D3Public/tinymce-editor
8
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

refactor fileman

Browse Source
This commit is contained in:
O3-Shop 2023-04-10 22:25:46 +02:00
parent 192a9aa52d
commit 24c4264d87
18 changed files with 873 additions and 730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Application/fileman/php/copydir.php
View File

@ -26,32 +26,35 @@ include 'functions.inc.php';
verifyAction('COPYDIR'); verifyAction('COPYDIR');
checkAccess('COPYDIR'); checkAccess('COPYDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
function copyDir($path, $newPath){ function copyDir(string $path, string $newPath): void
$items = listDirectory($path); {
if(!is_dir($newPath)) $items = listDirectory($path);
mkdir ($newPath, octdec(DIRPERMISSIONS)); if (!is_dir($newPath)) {
foreach ($items as $item){ mkdir($newPath, (int) octdec(DIRPERMISSIONS));
if($item == '.' || $item == '..') }
continue;
$oldPath = RoxyFile::FixPath($path.'/'.$item); foreach ($items as $item) {
$tmpNewPath = RoxyFile::FixPath($newPath.'/'.$item); if ($item == '.' || $item == '..') {
if(is_file($oldPath)) continue;
copy($oldPath, $tmpNewPath); }
elseif(is_dir($oldPath)){ $oldPath = RoxyFile::FixPath($path . '/' . $item);
copyDir($oldPath, $tmpNewPath); $tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item);
if (is_file($oldPath)) {
copy($oldPath, $tmpNewPath);
} elseif (is_dir($oldPath)) {
copyDir($oldPath, $tmpNewPath);
}
} }
}
} }
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
copyDir(fixPath($path.'/'), fixPath($newPath.'/'.basename($path))); copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path)));
echo getSuccessRes(); echo getSuccessRes();
} } else {
else echo getErrorRes(t('E_CopyDirInvalidPath'));
echo getErrorRes(t('E_CopyDirInvalidPath')); }
?>

29
Application/fileman/php/copyfile.php
View File

@ -26,21 +26,22 @@ include 'functions.inc.php';
verifyAction('COPYFILE'); verifyAction('COPYFILE');
checkAccess('COPYFILE'); checkAccess('COPYFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath) if (!$newPath) {
$newPath = getFilesPath(); $newPath = getFilesPath();
}
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
$newPath = $newPath.'/'.RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path)); $newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if(copy(fixPath($path), fixPath($newPath))) if (copy(fixPath($path), fixPath($newPath))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CopyFile')); echo getErrorRes(t('E_CopyFile'));
} }
else } else {
echo getErrorRes(t('E_CopyFileInvalisPath')); echo getErrorRes(t('E_CopyFileInvalisPath'));
?> }

22
Application/fileman/php/createdir.php
View File

@ -26,16 +26,16 @@ include 'functions.inc.php';
verifyAction('CREATEDIR'); verifyAction('CREATEDIR');
checkAccess('CREATEDIR'); checkAccess('CREATEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS))) if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CreateDirFailed').' '.basename($path)); echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_CreateDirInvalidPath')); echo getErrorRes(t('E_CreateDirInvalidPath'));
?> }

28
Application/fileman/php/deletedir.php
View File

@ -26,19 +26,19 @@ include 'functions.inc.php';
verifyAction('DELETEDIR'); verifyAction('DELETEDIR');
checkAccess('DELETEDIR'); checkAccess('DELETEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); $path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/')) if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotDeleteRoot')); echo getErrorRes(t('E_CannotDeleteRoot'));
elseif(count(glob(fixPath($path)."/*"))) } elseif (count((array) glob(fixPath($path) . "/*"))) {
echo getErrorRes(t('E_DeleteNonEmpty')); echo getErrorRes(t('E_DeleteNonEmpty'));
elseif(rmdir(fixPath($path))) } elseif (rmdir(fixPath($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_CannotDeleteDir').' '.basename($path)); echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_DeleteDirInvalidPath').' '.$path); echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path);
?> }

18
Application/fileman/php/deletefile.php
View File

@ -29,12 +29,12 @@ checkAccess('DELETEFILE');
$path = RoxyFile::FixPath(trim($_POST['f'])); $path = RoxyFile::FixPath(trim($_POST['f']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
if(unlink(fixPath($path))) if (unlink(fixPath($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_DeletеFile').' '.basename($path)); echo getErrorRes(t('E_DeletеFile') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_DeleteFileInvalidPath')); echo getErrorRes(t('E_DeleteFileInvalidPath'));
?> }

