D3Public/tinymce-editor
8
0
Bifurcation 0
Code Demandes d'ajout Paquets Projets Publications Activité

refactor fileman

Parcourir la source
Cette révision appartient à :
O3-Shop 2023-04-10 22:25:46 +02:00
Parent 192a9aa52d
révision 24c4264d87
18 fichiers modifiés avec 873 ajouts et 730 suppressions
Voir les Statistiques Télécharger le Fichier Patch Télécharger le Fichier des Différences Développer tous les fichiers Réduire tous les fichiers

21
Application/fileman/php/copydir.php
Voir le fichier

@ -31,18 +31,22 @@ $newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
verifyPath($path);
verifyPath($newPath);
function copyDir($path, $newPath){
function copyDir(string $path, string $newPath): void
{
$items = listDirectory($path);
if(!is_dir($newPath))
mkdir ($newPath, octdec(DIRPERMISSIONS));
if (!is_dir($newPath)) {
mkdir($newPath, (int) octdec(DIRPERMISSIONS));
}
foreach ($items as $item) {
if($item == '.' || $item == '..')
if ($item == '.' || $item == '..') {
continue;
}
$oldPath = RoxyFile::FixPath($path . '/' . $item);
$tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item);
if(is_file($oldPath))
if (is_file($oldPath)) {
copy($oldPath, $tmpNewPath);
elseif(is_dir($oldPath)){
} elseif (is_dir($oldPath)) {
copyDir($oldPath, $tmpNewPath);
}
}
@ -51,7 +55,6 @@ function copyDir($path, $newPath){
if (is_dir(fixPath($path))) {
copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path)));
echo getSuccessRes();
}
else
} else {
echo getErrorRes(t('E_CopyDirInvalidPath'));
?>
}

11
Application/fileman/php/copyfile.php
Voir le fichier

@ -28,19 +28,20 @@ checkAccess('COPYFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath)
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if (is_file(fixPath($path))) {
$newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if(copy(fixPath($path), fixPath($newPath)))
if (copy(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_CopyFile'));
}
else
} else {
echo getErrorRes(t('E_CopyFileInvalisPath'));
?>
}

8
Application/fileman/php/createdir.php
Voir le fichier

@ -31,11 +31,11 @@ $name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
verifyPath($path);
if (is_dir(fixPath($path))) {
if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS)))
if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_CreateDirInvalidPath'));
?>
}

12
Application/fileman/php/deletedir.php
Voir le fichier

@ -30,15 +30,15 @@ $path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d']));
verifyPath($path);
if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotDeleteRoot'));
elseif(count(glob(fixPath($path)."/*")))
} elseif (count((array) glob(fixPath($path) . "/*"))) {
echo getErrorRes(t('E_DeleteNonEmpty'));
elseif(rmdir(fixPath($path)))
} elseif (rmdir(fixPath($path))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path);
?>
}

8
Application/fileman/php/deletefile.php
Voir le fichier

@ -30,11 +30,11 @@ $path = RoxyFile::FixPath(trim($_POST['f']));
verifyPath($path);
if (is_file(fixPath($path))) {
if(unlink(fixPath($path)))
if (unlink(fixPath($path))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_DeletеFile') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_DeleteFileInvalidPath'));
?>
}

31
Application/fileman/php/dirtree.php
Voir le fichier

@ -26,28 +26,41 @@ include 'functions.inc.php';
verifyAction('DIRLIST');
checkAccess('DIRLIST');
function getFilesNumber($path, $type){
/**
* @param string $path
* @param string $type
* @return int[]
*/
function getFilesNumber(string $path, string $type): array
{
$files = 0;
$dirs = 0;
$tmp = listDirectory($path);
foreach ($tmp as $ff) {
if($ff == '.' || $ff == '..')
if ($ff == '.' || $ff == '..') {
continue;
elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff))))
} elseif (
is_file($path . '/' . $ff) &&
($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))
) {
$files++;
elseif(is_dir($path.'/'.$ff))
} elseif (is_dir($path . '/' . $ff)) {
$dirs++;
}
}
return array('files' => $files, 'dirs' => $dirs);
}
function GetDirs($path, $type){
function GetDirs(string $path, string $type): void
{
$ret = $sort = array();
$files = listDirectory(fixPath($path), 0);
$files = listDirectory(fixPath($path));
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..')
if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') {
continue;
}
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']);
$sort[$fullPath] = $f;
@ -61,12 +74,12 @@ function GetDirs($path, $type){
}
$type = (empty($_GET['type']) ? '' : strtolower($_GET['type']));
if($type != 'image' && $type != 'flash')
if ($type != 'image' && $type != 'flash') {
$type = '';
}
echo "[\n";
$tmp = getFilesNumber(fixPath(getFilesPath()), $type);
echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs(getFilesPath(), $type);
echo "\n]";
?>

