D3Public/tinymce-editor
8
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

refactor fileman

Browse Source
This commit is contained in:
O3-Shop 2023-04-10 22:25:46 +02:00
parent 192a9aa52d
commit 24c4264d87
18 changed files with 873 additions and 730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Application/fileman/php/copydir.php
View File

@ -26,32 +26,35 @@ include 'functions.inc.php';
verifyAction('COPYDIR'); verifyAction('COPYDIR');
checkAccess('COPYDIR'); checkAccess('COPYDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
function copyDir($path, $newPath){ function copyDir(string $path, string $newPath): void
{
$items = listDirectory($path); $items = listDirectory($path);
if(!is_dir($newPath)) if (!is_dir($newPath)) {
mkdir ($newPath, octdec(DIRPERMISSIONS)); mkdir($newPath, (int) octdec(DIRPERMISSIONS));
foreach ($items as $item){ }
if($item == '.' || $item == '..')
foreach ($items as $item) {
if ($item == '.' || $item == '..') {
continue; continue;
$oldPath = RoxyFile::FixPath($path.'/'.$item); }
$tmpNewPath = RoxyFile::FixPath($newPath.'/'.$item); $oldPath = RoxyFile::FixPath($path . '/' . $item);
if(is_file($oldPath)) $tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item);
if (is_file($oldPath)) {
copy($oldPath, $tmpNewPath); copy($oldPath, $tmpNewPath);
elseif(is_dir($oldPath)){ } elseif (is_dir($oldPath)) {
copyDir($oldPath, $tmpNewPath); copyDir($oldPath, $tmpNewPath);
} }
} }
} }
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
copyDir(fixPath($path.'/'), fixPath($newPath.'/'.basename($path))); copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path)));
echo getSuccessRes(); echo getSuccessRes();
} } else {
else
echo getErrorRes(t('E_CopyDirInvalidPath')); echo getErrorRes(t('E_CopyDirInvalidPath'));
?> }

21
Application/fileman/php/copyfile.php
View File

@ -26,21 +26,22 @@ include 'functions.inc.php';
verifyAction('COPYFILE'); verifyAction('COPYFILE');
checkAccess('COPYFILE'); checkAccess('COPYFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath) if (!$newPath) {
$newPath = getFilesPath(); $newPath = getFilesPath();
}
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
$newPath = $newPath.'/'.RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path)); $newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if(copy(fixPath($path), fixPath($newPath))) if (copy(fixPath($path), fixPath($newPath))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CopyFile')); echo getErrorRes(t('E_CopyFile'));
} }
else } else {
echo getErrorRes(t('E_CopyFileInvalisPath')); echo getErrorRes(t('E_CopyFileInvalisPath'));
?> }

18
Application/fileman/php/createdir.php
View File

@ -26,16 +26,16 @@ include 'functions.inc.php';
verifyAction('CREATEDIR'); verifyAction('CREATEDIR');
checkAccess('CREATEDIR'); checkAccess('CREATEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS))) if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CreateDirFailed').' '.basename($path)); echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_CreateDirInvalidPath')); echo getErrorRes(t('E_CreateDirInvalidPath'));
?> }

20
Application/fileman/php/deletedir.php
View File

@ -26,19 +26,19 @@ include 'functions.inc.php';
verifyAction('DELETEDIR'); verifyAction('DELETEDIR');
checkAccess('DELETEDIR'); checkAccess('DELETEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); $path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/')) if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotDeleteRoot')); echo getErrorRes(t('E_CannotDeleteRoot'));
elseif(count(glob(fixPath($path)."/*"))) } elseif (count((array) glob(fixPath($path) . "/*"))) {
echo getErrorRes(t('E_DeleteNonEmpty')); echo getErrorRes(t('E_DeleteNonEmpty'));
elseif(rmdir(fixPath($path))) } elseif (rmdir(fixPath($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CannotDeleteDir').' '.basename($path)); echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path);
} }
else
echo getErrorRes(t('E_DeleteDirInvalidPath').' '.$path);
?>

14
Application/fileman/php/deletefile.php
View File

@ -29,12 +29,12 @@ checkAccess('DELETEFILE');
$path = RoxyFile::FixPath(trim($_POST['f'])); $path = RoxyFile::FixPath(trim($_POST['f']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
if(unlink(fixPath($path))) if (unlink(fixPath($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_DeletеFile').' '.basename($path)); echo getErrorRes(t('E_DeletеFile') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_DeleteFileInvalidPath')); echo getErrorRes(t('E_DeleteFileInvalidPath'));
?> }

