $quality); - } - public static function Crop($source, $destination, $x, $y, $cropWidth, $cropHeight, $width, $height, $quality = 90) { - $thumbImg = imagecreatetruecolor($width, $height); - $img = self::GetImage($source); - - $thumbImg = self::SetAlpha($thumbImg, $source); - - imagecopyresampled($thumbImg, $img, 0, 0, $x, $y, $width, $height, $cropWidth, $cropHeight); - - self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); - } +function getResultStr(string $type, string $str = ''): string +{ + return '{"res":"' . addslashes($type) . '","msg":"' . addslashes($str) . '"}'; } -$tmp = json_decode(file_get_contents(BASE_PATH.'/conf.json'), true); -if($tmp){ - foreach ($tmp as $k=>$v) - define($k, $v); + +function getSuccessRes(string $str = ''): string +{ + return getResultStr('ok', $str); } -else - die('Error parsing configuration'); + +function getErrorRes(string $str = ''): string +{ + return getResultStr('error', $str); +} + +function getFilesPath(): string +{ + $ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != '' ? $_SESSION[SESSION_PATH_KEY] : FILES_ROOT); + + if (!$ret) { + $ret = RoxyFile::FixPath(BASE_PATH . '/Uploads'); + $tmp = $_SERVER['DOCUMENT_ROOT']; + if (mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\') + $tmp = mb_substr($tmp, 0, -1); + $ret = str_replace(RoxyFile::FixPath($tmp), '', $ret); + } + return $ret; +} + +/** + * @param string $path + * @return string[] + */ +function listDirectory(string $path): array +{ + $ret = @scandir($path); + if ($ret === false) { + $ret = []; + $d = opendir($path); + if ($d) { + while (($f = readdir($d)) !== false) { + $ret[] = $f; + } + closedir($d); + } + } + + return $ret; +} + +class RoxyFile +{ + static public function CheckWritable(string $dir): bool + { + $ret = false; + if (self::CreatePath($dir)) { + $dir = self::FixPath($dir . '/'); + $testFile = 'writetest.txt'; + $f = @fopen($dir . $testFile, 'w', false); + if ($f) { + fclose($f); + $ret = true; + @unlink($dir . $testFile); + } + } + + return $ret; + } + + /** + * @param $path + * @return bool + */ + static public function CreatePath(string $path): bool + { + if (is_dir($path)) + return true; + $prev_path = substr($path, 0, strrpos($path, '/', -2) + 1 ); + $return = self::createPath($prev_path); + return $return && is_writable($prev_path) && mkdir($path); + } + + static function CanUploadFile(string $filename): bool + { + $forbidden = array_filter((array) preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS))); + $allowed = array_filter((array) preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS))); + $ext = RoxyFile::GetExtension($filename); + + if ((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) { + return true; + } + + return false; + } + + static public function ZipAddDir(string $path, ZipArchive $zip, string $zipPath): void + { + $d = opendir($path); + $zipPath = str_replace('//', '/', $zipPath); + if ($zipPath && $zipPath != '/') { + $zip->addEmptyDir($zipPath); + } + if (is_resource($d)) { + while (($f = readdir($d)) !== false) { + if ($f == '.' || $f == '..') + continue; + $filePath = $path . '/' . $f; + if (is_file($filePath)) { + $zip->addFile($filePath, ($zipPath ? $zipPath . '/' : '') . $f); + } elseif (is_dir($filePath)) { + self::ZipAddDir($filePath, $zip, ($zipPath ? $zipPath . '/' : '') . $f); + } + } + } + if (is_resource($d)) { + closedir($d); + } + } + + static public function ZipDir(string $path, string $zipFile, string $zipPath = ''): void + { + $zip = new ZipArchive(); + $zip->open($zipFile, ZIPARCHIVE::CREATE); + self::ZipAddDir($path, $zip, $zipPath); + $zip->close(); + } + + static public function IsImage(string $fileName): bool + { + $ext = strtolower(self::GetExtension($fileName)); + + $imageExtensions = ['jpg', 'jpeg', 'jpe', 'png', 'gif', 'ico', 'webp']; + + return in_array($ext, $imageExtensions); + } + + static public function IsFlash(string $fileName): bool + { + $ext = strtolower(self::GetExtension($fileName)); + + $flashExtensions = ['swf', 'flv', 'swc', 'swt']; + + return in_array($ext, $flashExtensions); + } + + /** + * Returns human formated file size + * + * @param int $filesize + * @return string + */ + static public function FormatFileSize(int $filesize): string + { + $unit = 'B'; + if ($filesize > 1024) { + $unit = 'KB'; + $filesize = $filesize / 1024; + } + if ($filesize > 1024) { + $unit = 'MB'; + $filesize = $filesize / 1024; + } + if ($filesize > 1024) { + $unit = 'GB'; + $filesize = $filesize / 1024; + } + + $ret = round($filesize, 2) . ' ' . $unit; + return $ret; + } + + /** + * Returns MIME type of $filename + * + * @param string $filename + * @return string + */ + static public function GetMIMEType(string $filename): string + { + $ext = self::GetExtension($filename); + + switch (strtolower($ext)) { + case 'jpg': + case 'jpeg': + return 'image/jpeg'; + case 'gif': + return 'image/gif'; + case 'png': + return 'image/png'; + case 'bmp': + return 'image/bmp'; + case 'webp': + return 'image/webp'; + case 'tiff': + case 'tif': + return 'image/tiff'; + case 'pdf': + return 'application/pdf'; + case 'rtf': + case 'doc': + return 'application/msword'; + case 'xls': + return 'application/vnd.ms-excel'; + case 'zip': + return 'application/zip'; + case 'swf': + return 'application/x-shockwave-flash'; + default: + return 'application/octet-stream'; + } + } + + /** + * Replaces any character that is not letter, digit or underscore from $filename with $sep + * + * @param string $filename + * @param string $sep + * @return string + */ + static public function CleanupFilename(string $filename, string $sep = '_'): string + { + $str = ''; + if (strpos($filename, '.')) { + $ext = self::GetExtension($filename); + $name = self::GetName($filename); + } else { + $ext = ''; + $name = $filename; + } + if (mb_strlen($name) > 32) { + $name = mb_substr($name, 0, 32); + } + $str = str_replace('.php', '', $str); + $str = (string) mb_ereg_replace("[^\\w]", $sep, $name); + + $str = (string) mb_ereg_replace("$sep+", $sep, $str) . ($ext ? '.' . $ext : ''); + + return $str; + } + + /** + * Returns file extension without dot + * + * @param string $filename + * @return string + */ + static public function GetExtension(string $filename): string + { + $ext = ''; + + if (mb_strrpos($filename, '.') !== false) { + $ext = mb_substr($filename, mb_strrpos($filename, '.') + 1); + } + + return strtolower($ext); + } + + /** + * Returns file name without extension + * + * @param string $filename + * @return string + */ + static public function GetName(string $filename): string + { + $tmp = mb_strpos($filename, '?'); + if ($tmp !== false) { + $filename = mb_substr($filename, 0, $tmp); + } + $dotPos = mb_strrpos($filename, '.'); + if ($dotPos !== false) { + $name = mb_substr($filename, 0, $dotPos); + } else { + $name = $filename; + } + + return $name; + } + + static public function GetFullName(string $filename): string + { + $tmp = mb_strpos($filename, '?'); + if ($tmp !== false) { + $filename = mb_substr($filename, 0, $tmp); + } + return basename($filename); + } + + static public function FixPath(string $path): string + { + $path = (string) mb_ereg_replace('[\\\/]+', '/', $path); + $path = (string) mb_ereg_replace('\.\.\/', '', $path); + + return $path; + } + + /** + * creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir + * + * @param string $dir + * @param string $filename + * @return string + */ + static public function MakeUniqueFilename(string $dir, string $filename): string + { + ; + $dir .= '/'; + $dir = self::FixPath($dir . '/'); + $ext = self::GetExtension($filename); + $name = self::GetName($filename); + $name = self::CleanupFilename($name); + $name = mb_ereg_replace(' \\- Copy \\d+$', '', $name); + if ($ext) { + $ext = '.' . $ext; + } + if (!