1
Application/fileman/php/download.php
Voir le fichier

@ -35,4 +35,3 @@ if(is_file(fixPath($path))){
header('Content-Type: application/force-download');
readfile(fixPath($path));
}
?>

13
Application/fileman/php/downloaddir.php
Voir le fichier

@ -22,7 +22,7 @@
*/
include '../system.inc.php';
include 'functions.inc.php';
@ini_set('memory_limit', -1);
@ini_set('memory_limit', '-1');
verifyAction('DOWNLOADDIR');
checkAccess('DOWNLOADDIR');
@ -32,8 +32,7 @@ $path = fixPath($path);
if (!class_exists('ZipArchive')) {
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
}
else{
} else {
try {
$filename = basename($path);
$zipFile = $filename . '.zip';
@ -43,13 +42,13 @@ else{
header('Content-Disposition: attachment; filename="' . $zipFile . '"');
header('Content-Type: application/force-download');
readfile($zipPath);
function deleteTmp($zipPath){
function deleteTmp(string $zipPath): void
{
@unlink($zipPath);
}
register_shutdown_function('deleteTmp', $zipPath);
}
catch(Exception $ex){
} catch (Exception $ex) {
echo '<script>alert("' . addslashes(t('E_CreateArchive')) . '");</script>';
}
}
?>

9
Application/fileman/php/fileslist.php
Voir le fichier

@ -28,18 +28,20 @@ checkAccess('FILESLIST');
$path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']);
$type = (empty($_POST['type']) ? '' : strtolower($_POST['type']));
if($type != 'image' && $type != 'flash')
if ($type != 'image' && $type != 'flash') {
$type = '';
}
verifyPath($path);
$files = listDirectory(fixPath($path), 0);
$files = listDirectory(fixPath($path));
natcasesort($files);
$str = '';
echo '[';
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f)))
if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) {
continue;
}
$size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath));
$w = 0;
@ -56,4 +58,3 @@ foreach ($files as $f){
$str = mb_substr($str, 0, -1);
echo $str;
echo ']';
?>