47
Application/fileman/php/dirtree.php
View File

@ -26,47 +26,60 @@ include 'functions.inc.php';
verifyAction('DIRLIST'); verifyAction('DIRLIST');
checkAccess('DIRLIST'); checkAccess('DIRLIST');
function getFilesNumber($path, $type){ /**
* @param string $path
* @param string $type
* @return int[]
*/
function getFilesNumber(string $path, string $type): array
{
$files = 0; $files = 0;
$dirs = 0; $dirs = 0;
$tmp = listDirectory($path); $tmp = listDirectory($path);
foreach ($tmp as $ff){ foreach ($tmp as $ff) {
if($ff == '.' || $ff == '..') if ($ff == '.' || $ff == '..') {
continue; continue;
elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))) } elseif (
is_file($path . '/' . $ff) &&
($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))
) {
$files++; $files++;
elseif(is_dir($path.'/'.$ff)) } elseif (is_dir($path . '/' . $ff)) {
$dirs++; $dirs++;
} }
}
return array('files'=>$files, 'dirs'=>$dirs); return array('files' => $files, 'dirs' => $dirs);
} }
function GetDirs($path, $type){
function GetDirs(string $path, string $type): void
{
$ret = $sort = array(); $ret = $sort = array();
$files = listDirectory(fixPath($path), 0); $files = listDirectory(fixPath($path));
foreach ($files as $f){ foreach ($files as $f) {
$fullPath = $path.'/'.$f; $fullPath = $path . '/' . $f;
if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') {
continue; continue;
}
$tmp = getFilesNumber(fixPath($fullPath), $type); $tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path'=>$fullPath,'files'=>$tmp['files'],'dirs'=>$tmp['dirs']); $ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']);
$sort[$fullPath] = $f; $sort[$fullPath] = $f;
} }
natcasesort($sort); natcasesort($sort);
foreach ($sort as $k => $v) { foreach ($sort as $k => $v) {
$tmp = $ret[$k]; $tmp = $ret[$k];
echo ',{"p":"'.mb_ereg_replace('"', '\\"', $tmp['path']).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}'; echo ',{"p":"' . mb_ereg_replace('"', '\\"', $tmp['path']) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs($tmp['path'], $type); GetDirs($tmp['path'], $type);
} }
} }
$type = (empty($_GET['type'])?'':strtolower($_GET['type'])); $type = (empty($_GET['type']) ? '' : strtolower($_GET['type']));
if($type != 'image' && $type != 'flash') if ($type != 'image' && $type != 'flash') {
$type = ''; $type = '';
}
echo "[\n"; echo "[\n";
$tmp = getFilesNumber(fixPath(getFilesPath()), $type); $tmp = getFilesNumber(fixPath(getFilesPath()), $type);
echo '{"p":"'. mb_ereg_replace('"', '\\"', getFilesPath()).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}'; echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs(getFilesPath(), $type); GetDirs(getFilesPath(), $type);
echo "\n]"; echo "\n]";
?>

5
Application/fileman/php/download.php
View File

@ -29,10 +29,9 @@ checkAccess('DOWNLOAD');
$path = RoxyFile::FixPath(trim($_GET['f'])); $path = RoxyFile::FixPath(trim($_GET['f']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
$file = urldecode(basename($path)); $file = urldecode(basename($path));
header('Content-Disposition: attachment; filename="'.$file.'"'); header('Content-Disposition: attachment; filename="' . $file . '"');
header('Content-Type: application/force-download'); header('Content-Type: application/force-download');
readfile(fixPath($path)); readfile(fixPath($path));
} }
?>

25
Application/fileman/php/downloaddir.php
View File

@ -22,7 +22,7 @@
*/ */
include '../system.inc.php'; include '../system.inc.php';
include 'functions.inc.php'; include 'functions.inc.php';
@ini_set('memory_limit', -1); @ini_set('memory_limit', '-1');
verifyAction('DOWNLOADDIR'); verifyAction('DOWNLOADDIR');
checkAccess('DOWNLOADDIR'); checkAccess('DOWNLOADDIR');
@ -30,26 +30,25 @@ $path = RoxyFile::FixPath(trim($_GET['d']));
verifyPath($path); verifyPath($path);
$path = fixPath($path); $path = fixPath($path);
if(!class_exists('ZipArchive')){ if (!class_exists('ZipArchive')) {
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>'; echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
} } else {
else{ try {
try{
$filename = basename($path); $filename = basename($path);
$zipFile = $filename.'.zip'; $zipFile = $filename . '.zip';
$zipPath = BASE_PATH.'/tmp/'.$zipFile; $zipPath = BASE_PATH . '/tmp/' . $zipFile;
RoxyFile::ZipDir($path, $zipPath); RoxyFile::ZipDir($path, $zipPath);
header('Content-Disposition: attachment; filename="'.$zipFile.'"'); header('Content-Disposition: attachment; filename="' . $zipFile . '"');
header('Content-Type: application/force-download'); header('Content-Type: application/force-download');
readfile($zipPath); readfile($zipPath);
function deleteTmp($zipPath){ function deleteTmp(string $zipPath): void
{
@unlink($zipPath); @unlink($zipPath);
} }
register_shutdown_function('deleteTmp', $zipPath); register_shutdown_function('deleteTmp', $zipPath);
} } catch (Exception $ex) {
catch(Exception $ex){ echo '<script>alert("' . addslashes(t('E_CreateArchive')) . '");</script>';
echo '<script>alert("'. addslashes(t('E_CreateArchive')).'");</script>';
} }
} }
?>

23
Application/fileman/php/fileslist.php
View File

@ -26,34 +26,35 @@ include 'functions.inc.php';
verifyAction('FILESLIST'); verifyAction('FILESLIST');
checkAccess('FILESLIST'); checkAccess('FILESLIST');
$path = RoxyFile::FixPath(empty($_POST['d'])? getFilesPath(): $_POST['d']); $path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']);
$type = (empty($_POST['type'])?'':strtolower($_POST['type'])); $type = (empty($_POST['type']) ? '' : strtolower($_POST['type']));
if($type != 'image' && $type != 'flash') if ($type != 'image' && $type != 'flash') {
$type = ''; $type = '';
}
verifyPath($path); verifyPath($path);
$files = listDirectory(fixPath($path), 0); $files = listDirectory(fixPath($path));
natcasesort($files); natcasesort($files);
$str = ''; $str = '';
echo '['; echo '[';
foreach ($files as $f){ foreach ($files as $f) {
$fullPath = $path.'/'.$f; $fullPath = $path . '/' . $f;
if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) {
continue; continue;
}
$size = filesize(fixPath($fullPath)); $size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath)); $time = filemtime(fixPath($fullPath));
$w = 0; $w = 0;
$h = 0; $h = 0;
if(RoxyFile::IsImage($f)){ if (RoxyFile::IsImage($f)) {
$tmp = @getimagesize(fixPath($fullPath)); $tmp = @getimagesize(fixPath($fullPath));
if($tmp){ if ($tmp) {
$w = $tmp[0]; $w = $tmp[0];
$h = $tmp[1]; $h = $tmp[1];
} }
} }
$str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},'; $str .= '{"p":"' . mb_ereg_replace('"', '\\"', $fullPath) . '","s":"' . $size . '","t":"' . $time . '","w":"' . $w . '","h":"' . $h . '"},';
} }
$str = mb_substr($str, 0, -1); $str = mb_substr($str, 0, -1);
echo $str; echo $str;
echo ']'; echo ']';
?>