87
Application/fileman/php/dirtree.php
View File

@ -26,47 +26,60 @@ include 'functions.inc.php';
verifyAction('DIRLIST'); verifyAction('DIRLIST');
checkAccess('DIRLIST'); checkAccess('DIRLIST');
function getFilesNumber($path, $type){ /**
$files = 0; * @param string $path
$dirs = 0; * @param string $type
$tmp = listDirectory($path); * @return int[]
foreach ($tmp as $ff){ */
if($ff == '.' || $ff == '..') function getFilesNumber(string $path, string $type): array
continue; {
elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))) $files = 0;
$files++; $dirs = 0;
elseif(is_dir($path.'/'.$ff)) $tmp = listDirectory($path);
$dirs++; foreach ($tmp as $ff) {
} if ($ff == '.' || $ff == '..') {
continue;
} elseif (
is_file($path . '/' . $ff) &&
($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))
) {
$files++;
} elseif (is_dir($path . '/' . $ff)) {
$dirs++;
}
}
return array('files'=>$files, 'dirs'=>$dirs); return array('files' => $files, 'dirs' => $dirs);
}
function GetDirs($path, $type){
$ret = $sort = array();
$files = listDirectory(fixPath($path), 0);
foreach ($files as $f){
$fullPath = $path.'/'.$f;
if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..')
continue;
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path'=>$fullPath,'files'=>$tmp['files'],'dirs'=>$tmp['dirs']);
$sort[$fullPath] = $f;
}
natcasesort($sort);
foreach ($sort as $k => $v) {
$tmp = $ret[$k];
echo ',{"p":"'.mb_ereg_replace('"', '\\"', $tmp['path']).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}';
GetDirs($tmp['path'], $type);
}
} }
$type = (empty($_GET['type'])?'':strtolower($_GET['type'])); function GetDirs(string $path, string $type): void
if($type != 'image' && $type != 'flash') {
$type = ''; $ret = $sort = array();
$files = listDirectory(fixPath($path));
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') {
continue;
}
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']);
$sort[$fullPath] = $f;
}
natcasesort($sort);
foreach ($sort as $k => $v) {
$tmp = $ret[$k];
echo ',{"p":"' . mb_ereg_replace('"', '\\"', $tmp['path']) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs($tmp['path'], $type);
}
}
$type = (empty($_GET['type']) ? '' : strtolower($_GET['type']));
if ($type != 'image' && $type != 'flash') {
$type = '';
}
echo "[\n"; echo "[\n";
$tmp = getFilesNumber(fixPath(getFilesPath()), $type); $tmp = getFilesNumber(fixPath(getFilesPath()), $type);
echo '{"p":"'. mb_ereg_replace('"', '\\"', getFilesPath()).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}'; echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs(getFilesPath(), $type); GetDirs(getFilesPath(), $type);
echo "\n]"; echo "\n]";
?>

13
Application/fileman/php/download.php
View File

@ -29,10 +29,9 @@ checkAccess('DOWNLOAD');
$path = RoxyFile::FixPath(trim($_GET['f'])); $path = RoxyFile::FixPath(trim($_GET['f']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
$file = urldecode(basename($path)); $file = urldecode(basename($path));
header('Content-Disposition: attachment; filename="'.$file.'"'); header('Content-Disposition: attachment; filename="' . $file . '"');
header('Content-Type: application/force-download'); header('Content-Type: application/force-download');
readfile(fixPath($path)); readfile(fixPath($path));
} }
?>