384
Application/fileman/php/functions.inc.php
Voir le fichier

@ -20,9 +20,12 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
include 'security.inc.php';
function t($key){
include_once 'security.inc.php';
function t(string $key): string
{
global $LANG;
if (empty($LANG)) {
$file = 'en.json';
$langPath = '../lang/';
@ -31,33 +34,40 @@ function t($key){
$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
if (is_file($langPath . $lang . '.json'))
$file = $lang . '.json';
}
elseif(is_file($langPath.LANG.'.json'))
} elseif (is_file($langPath . LANG . '.json')) {
$file = LANG . '.json';
}
$file = $langPath.$file;
$LANG = json_decode(file_get_contents($file), true);
}
if(!$LANG[$key])
$file = $langPath . $file;
$LANG = json_decode((string) file_get_contents($file), true);
}
if (!$LANG[$key]) {
$LANG[$key] = $key;
}
return $LANG[$key];
}
function checkPath($path){
$ret = false;
if(mb_strpos($path.'/', getFilesPath()) === 0)
$ret = true;
return $ret;
function checkPath(string $path): bool
{
return mb_strpos($path . '/', getFilesPath()) === 0;
}
function verifyAction($action){
if(!defined($action) || !constant($action))
function verifyAction(string $action): void
{
if (!defined($action) || !constant($action)) {
exit;
else{
}
$confUrl = constant($action);
if (!is_string($confUrl)) {
die('Error parsing configuration');
}
$qStr = mb_strpos($confUrl, '?');
if($qStr !== false)
if ($qStr !== false) {
$confUrl = mb_substr($confUrl, 0, $qStr);
}
$confUrl = BASE_PATH . '/' . $confUrl;
$confUrl = RoxyFile::FixPath($confUrl);
$thisUrl = dirname(__FILE__) . '/' . basename($_SERVER['PHP_SELF']);
@ -67,30 +77,42 @@ function verifyAction($action){
exit;
}
}
}
function verifyPath($path){
function verifyPath(string $path): void
{
if (!checkPath($path)) {
echo getErrorRes("Access to $path is denied") . ' ' . $path;
exit;
}
}
function fixPath($path){
function fixPath(string $path): string
{
$path = $_SERVER['DOCUMENT_ROOT'] . '/' . $path;
$path = str_replace('\\', '/', $path);
$path = RoxyFile::FixPath($path);
return $path;
}
function gerResultStr($type, $str = ''){
function getResultStr(string $type, string $str = ''): string
{
return '{"res":"' . addslashes($type) . '","msg":"' . addslashes($str) . '"}';
}
function getSuccessRes($str = ''){
return gerResultStr('ok', $str);
function getSuccessRes(string $str = ''): string
{
return getResultStr('ok', $str);
}
function getErrorRes($str = ''){
return gerResultStr('error', $str);
function getErrorRes(string $str = ''): string
{
return getResultStr('error', $str);
}
function getFilesPath(){
function getFilesPath(): string
{
$ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != '' ? $_SESSION[SESSION_PATH_KEY] : FILES_ROOT);
if (!$ret) {
$ret = RoxyFile::FixPath(BASE_PATH . '/Uploads');
$tmp = $_SERVER['DOCUMENT_ROOT'];
@ -100,10 +122,16 @@ function getFilesPath(){
}
return $ret;
}
function listDirectory($path){
/**
* @param string $path
* @return string[]
*/
function listDirectory(string $path): array
{
$ret = @scandir($path);
if ($ret === false) {
$ret = array();
$ret = [];
$d = opendir($path);
if ($d) {
while (($f = readdir($d)) !== false) {
@ -115,8 +143,11 @@ function listDirectory($path){
return $ret;
}
class RoxyFile{
static public function CheckWritable($dir){
class RoxyFile
{
static public function CheckWritable(string $dir): bool
{
$ret = false;
if (self::CreatePath($dir)) {
$dir = self::FixPath($dir . '/');
@ -131,64 +162,91 @@ class RoxyFile{
return $ret;
}
static function CanUploadFile($filename){
$ret = false;
$forbidden = array_filter(preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter(preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
/**
* @param $path
* @return bool
*/
static public function CreatePath(string $path): bool
{
if (is_dir($path))
return true;
$prev_path = substr($path, 0, strrpos($path, '/', -2) + 1 );
$return = self::createPath($prev_path);
return $return && is_writable($prev_path) && mkdir($path);
}
static function CanUploadFile(string $filename): bool
{
$forbidden = array_filter((array) preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter((array) preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
$ext = RoxyFile::GetExtension($filename);
if((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed)))
$ret = true;
return $ret;
if ((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) {
return true;
}
static function ZipAddDir($path, $zip, $zipPath){
return false;
}
static public function ZipAddDir(string $path, ZipArchive $zip, string $zipPath): void
{
$d = opendir($path);
$zipPath = str_replace('//', '/', $zipPath);
if ($zipPath && $zipPath != '/') {
$zip->addEmptyDir($zipPath);
}
if (is_resource($d)) {
while (($f = readdir($d)) !== false) {
if ($f == '.' || $f == '..')
continue;
$filePath = $path . '/' . $f;
if (is_file($filePath)) {
$zip->addFile($filePath, ($zipPath ? $zipPath . '/' : '') . $f);
}
elseif(is_dir($filePath)){
} elseif (is_dir($filePath)) {
self::ZipAddDir($filePath, $zip, ($zipPath ? $zipPath . '/' : '') . $f);
}
}
}
if (is_resource($d)) {