502
Application/fileman/php/functions.inc.php
View File

@ -20,93 +20,121 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/ */
include 'security.inc.php'; include_once 'security.inc.php';
function t($key){
function t(string $key): string
{
global $LANG; global $LANG;
if(empty($LANG)){
if (empty($LANG)) {
$file = 'en.json'; $file = 'en.json';
$langPath = '../lang/'; $langPath = '../lang/';
if(defined('LANG')){ if (defined('LANG')) {
if(LANG == 'auto'){ if (LANG == 'auto') {
$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2)); $lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
if(is_file($langPath.$lang.'.json')) if (is_file($langPath . $lang . '.json'))
$file = $lang.'.json'; $file = $lang . '.json';
} elseif (is_file($langPath . LANG . '.json')) {
$file = LANG . '.json';
} }
elseif(is_file($langPath.LANG.'.json'))
$file = LANG.'.json';
} }
$file = $langPath.$file; $file = $langPath . $file;
$LANG = json_decode(file_get_contents($file), true); $LANG = json_decode((string) file_get_contents($file), true);
} }
if(!$LANG[$key])
if (!$LANG[$key]) {
$LANG[$key] = $key; $LANG[$key] = $key;
}
return $LANG[$key]; return $LANG[$key];
} }
function checkPath($path){
$ret = false;
if(mb_strpos($path.'/', getFilesPath()) === 0)
$ret = true;
return $ret; function checkPath(string $path): bool
{
return mb_strpos($path . '/', getFilesPath()) === 0;
} }
function verifyAction($action){
if(!defined($action) || !constant($action)) function verifyAction(string $action): void
{
if (!defined($action) || !constant($action)) {
exit; exit;
else{ }
$confUrl = constant($action); $confUrl = constant($action);
if (!is_string($confUrl)) {
die('Error parsing configuration');
}
$qStr = mb_strpos($confUrl, '?'); $qStr = mb_strpos($confUrl, '?');
if($qStr !== false) if ($qStr !== false) {
$confUrl = mb_substr ($confUrl, 0, $qStr); $confUrl = mb_substr($confUrl, 0, $qStr);
$confUrl = BASE_PATH.'/'.$confUrl; }
$confUrl = BASE_PATH . '/' . $confUrl;
$confUrl = RoxyFile::FixPath($confUrl); $confUrl = RoxyFile::FixPath($confUrl);
$thisUrl = dirname(__FILE__).'/'.basename($_SERVER['PHP_SELF']); $thisUrl = dirname(__FILE__) . '/' . basename($_SERVER['PHP_SELF']);
$thisUrl = RoxyFile::FixPath($thisUrl); $thisUrl = RoxyFile::FixPath($thisUrl);
if($thisUrl != $confUrl){ if ($thisUrl != $confUrl) {
echo "$confUrl $thisUrl"; echo "$confUrl $thisUrl";
exit; exit;
} }
}
} }
function verifyPath($path){
if(!checkPath($path)){ function verifyPath(string $path): void
echo getErrorRes("Access to $path is denied").' '.$path; {
if (!checkPath($path)) {
echo getErrorRes("Access to $path is denied") . ' ' . $path;
exit; exit;
} }
} }
function fixPath($path){
$path = $_SERVER['DOCUMENT_ROOT'].'/'.$path; function fixPath(string $path): string
{
$path = $_SERVER['DOCUMENT_ROOT'] . '/' . $path;
$path = str_replace('\\', '/', $path); $path = str_replace('\\', '/', $path);
$path = RoxyFile::FixPath($path); $path = RoxyFile::FixPath($path);
return $path; return $path;
} }
function gerResultStr($type, $str = ''){
return '{"res":"'. addslashes($type).'","msg":"'. addslashes($str).'"}'; function getResultStr(string $type, string $str = ''): string
{
return '{"res":"' . addslashes($type) . '","msg":"' . addslashes($str) . '"}';
} }
function getSuccessRes($str = ''){
return gerResultStr('ok', $str); function getSuccessRes(string $str = ''): string
{
return getResultStr('ok', $str);
} }
function getErrorRes($str = ''){
return gerResultStr('error', $str); function getErrorRes(string $str = ''): string
{
return getResultStr('error', $str);
} }
function getFilesPath(){
$ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != ''?$_SESSION[SESSION_PATH_KEY]:FILES_ROOT); function getFilesPath(): string
if(!$ret){ {
$ret = RoxyFile::FixPath(BASE_PATH.'/Uploads'); $ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != '' ? $_SESSION[SESSION_PATH_KEY] : FILES_ROOT);
if (!$ret) {
$ret = RoxyFile::FixPath(BASE_PATH . '/Uploads');
$tmp = $_SERVER['DOCUMENT_ROOT']; $tmp = $_SERVER['DOCUMENT_ROOT'];
if(mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\') if (mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\')
$tmp = mb_substr($tmp, 0, -1); $tmp = mb_substr($tmp, 0, -1);
$ret = str_replace(RoxyFile::FixPath($tmp), '', $ret); $ret = str_replace(RoxyFile::FixPath($tmp), '', $ret);
} }
return $ret; return $ret;
} }
function listDirectory($path){
/**
* @param string $path
* @return string[]
*/
function listDirectory(string $path): array
{
$ret = @scandir($path); $ret = @scandir($path);
if($ret === false){ if ($ret === false) {
$ret = array(); $ret = [];
$d = opendir($path); $d = opendir($path);
if($d){ if ($d) {
while(($f = readdir($d)) !== false){ while (($f = readdir($d)) !== false) {
$ret[] = $f; $ret[] = $f;
} }
closedir($d); closedir($d);
@ -115,125 +143,167 @@ function listDirectory($path){
return $ret; return $ret;
} }
class RoxyFile{
static public function CheckWritable($dir){ class RoxyFile
{
static public function CheckWritable(string $dir): bool
{
$ret = false; $ret = false;
if(self::CreatePath($dir)){ if (self::CreatePath($dir)) {
$dir = self::FixPath($dir.'/'); $dir = self::FixPath($dir . '/');
$testFile = 'writetest.txt'; $testFile = 'writetest.txt';
$f = @fopen($dir.$testFile, 'w', false); $f = @fopen($dir . $testFile, 'w', false);
if($f){ if ($f) {
fclose($f); fclose($f);
$ret = true; $ret = true;
@unlink($dir.$testFile); @unlink($dir . $testFile);
} }
} }
return $ret; return $ret;
} }
static function CanUploadFile($filename){
$ret = false; /**