$name) { + $name = 'file'; + } + + $i = 0; + do { + $temp = ($i > 0 ? $name . " - Copy $i" : $name) . $ext; + $i++; + } while (file_exists($dir . $temp)); + + return $temp; + } + + /** + * creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir + * + * @param string $dir + * @param string $name + * @return string + */ + static public function MakeUniqueDirname(string $dir, string $name): string + { + $dir = self::FixPath($dir . '/'); + $name = mb_ereg_replace(' - Copy \\d+$', '', $name); + if (!$name) { + $name = 'directory'; + } + + $i = 0; + do { + $temp = ($i ? $name . " - Copy $i" : $name); + $i++; + } while (is_dir($dir . $temp)); + + return $temp; + } +} +class RoxyImage +{ + public static function GetImage(string $path) + { + $ext = RoxyFile::GetExtension(basename($path)); + switch ($ext) { + case 'png': + return imagecreatefrompng($path); + case 'gif': + return imagecreatefromgif($path); + default: + return imagecreatefromjpeg($path); + } + } + + public static function OutputImage($img, string $type, ?string $destination = '', int $quality = 90) + { + if(is_string($img)) { + $img = self::GetImage($img); + } + + switch(strtolower($type)){ + case 'png': + imagepng($img, $destination); + break; + case 'gif': + imagegif($img, $destination); + break; + default: + imagejpeg($img, $destination, $quality); + } + } + + public static function SetAlpha($img, string $path) + { + $ext = RoxyFile::GetExtension(basename($path)); + if ($ext == "gif" || $ext == "png") { + imagecolortransparent($img, (int) imagecolorallocatealpha($img, 0, 0, 0, 127)); + imagealphablending($img, false); + imagesavealpha($img, true); + } + + return $img; + } + + public static function Resize( + string $source, + ?string $destination, + int $width = 150, + int $height = 0, + int $quality = 90 + ): void + { + $tmp = (array) getimagesize($source); + $w = $tmp[0]; + $h = $tmp[1]; + $r = $w / $h; + + if ($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))) { + if ($source != $destination) { + self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality); + } + return; + } + + $newWidth = $width; + $newHeight = floor($newWidth / $r); + if (($height > 0 && $newHeight > $height) || !$width) { + $newHeight = $height; + $newWidth = intval($newHeight * $r); + } + + $thumbImg = imagecreatetruecolor((int) $newWidth, (int) $newHeight); + $img = self::GetImage($source); + + $thumbImg = self::SetAlpha($thumbImg, $source); + + imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, (int) $newWidth, (int) $newHeight, $w, $h); + + self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); + } + + public static function CropCenter( + string $source, + ?string $destination, + int $width, + int $height, + int $quality = 90 + ): void + { + $tmp = (array) getimagesize($source); + $w = $tmp[0]; + $h = $tmp[1]; + if (($w <= $width) && (!$height || ($h <= $height))) { + self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality); + } + $ratio = $width / $height; + $top = $left = 0; + + $cropWidth = floor($h * $ratio); + $cropHeight = floor($cropWidth / $ratio); + if ($cropWidth > $w) { + $cropWidth = $w; + $cropHeight = $w / $ratio; + } + if ($cropHeight > $h) { + $cropHeight = $h; + $cropWidth = $h * $ratio; + } + + if ($cropWidth < $w) { + $left = floor(($w - $cropWidth) / 2); + } + if ($cropHeight < $h) { + $top = floor(($h - $cropHeight) / 2); + } + + self::Crop($source, $destination, (int) $left, (int) $top, $cropWidth, $cropHeight, $width, $height, $quality); + } + + public static function Crop( + string $source, + ?string $destination, + int $x, + int $y, + int $cropWidth, + int $cropHeight, + int $width, + int $height, + int $quality = 90 + ): void + { + $thumbImg = imagecreatetruecolor($width, $height); + $img = self::GetImage($source); + + $thumbImg = self::SetAlpha($thumbImg, $source); + + imagecopyresampled($thumbImg, $img, 0, 0, $x, $y, $width, $height, $cropWidth, $cropHeight); + + self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); + } +} + +$tmp = json_decode((string) file_get_contents(BASE_PATH . '/conf.json'), true); + +if (!