closedir($d);
}
static function ZipDir($path, $zipFile, $zipPath = ''){
}
static public function ZipDir(string $path, string $zipFile, string $zipPath = ''): void
{
$zip = new ZipArchive();
$zip->open($zipFile, ZIPARCHIVE::CREATE);
self::ZipAddDir($path, $zip, $zipPath);
$zip->close();
}
static function IsImage($fileName){
$ret = false;
static public function IsImage(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName));
if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'jpe' || $ext == 'png' || $ext == 'gif' || $ext == 'ico')
$ret = true;
return $ret;
$imageExtensions = ['jpg', 'jpeg', 'jpe', 'png', 'gif', 'ico', 'webp'];
return in_array($ext, $imageExtensions);
}
static function IsFlash($fileName){
$ret = false;
static public function IsFlash(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName));
if($ext == 'swf' || $ext == 'flv' || $ext == 'swc' || $ext == 'swt')
$ret = true;
return $ret;
$flashExtensions = ['swf', 'flv', 'swc', 'swt'];
return in_array($ext, $flashExtensions);
}
/**
* Returns human formated file size
*
* @param int $filesize
* @return string
*/
static function FormatFileSize($filesize){
$ret = '';
static public function FormatFileSize(int $filesize): string
{
$unit = 'B';
if ($filesize > 1024) {
$unit = 'KB';
@ -206,34 +264,46 @@ class RoxyFile{
$ret = round($filesize, 2) . ' ' . $unit;
return $ret;
}
/**
* Returns MIME type of $filename
*
* @param string $filename
* @return string
*/
static function GetMIMEType($filename){
$type = 'application/octet-stream';
static public function GetMIMEType(string $filename): string
{
$ext = self::GetExtension($filename);
switch (strtolower($ext)) {
case 'jpg': $type = 'image/jpeg';break;
case 'jpeg': $type = 'image/jpeg';break;
case 'gif': $type = 'image/gif';break;
case 'png': $type = 'image/png';break;
case 'bmp': $type = 'image/bmp';break;
case 'tiff': $type = 'image/tiff';break;
case 'tif': $type = 'image/tiff';break;
case 'pdf': $type = 'application/pdf';break;
case 'rtf': $type = 'application/msword';break;
case 'doc': $type = 'application/msword';break;
case 'xls': $type = 'application/vnd.ms-excel'; break;
case 'zip': $type = 'application/zip'; break;
case 'swf': $type = 'application/x-shockwave-flash'; break;
default: $type = 'application/octet-stream';
case 'jpg':
case 'jpeg':
return 'image/jpeg';
case 'gif':
return 'image/gif';
case 'png':
return 'image/png';
case 'bmp':
return 'image/bmp';
case 'webp':
return 'image/webp';
case 'tiff':
case 'tif':
return 'image/tiff';
case 'pdf':
return 'application/pdf';
case 'rtf':
case 'doc':
return 'application/msword';
case 'xls':
return 'application/vnd.ms-excel';
case 'zip':
return 'application/zip';
case 'swf':
return 'application/x-shockwave-flash';
default:
return 'application/octet-stream';
}
return $type;
}
/**
@ -243,22 +313,23 @@ class RoxyFile{
* @param string $sep
* @return string
*/
static function CleanupFilename($filename, $sep = '_'){
static public function CleanupFilename(string $filename, string $sep = '_'): string
{
$str = '';
if (strpos($filename, '.')) {
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
}
else{
} else {
$ext = '';
$name = $filename;
}
if(mb_strlen($name) > 32)
if (mb_strlen($name) > 32) {
$name = mb_substr($name, 0, 32);
}
$str = str_replace('.php', '', $str);
$str = mb_ereg_replace("[^\\w]", $sep, $name);
$str = (string) mb_ereg_replace("[^\\w]", $sep, $name);
$str = mb_ereg_replace("$sep+", $sep, $str).($ext?'.'.$ext:'');
$str = (string) mb_ereg_replace("$sep+", $sep, $str) . ($ext ? '.' . $ext : '');
return $str;
}
@ -269,11 +340,13 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function GetExtension($filename) {
static public function GetExtension(string $filename): string
{
$ext = '';
if(mb_strrpos($filename, '.') !== false)
if (mb_strrpos($filename, '.') !== false) {
$ext = mb_substr($filename, mb_strrpos($filename, '.') + 1);
}
return strtolower($ext);
}
@ -284,33 +357,39 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function GetName($filename) {
$name = '';
static public function GetName(string $filename): string
{
$tmp = mb_strpos($filename, '?');
if($tmp !== false)
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
$dotPos = mb_strrpos($filename, '.');
if($dotPos !== false)
if ($dotPos !== false) {
$name = mb_substr($filename, 0, $dotPos);
else
} else {
$name = $filename;
}
return $name;
}
static function GetFullName($filename) {
$tmp = mb_strpos($filename, '?');
if($tmp !== false)
$filename = mb_substr ($filename, 0, $tmp);
$filename = basename($filename);
return $filename;
static public function GetFullName(string $filename): string
{
$tmp = mb_strpos($filename, '?');
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
static public function FixPath($path){
$path = mb_ereg_replace('[\\\/]+', '/', $path);
$path = mb_ereg_replace('\.\.\/', '', $path);
return basename($filename);
}
static public function FixPath(string $path): string
{
$path = (string) mb_ereg_replace('[\\\/]+', '/', $path);
$path = (string) mb_ereg_replace('\.\.\/', '', $path);