$forbidden = array_filter(preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS))); * @param $path
$allowed = array_filter(preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS))); * @return bool
*/
static public function CreatePath(string $path): bool
{
if (is_dir($path))
return true;
$prev_path = substr($path, 0, strrpos($path, '/', -2) + 1 );
$return = self::createPath($prev_path);
return $return && is_writable($prev_path) && mkdir($path);
}
static function CanUploadFile(string $filename): bool
{
$forbidden = array_filter((array) preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter((array) preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
$ext = RoxyFile::GetExtension($filename); $ext = RoxyFile::GetExtension($filename);
if((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) if ((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) {
$ret = true; return true;
return $ret;
} }
static function ZipAddDir($path, $zip, $zipPath){
return false;
}
static public function ZipAddDir(string $path, ZipArchive $zip, string $zipPath): void
{
$d = opendir($path); $d = opendir($path);
$zipPath = str_replace('//', '/', $zipPath); $zipPath = str_replace('//', '/', $zipPath);
if($zipPath && $zipPath != '/'){ if ($zipPath && $zipPath != '/') {
$zip->addEmptyDir($zipPath); $zip->addEmptyDir($zipPath);
} }
while(($f = readdir($d)) !== false){ if (is_resource($d)) {
if($f == '.' || $f == '..') while (($f = readdir($d)) !== false) {
if ($f == '.' || $f == '..')
continue; continue;
$filePath = $path.'/'.$f; $filePath = $path . '/' . $f;
if(is_file($filePath)){ if (is_file($filePath)) {
$zip->addFile($filePath, ($zipPath?$zipPath.'/':'').$f); $zip->addFile($filePath, ($zipPath ? $zipPath . '/' : '') . $f);
} } elseif (is_dir($filePath)) {
elseif(is_dir($filePath)){ self::ZipAddDir($filePath, $zip, ($zipPath ? $zipPath . '/' : '') . $f);
self::ZipAddDir($filePath, $zip, ($zipPath?$zipPath.'/':'').$f);
} }
} }
}
if (is_resource($d)) {
closedir($d); closedir($d);
} }
static function ZipDir($path, $zipFile, $zipPath = ''){ }
static public function ZipDir(string $path, string $zipFile, string $zipPath = ''): void
{
$zip = new ZipArchive(); $zip = new ZipArchive();
$zip->open($zipFile, ZIPARCHIVE::CREATE); $zip->open($zipFile, ZIPARCHIVE::CREATE);
self::ZipAddDir($path, $zip, $zipPath); self::ZipAddDir($path, $zip, $zipPath);
$zip->close(); $zip->close();
} }
static function IsImage($fileName){
$ret = false; static public function IsImage(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName)); $ext = strtolower(self::GetExtension($fileName));
if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'jpe' || $ext == 'png' || $ext == 'gif' || $ext == 'ico')
$ret = true; $imageExtensions = ['jpg', 'jpeg', 'jpe', 'png', 'gif', 'ico', 'webp'];
return $ret;
return in_array($ext, $imageExtensions);
} }
static function IsFlash($fileName){
$ret = false; static public function IsFlash(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName)); $ext = strtolower(self::GetExtension($fileName));
if($ext == 'swf' || $ext == 'flv' || $ext == 'swc' || $ext == 'swt')
$ret = true; $flashExtensions = ['swf', 'flv', 'swc', 'swt'];
return $ret;
return in_array($ext, $flashExtensions);
} }
/** /**
* Returns human formated file size * Returns human formated file size
* *
* @param int $filesize * @param int $filesize
* @return string * @return string
*/ */
static function FormatFileSize($filesize){ static public function FormatFileSize(int $filesize): string
$ret = ''; {
$unit = 'B'; $unit = 'B';
if($filesize > 1024){ if ($filesize > 1024) {
$unit = 'KB'; $unit = 'KB';
$filesize = $filesize / 1024; $filesize = $filesize / 1024;
} }
if($filesize > 1024){ if ($filesize > 1024) {
$unit = 'MB'; $unit = 'MB';
$filesize = $filesize / 1024; $filesize = $filesize / 1024;
} }
if($filesize > 1024){ if ($filesize > 1024) {
$unit = 'GB'; $unit = 'GB';
$filesize = $filesize / 1024; $filesize = $filesize / 1024;
} }
$ret = round($filesize, 2).' '.$unit; $ret = round($filesize, 2) . ' ' . $unit;
return $ret; return $ret;
} }
/** /**
* Returns MIME type of $filename * Returns MIME type of $filename
* *
* @param string $filename * @param string $filename
* @return string * @return string
*/ */
static function GetMIMEType($filename){ static public function GetMIMEType(string $filename): string
$type = 'application/octet-stream'; {
$ext = self::GetExtension($filename); $ext = self::GetExtension($filename);
switch(strtolower($ext)){ switch (strtolower($ext)) {
case 'jpg': $type = 'image/jpeg';break; case 'jpg':
case 'jpeg': $type = 'image/jpeg';break; case 'jpeg':
case 'gif': $type = 'image/gif';break; return 'image/jpeg';
case 'png': $type = 'image/png';break; case 'gif':
case 'bmp': $type = 'image/bmp';break; return 'image/gif';
case 'tiff': $type = 'image/tiff';break; case 'png':
case 'tif': $type = 'image/tiff';break; return 'image/png';
case 'pdf': $type = 'application/pdf';break; case 'bmp':
case 'rtf': $type = 'application/msword';break; return 'image/bmp';
case 'doc': $type = 'application/msword';break; case 'webp':
case 'xls': $type = 'application/vnd.ms-excel'; break; return 'image/webp';
case 'zip': $type = 'application/zip'; break; case 'tiff':
case 'swf': $type = 'application/x-shockwave-flash'; break; case 'tif':
default: $type = 'application/octet-stream'; return 'image/tiff';
case 'pdf':
return 'application/pdf';
case 'rtf':
case 'doc':
return 'application/msword';
case 'xls':
return 'application/vnd.ms-excel';
case 'zip':
return 'application/zip';
case 'swf':
return 'application/x-shockwave-flash';
default:
return 'application/octet-stream';
} }
return $type;
} }
/** /**
@ -243,22 +313,23 @@ class RoxyFile{
* @param string $sep * @param string $sep
* @return string * @return string
*/ */
static function CleanupFilename($filename, $sep = '_'){ static public function CleanupFilename(string $filename, string $sep = '_'): string
{
$str = ''; $str = '';
if(strpos($filename,'.')){ if (strpos($filename, '.')) {
$ext = self::GetExtension($filename) ; $ext = self::GetExtension($filename);
$name = self::GetName($filename); $name = self::GetName($filename);
} } else {
else{
$ext = ''; $ext = '';
$name = $filename; $name = $filename;
} }
if(mb_strlen($name) > 32) if (mb_strlen($name) > 32) {
$name = mb_substr($name, 0, 32); $name = mb_substr($name, 0, 32);
}
$str = str_replace('.php', '', $str); $str = str_replace('.php', '', $str);
$str = mb_ereg_replace("[^\\w]", $sep, $name); $str = (string) mb_ereg_replace("[^\\w]", $sep, $name);
$str = mb_ereg_replace("$sep+", $sep, $str).($ext?'.'.$ext:''); $str = (string) mb_ereg_replace("$sep+", $sep, $str) . ($ext ? '.' . $ext : '');
return $str; return $str;
} }
@ -269,11 +340,13 @@ class RoxyFile{
* @param string $filename * @param string $filename
* @return string * @return string
*/ */
static function GetExtension($filename) { static public function GetExtension(string $filename): string
{
$ext = ''; $ext = '';
if(mb_strrpos($filename, '.') !== false) if (mb_strrpos($filename, '.') !== false) {
$ext = mb_substr($filename, mb_strrpos($filename, '.') + 1); $ext = mb_substr($filename, mb_strrpos($filename, '.') + 1);
}
return strtolower($ext); return strtolower($ext);
} }
@ -284,33 +357,39 @@ class RoxyFile{
* @param string $filename * @param string $filename
* @return string * @return string
*/ */
static function GetName($filename) { static public function GetName(string $filename): string
$name = ''; {
$tmp = mb_strpos($filename, '?'); $tmp = mb_strpos($filename, '?');
if($tmp !== false) if ($tmp !== false) {
$filename = mb_substr ($filename, 0, $tmp); $filename = mb_substr($filename, 0, $tmp);
}
$dotPos = mb_strrpos($filename, '.'); $dotPos = mb_strrpos($filename, '.');
if($dotPos !== false) if ($dotPos !== false) {
$name = mb_substr($filename, 0, $dotPos); $name = mb_substr($filename, 0, $dotPos);
else } else {
$name = $filename; $name = $filename;
}
return $name; return $name;
} }
static function GetFullName($filename) {
$tmp = mb_strpos($filename, '?');
if($tmp !== false)
$filename = mb_substr ($filename, 0, $tmp);
$filename = basename($filename);
return $filename; static public function GetFullName(string $filename): string
{
$tmp = mb_strpos($filename, '?');
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
} }
static public function FixPath($path){ return basename($filename);
$path = mb_ereg_replace('[\\\/]+', '/', $path); }
$path = mb_ereg_replace('\.\.\/', '', $path);
static public function FixPath(string $path): string
{
$path = (string) mb_ereg_replace('[\\\/]+', '/', $path);
$path = (string) mb_ereg_replace('\.\.\/', '', $path);
return $path; return $path;
} }
/** /**
* creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir * creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir
* *
@ -318,27 +397,31 @@ class RoxyFile{
* @param string $filename * @param string $filename
* @return string * @return string
*/ */
static function MakeUniqueFilename($dir, $filename){ static public function MakeUniqueFilename(string $dir, string $filename): string
$temp = ''; {
;
$dir .= '/'; $dir .= '/';
$dir = self::FixPath($dir.'/'); $dir = self::FixPath($dir . '/');
$ext = self::GetExtension($filename); $ext = self::GetExtension($filename);
$name = self::GetName($filename); $name = self::GetName($filename);
$name = self::CleanupFilename($name); $name = self::CleanupFilename($name);
$name = mb_ereg_replace(' \\- Copy \\d+$', '', $name); $name = mb_ereg_replace(' \\- Copy \\d+$', '', $name);
if($ext) if ($ext) {
$ext = '.'.$ext; $ext = '.' . $ext;
if(!$name) }
if (!$name) {
$name = 'file'; $name = 'file';
}
$i = 0; $i = 0;
do{ do {
$temp = ($i > 0? $name." - Copy $i": $name).$ext; $temp = ($i > 0 ? $name . " - Copy $i" : $name) . $ext;
$i++; $i++;
}while(file_exists($dir.$temp)); } while (file_exists($dir . $temp));
return $temp; return $temp;
} }
/** /**
* creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir * creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir
* *
@ -346,44 +429,44 @@ class RoxyFile{
* @param string $name * @param string $name
* @return string * @return string
*/ */
static function MakeUniqueDirname($dir, $name){ static public function MakeUniqueDirname(string $dir, string $name): string
$temp = ''; {
$dir = self::FixPath($dir.'/'); $dir = self::FixPath($dir . '/');
$name = mb_ereg_replace(' - Copy \\d+$', '', $name); $name = mb_ereg_replace(' - Copy \\d+$', '', $name);
if(!$name) if (!$name) {
$name = 'directory'; $name = 'directory';
}
$i = 0; $i = 0;
do{ do {
$temp = ($i? $name." - Copy $i": $name); $temp = ($i ? $name . " - Copy $i" : $name);
$i++; $i++;
}while(is_dir($dir.$temp)); } while (is_dir($dir . $temp));
return $temp; return $temp;
} }
} }
class RoxyImage{ class RoxyImage
public static function GetImage($path){ {
$img = null; public static function GetImage(string $path)
{
$ext = RoxyFile::GetExtension(basename($path)); $ext = RoxyFile::GetExtension(basename($path));
switch($ext){ switch ($ext) {
case 'png': case 'png':
$img = imagecreatefrompng($path); return imagecreatefrompng($path);
break;
case 'gif': case 'gif':
$img = imagecreatefromgif($path); return imagecreatefromgif($path);