43
Application/fileman/php/downloaddir.php
View File

@ -22,7 +22,7 @@
*/ */
include '../system.inc.php'; include '../system.inc.php';
include 'functions.inc.php'; include 'functions.inc.php';
@ini_set('memory_limit', -1); @ini_set('memory_limit', '-1');
verifyAction('DOWNLOADDIR'); verifyAction('DOWNLOADDIR');
checkAccess('DOWNLOADDIR'); checkAccess('DOWNLOADDIR');
@ -30,26 +30,25 @@ $path = RoxyFile::FixPath(trim($_GET['d']));
verifyPath($path); verifyPath($path);
$path = fixPath($path); $path = fixPath($path);
if(!class_exists('ZipArchive')){ if (!class_exists('ZipArchive')) {
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>'; echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
} } else {
else{ try {
try{ $filename = basename($path);
$filename = basename($path); $zipFile = $filename . '.zip';
$zipFile = $filename.'.zip'; $zipPath = BASE_PATH . '/tmp/' . $zipFile;
$zipPath = BASE_PATH.'/tmp/'.$zipFile; RoxyFile::ZipDir($path, $zipPath);
RoxyFile::ZipDir($path, $zipPath);
header('Content-Disposition: attachment; filename="'.$zipFile.'"'); header('Content-Disposition: attachment; filename="' . $zipFile . '"');
header('Content-Type: application/force-download'); header('Content-Type: application/force-download');
readfile($zipPath); readfile($zipPath);
function deleteTmp($zipPath){ function deleteTmp(string $zipPath): void
@unlink($zipPath); {
@unlink($zipPath);
}
register_shutdown_function('deleteTmp', $zipPath);
} catch (Exception $ex) {
echo '<script>alert("' . addslashes(t('E_CreateArchive')) . '");</script>';
} }
register_shutdown_function('deleteTmp', $zipPath); }
}
catch(Exception $ex){
echo '<script>alert("'. addslashes(t('E_CreateArchive')).'");</script>';
}
}
?>

45
Application/fileman/php/fileslist.php
View File

@ -26,34 +26,35 @@ include 'functions.inc.php';
verifyAction('FILESLIST'); verifyAction('FILESLIST');
checkAccess('FILESLIST'); checkAccess('FILESLIST');
$path = RoxyFile::FixPath(empty($_POST['d'])? getFilesPath(): $_POST['d']); $path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']);
$type = (empty($_POST['type'])?'':strtolower($_POST['type'])); $type = (empty($_POST['type']) ? '' : strtolower($_POST['type']));
if($type != 'image' && $type != 'flash') if ($type != 'image' && $type != 'flash') {
$type = ''; $type = '';
}
verifyPath($path); verifyPath($path);
$files = listDirectory(fixPath($path), 0); $files = listDirectory(fixPath($path));
natcasesort($files); natcasesort($files);
$str = ''; $str = '';
echo '['; echo '[';
foreach ($files as $f){ foreach ($files as $f) {
$fullPath = $path.'/'.$f; $fullPath = $path . '/' . $f;
if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) {
continue; continue;
$size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath));
$w = 0;
$h = 0;
if(RoxyFile::IsImage($f)){
$tmp = @getimagesize(fixPath($fullPath));
if($tmp){
$w = $tmp[0];
$h = $tmp[1];
} }
} $size = filesize(fixPath($fullPath));
$str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},'; $time = filemtime(fixPath($fullPath));
$w = 0;
$h = 0;
if (RoxyFile::IsImage($f)) {
$tmp = @getimagesize(fixPath($fullPath));
if ($tmp) {
$w = $tmp[0];
$h = $tmp[1];
}
}
$str .= '{"p":"' . mb_ereg_replace('"', '\\"', $fullPath) . '","s":"' . $size . '","t":"' . $time . '","w":"' . $w . '","h":"' . $h . '"},';
} }
$str = mb_substr($str, 0, -1); $str = mb_substr($str, 0, -1);
echo $str; echo $str;
echo ']'; echo ']';
?>

1014
Application/fileman/php/functions.inc.php
View File

File diff suppressed because it is too large Load Diff

30
Application/fileman/php/movedir.php
View File

@ -26,21 +26,21 @@ include 'functions.inc.php';
verifyAction('MOVEDIR'); verifyAction('MOVEDIR');
checkAccess('MOVEDIR'); checkAccess('MOVEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d'])); $path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n'])?'':$_GET['n'])); $newPath = RoxyFile::FixPath(trim(empty($_GET['n']) ? '' : $_GET['n']));
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(mb_strpos($newPath, $path) === 0) if (mb_strpos($newPath, $path) === 0) {
echo getErrorRes(t('E_CannotMoveDirToChild')); echo getErrorRes(t('E_CannotMoveDirToChild'));
elseif(file_exists(fixPath($newPath).'/'.basename($path))) } elseif (file_exists(fixPath($newPath) . '/' . basename($path))) {
echo getErrorRes(t('E_DirAlreadyExists')); echo getErrorRes(t('E_DirAlreadyExists'));
elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path))) } elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_MoveDir').' '.basename($path)); echo getErrorRes(t('E_MoveDir') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_MoveDirInvalisPath')); echo getErrorRes(t('E_MoveDirInvalisPath'));
?> }