return $path;
}
/**
* creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir
*
@ -318,18 +397,21 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function MakeUniqueFilename($dir, $filename){
$temp = '';
static public function MakeUniqueFilename(string $dir, string $filename): string
{
;
$dir .= '/';
$dir = self::FixPath($dir . '/');
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
$name = self::CleanupFilename($name);
$name = mb_ereg_replace(' \\- Copy \\d+$', '', $name);
if($ext)
if ($ext) {
$ext = '.' . $ext;
if(!$name)
}
if (!$name) {
$name = 'file';
}
$i = 0;
do {
@ -339,6 +421,7 @@ class RoxyFile{
return $temp;
}
/**
* creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir
*
@ -346,12 +429,13 @@ class RoxyFile{
* @param string $name
* @return string
*/
static function MakeUniqueDirname($dir, $name){
$temp = '';
static public function MakeUniqueDirname(string $dir, string $name): string
{
$dir = self::FixPath($dir . '/');
$name = mb_ereg_replace(' - Copy \\d+$', '', $name);
if(!$name)
if (!$name) {
$name = 'directory';
}
$i = 0;
do {
@ -362,28 +446,27 @@ class RoxyFile{
return $temp;
}
}
class RoxyImage{
public static function GetImage($path){
$img = null;
class RoxyImage
{
public static function GetImage(string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
switch ($ext) {
case 'png':
$img = imagecreatefrompng($path);
break;
return imagecreatefrompng($path);
case 'gif':
$img = imagecreatefromgif($path);
break;
return imagecreatefromgif($path);
default:
$img = imagecreatefromjpeg($path);
return imagecreatefromjpeg($path);
}
}
return $img;
}
public static function OutputImage($img, $type, $destination = '', $quality = 90){
if(is_string($img))
public static function OutputImage($img, string $type, ?string $destination = '', int $quality = 90)
{
if(is_string($img)) {
$img = self::GetImage($img);
}
switch(strtolower($type)){
case 'png':
imagepng($img, $destination);
@ -396,10 +479,11 @@ class RoxyImage{
}
}
public static function SetAlpha($img, $path) {
public static function SetAlpha($img, string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
if ($ext == "gif" || $ext == "png") {
imagecolortransparent($img, imagecolorallocatealpha($img, 0, 0, 0, 127));
imagecolortransparent($img, (int) imagecolorallocatealpha($img, 0, 0, 0, 127));
imagealphablending($img, false);
imagesavealpha($img, true);
}
@ -407,15 +491,23 @@ class RoxyImage{
return $img;
}
public static function Resize($source, $destination, $width = '150',$height = 0, $quality = 90) {
$tmp = getimagesize($source);
public static function Resize(
string $source,
?string $destination,
int $width = 150,
int $height = 0,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
$r = $w / $h;
if ($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))) {
if($source != $destination)
if ($source != $destination) {
self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
return;
}
@ -426,17 +518,25 @@ class RoxyImage{
$newWidth = intval($newHeight * $r);
}
$thumbImg = imagecreatetruecolor($newWidth, $newHeight);
$thumbImg = imagecreatetruecolor((int) $newWidth, (int) $newHeight);
$img = self::GetImage($source);
$thumbImg = self::SetAlpha($thumbImg, $source);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, $newWidth, $newHeight, $w, $h);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, (int) $newWidth, (int) $newHeight, $w, $h);
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
public static function CropCenter($source, $destination, $width, $height, $quality = 90) {
$tmp = getimagesize($source);
public static function CropCenter(
string $source,
?string $destination,
int $width,
int $height,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
if (($w <= $width) && (!$height || ($h <= $height))) {
@ -463,9 +563,21 @@ class RoxyImage{
$top = floor(($h - $cropHeight) / 2);
}
self::Crop($source, $destination, $left, $top, $cropWidth, $cropHeight, $width, $height, $quality);
self::Crop($source, $destination, (int) $left, (int) $top, $cropWidth, $cropHeight, $width, $height, $quality);
}
public static function Crop($source, $destination, $x, $y, $cropWidth, $cropHeight, $width, $height, $quality = 90) {
public static function Crop(
string $source,
?string $destination,
int $x,
int $y,
int $cropWidth,
int $cropHeight,
int $width,
int $height,
int $quality = 90
): void
{
$thumbImg = imagecreatetruecolor($width, $height);
$img = self::GetImage($source);
@ -476,14 +588,18 @@ class RoxyImage{
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
}
$tmp = json_decode(file_get_contents(BASE_PATH.'/conf.json'), true);
if($tmp){
foreach ($tmp as $k=>$v)
define($k, $v);
}
else
$tmp = json_decode((string) file_get_contents(BASE_PATH . '/conf.json'), true);
if (!$tmp || !is_array($tmp)) {
die('Error parsing configuration');
}
foreach ($tmp as $k => $v) {
define((string) $k, $v);
}
$FilesRoot = fixPath(getFilesPath());
if(!is_dir($FilesRoot))
@mkdir($FilesRoot, octdec(DIRPERMISSIONS));
?>
if (!is_dir($FilesRoot)) {
@mkdir($FilesRoot, (int) octdec(DIRPERMISSIONS));
}