break;
default: default:
$img = imagecreatefromjpeg($path); return imagecreatefromjpeg($path);
}
} }
public static function OutputImage($img, string $type, ?string $destination = '', int $quality = 90)
{
return $img; if(is_string($img)) {
$img = self::GetImage($img);
} }
public static function OutputImage($img, $type, $destination = '', $quality = 90){
if(is_string($img))
$img = self::GetImage ($img);
switch(strtolower($type)){ switch(strtolower($type)){
case 'png': case 'png':
imagepng($img, $destination); imagepng($img, $destination);
@ -396,10 +479,11 @@ class RoxyImage{
} }
} }
public static function SetAlpha($img, $path) { public static function SetAlpha($img, string $path)
{
$ext = RoxyFile::GetExtension(basename($path)); $ext = RoxyFile::GetExtension(basename($path));
if($ext == "gif" || $ext == "png"){ if ($ext == "gif" || $ext == "png") {
imagecolortransparent($img, imagecolorallocatealpha($img, 0, 0, 0, 127)); imagecolortransparent($img, (int) imagecolorallocatealpha($img, 0, 0, 0, 127));
imagealphablending($img, false); imagealphablending($img, false);
imagesavealpha($img, true); imagesavealpha($img, true);
} }
@ -407,39 +491,55 @@ class RoxyImage{
return $img; return $img;
} }
public static function Resize($source, $destination, $width = '150',$height = 0, $quality = 90) { public static function Resize(
$tmp = getimagesize($source); string $source,
?string $destination,
int $width = 150,
int $height = 0,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0]; $w = $tmp[0];
$h = $tmp[1]; $h = $tmp[1];
$r = $w / $h; $r = $w / $h;
if($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))){ if ($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))) {
if($source != $destination) if ($source != $destination) {
self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality); self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
return; return;
} }
$newWidth = $width; $newWidth = $width;
$newHeight = floor($newWidth / $r); $newHeight = floor($newWidth / $r);
if(($height > 0 && $newHeight > $height) || !$width){ if (($height > 0 && $newHeight > $height) || !$width) {
$newHeight = $height; $newHeight = $height;
$newWidth = intval($newHeight * $r); $newWidth = intval($newHeight * $r);
} }
$thumbImg = imagecreatetruecolor($newWidth, $newHeight); $thumbImg = imagecreatetruecolor((int) $newWidth, (int) $newHeight);
$img = self::GetImage($source); $img = self::GetImage($source);
$thumbImg = self::SetAlpha($thumbImg, $source); $thumbImg = self::SetAlpha($thumbImg, $source);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, $newWidth, $newHeight, $w, $h); imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, (int) $newWidth, (int) $newHeight, $w, $h);
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
} }
public static function CropCenter($source, $destination, $width, $height, $quality = 90) {
$tmp = getimagesize($source); public static function CropCenter(
string $source,
?string $destination,
int $width,
int $height,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0]; $w = $tmp[0];
$h = $tmp[1]; $h = $tmp[1];
if(($w <= $width) && (!$height || ($h <= $height))){ if (($w <= $width) && (!$height || ($h <= $height))) {
self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality); self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality);
} }
$ratio = $width / $height; $ratio = $width / $height;
@ -447,25 +547,37 @@ class RoxyImage{
$cropWidth = floor($h * $ratio); $cropWidth = floor($h * $ratio);
$cropHeight = floor($cropWidth / $ratio); $cropHeight = floor($cropWidth / $ratio);
if($cropWidth > $w){ if ($cropWidth > $w) {
$cropWidth = $w; $cropWidth = $w;
$cropHeight = $w / $ratio; $cropHeight = $w / $ratio;
} }
if($cropHeight > $h){ if ($cropHeight > $h) {
$cropHeight = $h; $cropHeight = $h;
$cropWidth = $h * $ratio; $cropWidth = $h * $ratio;
} }
if($cropWidth < $w){ if ($cropWidth < $w) {
$left = floor(($w - $cropWidth) / 2); $left = floor(($w - $cropWidth) / 2);
} }
if($cropHeight < $h){ if ($cropHeight < $h) {
$top = floor(($h- $cropHeight) / 2); $top = floor(($h - $cropHeight) / 2);
} }
self::Crop($source, $destination, $left, $top, $cropWidth, $cropHeight, $width, $height, $quality); self::Crop($source, $destination, (int) $left, (int) $top, $cropWidth, $cropHeight, $width, $height, $quality);
} }
public static function Crop($source, $destination, $x, $y, $cropWidth, $cropHeight, $width, $height, $quality = 90) {
public static function Crop(
string $source,
?string $destination,
int $x,
int $y,
int $cropWidth,
int $cropHeight,
int $width,
int $height,
int $quality = 90
): void
{
$thumbImg = imagecreatetruecolor($width, $height); $thumbImg = imagecreatetruecolor($width, $height);
$img = self::GetImage($source); $img = self::GetImage($source);
@ -476,14 +588,18 @@ class RoxyImage{
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality); self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
} }
} }
$tmp = json_decode(file_get_contents(BASE_PATH.'/conf.json'), true);
if($tmp){ $tmp = json_decode((string) file_get_contents(BASE_PATH . '/conf.json'), true);
foreach ($tmp as $k=>$v)
define($k, $v); if (!$tmp || !is_array($tmp)) {
}
else
die('Error parsing configuration'); die('Error parsing configuration');
}
foreach ($tmp as $k => $v) {
define((string) $k, $v);
}
$FilesRoot = fixPath(getFilesPath()); $FilesRoot = fixPath(getFilesPath());
if(!is_dir($FilesRoot)) if (!is_dir($FilesRoot)) {
@mkdir($FilesRoot, octdec(DIRPERMISSIONS)); @mkdir($FilesRoot, (int) octdec(DIRPERMISSIONS));
?> }