37
Application/fileman/php/movefile.php
View File

@ -26,25 +26,24 @@ include 'functions.inc.php';
verifyAction('MOVEFILE'); verifyAction('MOVEFILE');
checkAccess('MOVEFILE'); checkAccess('MOVEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath) if (!$newPath) {
$newPath = getFilesPath(); $newPath = getFilesPath();
}
verifyPath($path); verifyPath($path);
verifyPath($newPath); verifyPath($newPath);
if(!RoxyFile::CanUploadFile(basename($newPath))) { if (!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden')); echo getErrorRes(t('E_FileExtensionForbidden'));
} } elseif (is_file(fixPath($path))) {
elseif(is_file(fixPath($path))){ if (file_exists(fixPath($newPath))) {
if(file_exists(fixPath($newPath))) echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath));
echo getErrorRes(t('E_MoveFileAlreadyExists').' '.basename($newPath)); } elseif (rename(fixPath($path), fixPath($newPath))) {
elseif(rename(fixPath($path), fixPath($newPath))) echo getSuccessRes();
echo getSuccessRes(); } else {
else echo getErrorRes(t('E_MoveFile') . ' ' . basename($path));
echo getErrorRes(t('E_MoveFile').' '.basename($path)); }
} } else {
else { echo getErrorRes(t('E_MoveFileInvalisPath'));
echo getErrorRes(t('E_MoveFileInvalisPath')); }
}
?>

26
Application/fileman/php/renamedir.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEDIR'); verifyAction('RENAMEDIR');
checkAccess('RENAMEDIR'); checkAccess('RENAMEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])? '': $_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_dir(fixPath($path))){ if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/')) if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotRenameRoot')); echo getErrorRes(t('E_CannotRenameRoot'));
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_RenameDir').' '.basename($path)); echo getErrorRes(t('E_RenameDir') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_RenameDirInvalidPath')); echo getErrorRes(t('E_RenameDirInvalidPath'));
?> }

26
Application/fileman/php/renamefile.php
View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEFILE'); verifyAction('RENAMEFILE');
checkAccess('RENAMEFILE'); checkAccess('RENAMEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f'])); $path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n'])); $name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path); verifyPath($path);
if(is_file(fixPath($path))){ if (is_file(fixPath($path))) {
if(!RoxyFile::CanUploadFile($name)) if (!RoxyFile::CanUploadFile($name)) {
echo getErrorRes(t('E_FileExtensionForbidden').' ".'.RoxyFile::GetExtension($name).'"'); echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"');
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name)) } elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes(); echo getSuccessRes();
else } else {
echo getErrorRes(t('E_RenameFile').' '.basename($path)); echo getErrorRes(t('E_RenameFile') . ' ' . basename($path));
} }
else } else {
echo getErrorRes(t('E_RenameFileInvalidPath')); echo getErrorRes(t('E_RenameFileInvalidPath'));
?> }

7
Application/fileman/php/security.inc.php
View File

@ -20,7 +20,8 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/ */
function checkAccess($action) { function checkAccess(string $action): void
{
unset($action);
if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.'); if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.');
} }
?>

17
Application/fileman/php/thumb.php
View File

@ -29,18 +29,17 @@ header("Cache-Control: max-age=3600");
verifyAction('GENERATETHUMB'); verifyAction('GENERATETHUMB');
checkAccess('GENERATETHUMB'); checkAccess('GENERATETHUMB');
$path = RoxyFile::FixPath(urldecode(empty($_GET['f'])?'':$_GET['f'])); $path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f']));
verifyPath($path); verifyPath($path);
@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS)); @chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS));
@chmod(fixPath($path), octdec(FILEPERMISSIONS)); @chmod(fixPath($path), (int) octdec(FILEPERMISSIONS));
$w = intval(empty($_GET['width'])?'100':$_GET['width']); $w = intval(empty($_GET['width']) ? '100' : $_GET['width']);
$h = intval(empty($_GET['height'])?'0':$_GET['height']); $h = intval(empty($_GET['height']) ? '0' : $_GET['height']);
header('Content-type: '.RoxyFile::GetMIMEType(basename($path))); header('Content-type: '.RoxyFile::GetMIMEType(basename($path)));
if($w && $h) if($w && $h)
RoxyImage::CropCenter(fixPath($path), null, $w, $h); RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else else
RoxyImage::Resize(fixPath($path), null, $w, $h); RoxyImage::Resize(fixPath($path), null, $w, $h);
?>