12
Application/fileman/php/movedir.php
Voir le fichier

@ -32,15 +32,15 @@ verifyPath($path);
verifyPath($newPath);
if (is_dir(fixPath($path))) {
if(mb_strpos($newPath, $path) === 0)
if (mb_strpos($newPath, $path) === 0) {
echo getErrorRes(t('E_CannotMoveDirToChild'));
elseif(file_exists(fixPath($newPath).'/'.basename($path)))
} elseif (file_exists(fixPath($newPath) . '/' . basename($path))) {
echo getErrorRes(t('E_DirAlreadyExists'));
elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path)))
} elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_MoveDir') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_MoveDirInvalisPath'));
?>
}

15
Application/fileman/php/movefile.php
Voir le fichier

@ -28,23 +28,22 @@ checkAccess('MOVEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if(!$newPath)
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if (!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden'));
}
elseif(is_file(fixPath($path))){
if(file_exists(fixPath($newPath)))
} elseif (is_file(fixPath($path))) {
if (file_exists(fixPath($newPath))) {
echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath));
elseif(rename(fixPath($path), fixPath($newPath)))
} elseif (rename(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_MoveFile') . ' ' . basename($path));
}
else {
} else {
echo getErrorRes(t('E_MoveFileInvalisPath'));
}
?>

10
Application/fileman/php/renamedir.php
Voir le fichier

@ -31,13 +31,13 @@ $name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n']));
verifyPath($path);
if (is_dir(fixPath($path))) {
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotRenameRoot'));
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_RenameDir') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_RenameDirInvalidPath'));
?>
}