$tmp || !is_array($tmp)) { + die('Error parsing configuration'); +} + +foreach ($tmp as $k => $v) { + define((string) $k, $v); +} + $FilesRoot = fixPath(getFilesPath()); -if(!is_dir($FilesRoot)) - @mkdir($FilesRoot, octdec(DIRPERMISSIONS)); -?> \ No newline at end of file +if (!is_dir($FilesRoot)) { + @mkdir($FilesRoot, (int) octdec(DIRPERMISSIONS)); +} \ No newline at end of file diff --git a/Application/fileman/php/movedir.php b/Application/fileman/php/movedir.php index 55185c6..7902cd6 100755 --- a/Application/fileman/php/movedir.php +++ b/Application/fileman/php/movedir.php @@ -26,21 +26,21 @@ include 'functions.inc.php'; verifyAction('MOVEDIR'); checkAccess('MOVEDIR'); -$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); -$newPath = RoxyFile::FixPath(trim(empty($_GET['n'])?'':$_GET['n'])); +$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d'])); +$newPath = RoxyFile::FixPath(trim(empty($_GET['n']) ? '' : $_GET['n'])); verifyPath($path); verifyPath($newPath); -if(is_dir(fixPath($path))){ - if(mb_strpos($newPath, $path) === 0) - echo getErrorRes(t('E_CannotMoveDirToChild')); - elseif(file_exists(fixPath($newPath).'/'.basename($path))) - echo getErrorRes(t('E_DirAlreadyExists')); - elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_MoveDir').' '.basename($path)); -} -else - echo getErrorRes(t('E_MoveDirInvalisPath')); -?> \ No newline at end of file +if (is_dir(fixPath($path))) { + if (mb_strpos($newPath, $path) === 0) { + echo getErrorRes(t('E_CannotMoveDirToChild')); + } elseif (file_exists(fixPath($newPath) . '/' . basename($path))) { + echo getErrorRes(t('E_DirAlreadyExists')); + } elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_MoveDir') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_MoveDirInvalisPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/movefile.php b/Application/fileman/php/movefile.php index bd661b2..2a61ad2 100755 --- a/Application/fileman/php/movefile.php +++ b/Application/fileman/php/movefile.php @@ -26,25 +26,24 @@ include 'functions.inc.php'; verifyAction('MOVEFILE'); checkAccess('MOVEFILE'); -$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); -$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); -if(!$newPath) - $newPath = getFilesPath(); +$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f'])); +$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); +if (!$newPath) { + $newPath = getFilesPath(); +} verifyPath($path); verifyPath($newPath); -if(!RoxyFile::CanUploadFile(basename($newPath))) { - echo getErrorRes(t('E_FileExtensionForbidden')); -} -elseif(is_file(fixPath($path))){ - if(file_exists(fixPath($newPath))) - echo getErrorRes(t('E_MoveFileAlreadyExists').' '.basename($newPath)); - elseif(rename(fixPath($path), fixPath($newPath))) - echo getSuccessRes(); - else - echo getErrorRes(t('E_MoveFile').' '.basename($path)); -} -else { - echo getErrorRes(t('E_MoveFileInvalisPath')); -} -?> \ No newline at end of file +if (!RoxyFile::CanUploadFile(basename($newPath))) { + echo getErrorRes(t('E_FileExtensionForbidden')); +} elseif (is_file(fixPath($path))) { + if (file_exists(fixPath($newPath))) { + echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath)); + } elseif (rename(fixPath($path), fixPath($newPath))) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_MoveFile') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_MoveFileInvalisPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/renamedir.php b/Application/fileman/php/renamedir.php index f490aff..3146877 100755 --- a/Application/fileman/php/renamedir.php +++ b/Application/fileman/php/renamedir.php @@ -26,18 +26,18 @@ include 'functions.inc.php'; verifyAction('RENAMEDIR'); checkAccess('RENAMEDIR'); -$path = RoxyFile::FixPath(trim(empty($_POST['d'])? '': $_POST['d'])); -$name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n'])); +$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d'])); +$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); verifyPath($path); -if(is_dir(fixPath($path))){ - if(fixPath($path.'/') == fixPath(getFilesPath().'