22
Application/fileman/php/movedir.php
View File

@ -26,21 +26,21 @@ include 'functions.inc.php';
verifyAction('MOVEDIR'); verifyAction('MOVEDIR');
checkAccess('MOVEDIR'); checkAccess('MOVEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); $path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n'])?'':$_GET['n'])); $newPath = RoxyFile::FixPath(trim(empty($_GET['n']) ? '' : $_GET['n']));
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(mb_strpos($newPath, $path) === 0) if (mb_strpos($newPath, $path) === 0) {
echo getErrorRes(t('E_CannotMoveDirToChild')); echo getErrorRes(t('E_CannotMoveDirToChild'));
elseif(file_exists(fixPath($newPath).'/'.basename($path))) } elseif (file_exists(fixPath($newPath) . '/' . basename($path))) {
echo getErrorRes(t('E_DirAlreadyExists')); echo getErrorRes(t('E_DirAlreadyExists'));
elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path))) } elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_MoveDir').' '.basename($path)); echo getErrorRes(t('E_MoveDir') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_MoveDirInvalisPath')); echo getErrorRes(t('E_MoveDirInvalisPath'));
?> }

27
Application/fileman/php/movefile.php
View File

@ -26,25 +26,24 @@ include 'functions.inc.php';
verifyAction('MOVEFILE'); verifyAction('MOVEFILE');
checkAccess('MOVEFILE'); checkAccess('MOVEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath) if (!$newPath) {
$newPath = getFilesPath(); $newPath = getFilesPath();
}
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(!RoxyFile::CanUploadFile(basename($newPath))) { if (!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden')); echo getErrorRes(t('E_FileExtensionForbidden'));
} } elseif (is_file(fixPath($path))) {
elseif(is_file(fixPath($path))){ if (file_exists(fixPath($newPath))) {
if(file_exists(fixPath($newPath))) echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath));
echo getErrorRes(t('E_MoveFileAlreadyExists').' '.basename($newPath)); } elseif (rename(fixPath($path), fixPath($newPath))) {
elseif(rename(fixPath($path), fixPath($newPath)))
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_MoveFile').' '.basename($path)); echo getErrorRes(t('E_MoveFile') . ' ' . basename($path));
} }
else { } else {
echo getErrorRes(t('E_MoveFileInvalisPath')); echo getErrorRes(t('E_MoveFileInvalisPath'));
} }
?>

20
Application/fileman/php/renamedir.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEDIR'); verifyAction('RENAMEDIR');
checkAccess('RENAMEDIR'); checkAccess('RENAMEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])? '': $_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/')) if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotRenameRoot')); echo getErrorRes(t('E_CannotRenameRoot'));
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_RenameDir').' '.basename($path)); echo getErrorRes(t('E_RenameDir') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_RenameDirInvalidPath')); echo getErrorRes(t('E_RenameDirInvalidPath'));
?> }

22
Application/fileman/php/renamefile.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEFILE'); verifyAction('RENAMEFILE');
checkAccess('RENAMEFILE'); checkAccess('RENAMEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
if(!RoxyFile::CanUploadFile($name)) if (!RoxyFile::CanUploadFile($name)) {
echo getErrorRes(t('E_FileExtensionForbidden').' ".'.RoxyFile::GetExtension($name).'"'); echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"');
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_RenameFile').' '.basename($path)); echo getErrorRes(t('E_RenameFile') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_RenameFileInvalidPath')); echo getErrorRes(t('E_RenameFileInvalidPath'));
?> }