10
Application/fileman/php/renamefile.php
Voir le fichier

@ -31,13 +31,13 @@ $name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
verifyPath($path);
if (is_file(fixPath($path))) {
if(!RoxyFile::CanUploadFile($name))
if (!RoxyFile::CanUploadFile($name)) {
echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"');
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_RenameFile') . ' ' . basename($path));
}
else
} else {
echo getErrorRes(t('E_RenameFileInvalidPath'));
?>
}

5
Application/fileman/php/security.inc.php
Voir le fichier

@ -20,7 +20,8 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
function checkAccess($action) {
function checkAccess(string $action): void
{
unset($action);
if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.');
}
?>

5
Application/fileman/php/thumb.php
Voir le fichier

@ -32,8 +32,8 @@ checkAccess('GENERATETHUMB');
$path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f']));
verifyPath($path);
@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS));
@chmod(fixPath($path), octdec(FILEPERMISSIONS));
@chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS));
@chmod(fixPath($path), (int) octdec(FILEPERMISSIONS));
$w = intval(empty($_GET['width']) ? '100' : $_GET['width']);
$h = intval(empty($_GET['height']) ? '0' : $_GET['height']);
@ -43,4 +43,3 @@ if($w && $h)
RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else
RoxyImage::Resize(fixPath($path), null, $w, $h);
?>

31
Application/fileman/php/upload.php
Voir le fichier

@ -26,14 +26,14 @@ include 'functions.inc.php';
verifyAction('UPLOAD');
checkAccess('UPLOAD');
$isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax');
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d']));
verifyPath($path);
$res = '';
$errors = $errorsExt = array();
if (is_dir(fixPath($path))) {
if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) {
$errors = $errorsExt = array();
foreach ($_FILES['files']['tmp_name'] as $k => $v) {
$filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
@ -42,42 +42,41 @@ if(is_dir(fixPath($path))){
if (!RoxyFile::CanUploadFile($filename)) {
$errorsExt[] = $filename;
$isUploaded = false;
}
elseif(!move_uploaded_file($v, $filePath)){
} elseif (!move_uploaded_file($v, $filePath)) {
$errors[] = $filename;
$isUploaded = false;
}
if (is_file($filePath)) {
@chmod ($filePath, octdec(FILEPERMISSIONS));
@chmod($filePath, (int) octdec(FILEPERMISSIONS));
}
if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) {
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if($errors && $errorsExt)
if ($errors && $errorsExt) {
$res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden'));
elseif($errorsExt)
} elseif ($errorsExt) {
$res = getSuccessRes(t('E_FileExtensionForbidden'));
elseif($errors)
} elseif ($errors) {
$res = getSuccessRes(t('E_UploadNotAll'));
else
} else {
$res = getSuccessRes();
}
else
} else {
$res = getErrorRes(t('E_UploadNoFiles'));
}
else
} else {
$res = getErrorRes(t('E_UploadInvalidPath'));
}
if ($isAjax) {
if($errors || $errorsExt)
if ($errors || $errorsExt) {
$res = getErrorRes(t('E_UploadNotAll'));
echo $res;
}
else{
echo $res;
} else {
echo '
<script>
parent.fileUploaded('.$res.');
parent.fileUploaded(' . $res . ')
</script>';
}
?>

17
phpstan.neon
Voir le fichier

@ -4,7 +4,20 @@ parameters:
- ../../o3-shop/shop-ce/source/oxfunctions.php
paths:
- Application
excludePaths:
- Application/fileman
level: 9
phpVersion: 70400
ignoreErrors:
- '#Constant FILES_ROOT not found.#'
- '#Constant SESSION_PATH_KEY not found.#'
- '#Constant FORBIDDEN_UPLOADS not found.#'
- '#Constant ALLOWED_UPLOADS not found.#'
- '#Constant BASE_PATH not found.#'
- '#Constant DIRPERMISSIONS not found.#'
- '#Constant FILEPERMISSIONS not found.#'
- '#Constant MAX_IMAGE_HEIGHT not found.#'
- '#Constant MAX_IMAGE_WIDTH not found.#'
- '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#'
- '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#'