/')) - echo getErrorRes(t('E_CannotRenameRoot')); - elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) - echo getSuccessRes(); - else - echo getErrorRes(t('E_RenameDir').' '.basename($path)); -} -else - echo getErrorRes(t('E_RenameDirInvalidPath')); -?> \ No newline at end of file +if (is_dir(fixPath($path))) { + if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) { + echo getErrorRes(t('E_CannotRenameRoot')); + } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_RenameDir') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_RenameDirInvalidPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/renamefile.php b/Application/fileman/php/renamefile.php index fdb3b43..8137b9e 100755 --- a/Application/fileman/php/renamefile.php +++ b/Application/fileman/php/renamefile.php @@ -26,18 +26,18 @@ include 'functions.inc.php'; verifyAction('RENAMEFILE'); checkAccess('RENAMEFILE'); -$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); -$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); +$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f'])); +$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n'])); verifyPath($path); -if(is_file(fixPath($path))){ - if(!RoxyFile::CanUploadFile($name)) - echo getErrorRes(t('E_FileExtensionForbidden').' ".'.RoxyFile::GetExtension($name).'"'); - elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) - echo getSuccessRes(); - else - echo getErrorRes(t('E_RenameFile').' '.basename($path)); -} -else - echo getErrorRes(t('E_RenameFileInvalidPath')); -?> \ No newline at end of file +if (is_file(fixPath($path))) { + if (!RoxyFile::CanUploadFile($name)) { + echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"'); + } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) { + echo getSuccessRes(); + } else { + echo getErrorRes(t('E_RenameFile') . ' ' . basename($path)); + } +} else { + echo getErrorRes(t('E_RenameFileInvalidPath')); +} \ No newline at end of file diff --git a/Application/fileman/php/security.inc.php b/Application/fileman/php/security.inc.php index 300aa6d..ccd736f 100755 --- a/Application/fileman/php/security.inc.php +++ b/Application/fileman/php/security.inc.php @@ -20,7 +20,8 @@ Contact: Lyubomir Arsov, liubo (at) web-lobby.com */ -function checkAccess($action) { +function checkAccess(string $action): void +{ + unset($action); if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.'); -} -?> \ No newline at end of file +} \ No newline at end of file diff --git a/Application/fileman/php/thumb.php b/Application/fileman/php/thumb.php index 0304ca0..66099ab 100755 --- a/Application/fileman/php/thumb.php +++ b/Application/fileman/php/thumb.php @@ -29,18 +29,17 @@ header("Cache-Control: max-age=3600"); verifyAction('GENERATETHUMB'); checkAccess('GENERATETHUMB'); -$path = RoxyFile::FixPath(urldecode(empty($_GET['f'])?'':$_GET['f'])); +$path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f'])); verifyPath($path); -@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS)); -@chmod(fixPath($path), octdec(FILEPERMISSIONS)); +@chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS)); +@chmod(fixPath($path), (int) octdec(FILEPERMISSIONS)); -$w = intval(empty($_GET['width'])?'100':$_GET['width']); -$h = intval(empty($_GET['height'])?'0':$_GET['height']); +$w = intval(empty($_GET['width']) ? '100' : $_GET['width']); +$h = intval(empty($_GET['height']) ? '0' : $_GET['height']); header('Content-type: '.RoxyFile::GetMIMEType(basename($path))); if($w && $h) - RoxyImage::CropCenter(fixPath($path), null, $w, $h); -else - RoxyImage::Resize(fixPath($path), null, $w, $h); -?> \ No newline at end of file + RoxyImage::CropCenter(fixPath($path), null, $w, $h); +else + RoxyImage::Resize(fixPath($path), null, $w, $h); \ No newline at end of file diff --git a/Application/fileman/php/upload.php b/Application/fileman/php/upload.php index f34fe04..acd43ef 100755 --- a/Application/fileman/php/upload.php +++ b/Application/fileman/php/upload.php @@ -26,58 +26,57 @@ include 'functions.inc.php'; verifyAction('UPLOAD'); checkAccess('UPLOAD'); - $isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax'); -$path = RoxyFile::FixPath(trim(empty($_POST['d'])?getFilesPath():$_POST['d'])); +$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d'])); verifyPath($path); $res = ''; -if(is_dir(fixPath($path))){ - if(!