93
Application/fileman/php/upload.php
View File

@ -26,58 +26,57 @@ include 'functions.inc.php';
verifyAction('UPLOAD'); verifyAction('UPLOAD');
checkAccess('UPLOAD'); checkAccess('UPLOAD');
$isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax'); $isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?getFilesPath():$_POST['d'])); $path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d']));
verifyPath($path); verifyPath($path);
$res = ''; $res = '';
if(is_dir(fixPath($path))){ $errors = $errorsExt = array();
if(!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])){
$errors = $errorsExt = array();
foreach($_FILES['files']['tmp_name'] as $k=>$v){
$filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path).'/'.$filename;
$isUploaded = true;
if(!RoxyFile::CanUploadFile($filename)){
$errorsExt[] = $filename;
$isUploaded = false;
}
elseif(!move_uploaded_file($v, $filePath)){
$errors[] = $filename;
$isUploaded = false;
}
if(is_file($filePath)){
@chmod ($filePath, octdec(FILEPERMISSIONS));
}
if($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)){
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if($errors && $errorsExt)
$res = getSuccessRes(t('E_UploadNotAll').' '.t('E_FileExtensionForbidden'));
elseif($errorsExt)
$res = getSuccessRes(t('E_FileExtensionForbidden'));
elseif($errors)
$res = getSuccessRes(t('E_UploadNotAll'));
else
$res = getSuccessRes();
}
else
$res = getErrorRes(t('E_UploadNoFiles'));
}
else
$res = getErrorRes(t('E_UploadInvalidPath'));
if($isAjax){ if (is_dir(fixPath($path))) {
if($errors || $errorsExt) if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) {
$res = getErrorRes(t('E_UploadNotAll')); foreach ($_FILES['files']['tmp_name'] as $k => $v) {
echo $res; $filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path) . '/' . $filename;
$isUploaded = true;
if (!RoxyFile::CanUploadFile($filename)) {
$errorsExt[] = $filename;
$isUploaded = false;
} elseif (!move_uploaded_file($v, $filePath)) {
$errors[] = $filename;
$isUploaded = false;
}
if (is_file($filePath)) {
@chmod($filePath, (int) octdec(FILEPERMISSIONS));
}
if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) {
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if ($errors && $errorsExt) {
$res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden'));
} elseif ($errorsExt) {
$res = getSuccessRes(t('E_FileExtensionForbidden'));
} elseif ($errors) {
$res = getSuccessRes(t('E_UploadNotAll'));
} else {
$res = getSuccessRes();
}
} else {
$res = getErrorRes(t('E_UploadNoFiles'));
}
} else {
$res = getErrorRes(t('E_UploadInvalidPath'));
} }
else{
echo ' if ($isAjax) {
if ($errors || $errorsExt) {
$res = getErrorRes(t('E_UploadNotAll'));
}
echo $res;
} else {
echo '
<script> <script>
parent.fileUploaded('.$res.'); parent.fileUploaded(' . $res . ')
</script>'; </script>';
} }
?>

19
phpstan.neon
View File

@ -4,7 +4,20 @@ parameters:
- ../../o3-shop/shop-ce/source/oxfunctions.php - ../../o3-shop/shop-ce/source/oxfunctions.php
paths: paths:
- Application - Application
excludePaths:
- Application/fileman
level: 9 level: 9
phpVersion: 70400 phpVersion: 70400
ignoreErrors:
- '#Constant FILES_ROOT not found.#'
- '#Constant SESSION_PATH_KEY not found.#'
- '#Constant FORBIDDEN_UPLOADS not found.#'
- '#Constant ALLOWED_UPLOADS not found.#'
- '#Constant BASE_PATH not found.#'
- '#Constant DIRPERMISSIONS not found.#'
- '#Constant FILEPERMISSIONS not found.#'
- '#Constant MAX_IMAGE_HEIGHT not found.#'
- '#Constant MAX_IMAGE_WIDTH not found.#'
- '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#'
- '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#'