5
Application/fileman/php/security.inc.php
View File

@ -20,7 +20,8 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/ */
function checkAccess($action) { function checkAccess(string $action): void
{
unset($action);
if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.'); if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.');
} }
?>

11
Application/fileman/php/thumb.php
View File

@ -29,18 +29,17 @@ header("Cache-Control: max-age=3600");
verifyAction('GENERATETHUMB'); verifyAction('GENERATETHUMB');
checkAccess('GENERATETHUMB'); checkAccess('GENERATETHUMB');
$path = RoxyFile::FixPath(urldecode(empty($_GET['f'])?'':$_GET['f'])); $path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f']));
verifyPath($path); verifyPath($path);
@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS)); @chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS));
@chmod(fixPath($path), octdec(FILEPERMISSIONS)); @chmod(fixPath($path), (int) octdec(FILEPERMISSIONS));
$w = intval(empty($_GET['width'])?'100':$_GET['width']); $w = intval(empty($_GET['width']) ? '100' : $_GET['width']);
$h = intval(empty($_GET['height'])?'0':$_GET['height']); $h = intval(empty($_GET['height']) ? '0' : $_GET['height']);
header('Content-type: '.RoxyFile::GetMIMEType(basename($path))); header('Content-type: '.RoxyFile::GetMIMEType(basename($path)));
if($w && $h) if($w && $h)
RoxyImage::CropCenter(fixPath($path), null, $w, $h); RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else else
RoxyImage::Resize(fixPath($path), null, $w, $h); RoxyImage::Resize(fixPath($path), null, $w, $h);
?>

57
Application/fileman/php/upload.php
View File

@ -26,58 +26,57 @@ include 'functions.inc.php';
verifyAction('UPLOAD'); verifyAction('UPLOAD');
checkAccess('UPLOAD'); checkAccess('UPLOAD');
$isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax'); $isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?getFilesPath():$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d']));
verifyPath($path); verifyPath($path);
$res = ''; $res = '';
if(is_dir(fixPath($path))){ $errors = $errorsExt = array();
if(!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])){
$errors = $errorsExt = array(); if (is_dir(fixPath($path))) {
foreach($_FILES['files']['tmp_name'] as $k=>$v){ if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) {
foreach ($_FILES['files']['tmp_name'] as $k => $v) {
$filename = $_FILES['files']['name'][$k]; $filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename); $filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path).'/'.$filename; $filePath = fixPath($path) . '/' . $filename;
$isUploaded = true; $isUploaded = true;
if(!RoxyFile::CanUploadFile($filename)){ if (!RoxyFile::CanUploadFile($filename)) {
$errorsExt[] = $filename; $errorsExt[] = $filename;
$isUploaded = false; $isUploaded = false;
} } elseif (!move_uploaded_file($v, $filePath)) {
elseif(!move_uploaded_file($v, $filePath)){
$errors[] = $filename; $errors[] = $filename;
$isUploaded = false; $isUploaded = false;
} }
if(is_file($filePath)){ if (is_file($filePath)) {
@chmod ($filePath, octdec(FILEPERMISSIONS)); @chmod($filePath, (int) octdec(FILEPERMISSIONS));
} }
if($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)){ if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) {
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT)); RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
} }
} }
if($errors && $errorsExt) if ($errors && $errorsExt) {
$res = getSuccessRes(t('E_UploadNotAll').' '.t('E_FileExtensionForbidden')); $res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden'));
elseif($errorsExt) } elseif ($errorsExt) {
$res = getSuccessRes(t('E_FileExtensionForbidden')); $res = getSuccessRes(t('E_FileExtensionForbidden'));
elseif($errors) } elseif ($errors) {
$res = getSuccessRes(t('E_UploadNotAll')); $res = getSuccessRes(t('E_UploadNotAll'));
else } else {
$res = getSuccessRes(); $res = getSuccessRes();
} }
else } else {
$res = getErrorRes(t('E_UploadNoFiles')); $res = getErrorRes(t('E_UploadNoFiles'));
} }
else } else {
$res = getErrorRes(t('E_UploadInvalidPath')); $res = getErrorRes(t('E_UploadInvalidPath'));
if($isAjax){
if($errors || $errorsExt)
$res = getErrorRes(t('E_UploadNotAll'));
echo $res;
} }
else{
if ($isAjax) {
if ($errors || $errorsExt) {
$res = getErrorRes(t('E_UploadNotAll'));
}
echo $res;
} else {
echo ' echo '
<script> <script>
parent.fileUploaded('.$res.'); parent.fileUploaded(' . $res . ')
</script>'; </script>';
} }
?>

17
phpstan.neon
View File

@ -4,7 +4,20 @@ parameters:
- ../../o3-shop/shop-ce/source/oxfunctions.php - ../../o3-shop/shop-ce/source/oxfunctions.php
paths: paths:
- Application - Application
excludePaths:
- Application/fileman
level: 9 level: 9
phpVersion: 70400 phpVersion: 70400
ignoreErrors:
- '#Constant FILES_ROOT not found.#'
- '#Constant SESSION_PATH_KEY not found.#'
- '#Constant FORBIDDEN_UPLOADS not found.#'
- '#Constant ALLOWED_UPLOADS not found.#'
- '#Constant BASE_PATH not found.#'
- '#Constant DIRPERMISSIONS not found.#'
- '#Constant FILEPERMISSIONS not found.#'
- '#Constant MAX_IMAGE_HEIGHT not found.#'
- '#Constant MAX_IMAGE_WIDTH not found.#'
- '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#'
- '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#'