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])){ - $errors = $errorsExt = array(); - foreach($_FILES['files']['tmp_name'] as $k=>$v){ - $filename = $_FILES['files']['name'][$k]; - $filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename); - $filePath = fixPath($path).'/'.$filename; - $isUploaded = true; - if(!RoxyFile::CanUploadFile($filename)){ - $errorsExt[] = $filename; - $isUploaded = false; - } - elseif(!move_uploaded_file($v, $filePath)){ - $errors[] = $filename; - $isUploaded = false; - } - if(is_file($filePath)){ - @chmod ($filePath, octdec(FILEPERMISSIONS)); - } - if($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)){ - RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT)); - } - } - if($errors && $errorsExt) - $res = getSuccessRes(t('E_UploadNotAll').' '.t('E_FileExtensionForbidden')); - elseif($errorsExt) - $res = getSuccessRes(t('E_FileExtensionForbidden')); - elseif($errors) - $res = getSuccessRes(t('E_UploadNotAll')); - else - $res = getSuccessRes(); - } - else - $res = getErrorRes(t('E_UploadNoFiles')); -} -else - $res = getErrorRes(t('E_UploadInvalidPath')); +$errors = $errorsExt = array(); -if($isAjax){ - if($errors || $errorsExt) - $res = getErrorRes(t('E_UploadNotAll')); - echo $res; +if (is_dir(fixPath($path))) { + if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) { + foreach ($_FILES['files']['tmp_name'] as $k => $v) { + $filename = $_FILES['files']['name'][$k]; + $filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename); + $filePath = fixPath($path) . '/' . $filename; + $isUploaded = true; + if (!RoxyFile::CanUploadFile($filename)) { + $errorsExt[] = $filename; + $isUploaded = false; + } elseif (!move_uploaded_file($v, $filePath)) { + $errors[] = $filename; + $isUploaded = false; + } + if (is_file($filePath)) { + @chmod($filePath, (int) octdec(FILEPERMISSIONS)); + } + if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) { + RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT)); + } + } + if ($errors && $errorsExt) { + $res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden')); + } elseif ($errorsExt) { + $res = getSuccessRes(t('E_FileExtensionForbidden')); + } elseif ($errors) { + $res = getSuccessRes(t('E_UploadNotAll')); + } else { + $res = getSuccessRes(); + } + } else { + $res = getErrorRes(t('E_UploadNoFiles')); + } +} else { + $res = getErrorRes(t('E_UploadInvalidPath')); } -else{ - echo ' + +if ($isAjax) { + if ($errors || $errorsExt) { + $res = getErrorRes(t('E_UploadNotAll')); + } + echo $res; +} else { + echo ' '; } -?> diff --git a/phpstan.neon b/phpstan.neon index 9e92148..0d551d8 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -4,7 +4,20 @@ parameters: - ../../o3-shop/shop-ce/source/oxfunctions.php paths: - Application - excludePaths: - - Application/fileman level: 9 - phpVersion: 70400 \ No newline at end of file + phpVersion: 70400 + ignoreErrors: + - '#Constant FILES_ROOT not found.#' + - '#Constant SESSION_PATH_KEY not found.#' + - '#Constant FORBIDDEN_UPLOADS not found.#' + - '#Constant ALLOWED_UPLOADS not found.#' + - '#Constant BASE_PATH not found.#' + - '#Constant DIRPERMISSIONS not found.#' + - '#Constant FILEPERMISSIONS not found.#' + - '#Constant MAX_IMAGE_HEIGHT not found.#' + - '#Constant MAX_IMAGE_WIDTH not found.#' + - '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#' + - '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#' + - '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#' + - '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#' + - '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#' \ No newline at end of file