refactor fileman

This commit is contained in:
O3-Shop 2023-04-10 22:25:46 +02:00
parent 192a9aa52d
commit 24c4264d87
18 changed files with 873 additions and 730 deletions

View File

@ -26,32 +26,35 @@ include 'functions.inc.php';
verifyAction('COPYDIR');
checkAccess('COPYDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
verifyPath($newPath);
function copyDir($path, $newPath){
function copyDir(string $path, string $newPath): void
{
$items = listDirectory($path);
if(!is_dir($newPath))
mkdir ($newPath, octdec(DIRPERMISSIONS));
foreach ($items as $item){
if($item == '.' || $item == '..')
if (!is_dir($newPath)) {
mkdir($newPath, (int) octdec(DIRPERMISSIONS));
}
foreach ($items as $item) {
if ($item == '.' || $item == '..') {
continue;
$oldPath = RoxyFile::FixPath($path.'/'.$item);
$tmpNewPath = RoxyFile::FixPath($newPath.'/'.$item);
if(is_file($oldPath))
}
$oldPath = RoxyFile::FixPath($path . '/' . $item);
$tmpNewPath = RoxyFile::FixPath($newPath . '/' . $item);
if (is_file($oldPath)) {
copy($oldPath, $tmpNewPath);
elseif(is_dir($oldPath)){
} elseif (is_dir($oldPath)) {
copyDir($oldPath, $tmpNewPath);
}
}
}
if(is_dir(fixPath($path))){
copyDir(fixPath($path.'/'), fixPath($newPath.'/'.basename($path)));
if (is_dir(fixPath($path))) {
copyDir(fixPath($path . '/'), fixPath($newPath . '/' . basename($path)));
echo getSuccessRes();
}
else
} else {
echo getErrorRes(t('E_CopyDirInvalidPath'));
?>
}

View File

@ -26,21 +26,22 @@ include 'functions.inc.php';
verifyAction('COPYFILE');
checkAccess('COPYFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
if(!$newPath)
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if(is_file(fixPath($path))){
$newPath = $newPath.'/'.RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if(copy(fixPath($path), fixPath($newPath)))
if (is_file(fixPath($path))) {
$newPath = $newPath . '/' . RoxyFile::MakeUniqueFilename(fixPath($newPath), basename($path));
if (copy(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
else
} else {
echo getErrorRes(t('E_CopyFile'));
}
else
}
} else {
echo getErrorRes(t('E_CopyFileInvalisPath'));
?>
}

View File

@ -26,16 +26,16 @@ include 'functions.inc.php';
verifyAction('CREATEDIR');
checkAccess('CREATEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?'':$_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(mkdir(fixPath($path).'/'.$name, octdec(DIRPERMISSIONS)))
if (is_dir(fixPath($path))) {
if (mkdir(fixPath($path) . '/' . $name, (int) octdec(DIRPERMISSIONS))) {
echo getSuccessRes();
else
echo getErrorRes(t('E_CreateDirFailed').' '.basename($path));
}
else
} else {
echo getErrorRes(t('E_CreateDirFailed') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_CreateDirInvalidPath'));
?>
}

View File

@ -26,19 +26,19 @@ include 'functions.inc.php';
verifyAction('DELETEDIR');
checkAccess('DELETEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d']));
$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
if (is_dir(fixPath($path))) {
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotDeleteRoot'));
elseif(count(glob(fixPath($path)."/*")))
} elseif (count((array) glob(fixPath($path) . "/*"))) {
echo getErrorRes(t('E_DeleteNonEmpty'));
elseif(rmdir(fixPath($path)))
} elseif (rmdir(fixPath($path))) {
echo getSuccessRes();
else
echo getErrorRes(t('E_CannotDeleteDir').' '.basename($path));
} else {
echo getErrorRes(t('E_CannotDeleteDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_DeleteDirInvalidPath') . ' ' . $path);
}
else
echo getErrorRes(t('E_DeleteDirInvalidPath').' '.$path);
?>

View File

@ -29,12 +29,12 @@ checkAccess('DELETEFILE');
$path = RoxyFile::FixPath(trim($_POST['f']));
verifyPath($path);
if(is_file(fixPath($path))){
if(unlink(fixPath($path)))
if (is_file(fixPath($path))) {
if (unlink(fixPath($path))) {
echo getSuccessRes();
else
echo getErrorRes(t('E_DeletеFile').' '.basename($path));
}
else
} else {
echo getErrorRes(t('E_DeletеFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_DeleteFileInvalidPath'));
?>
}

View File

@ -26,47 +26,60 @@ include 'functions.inc.php';
verifyAction('DIRLIST');
checkAccess('DIRLIST');
function getFilesNumber($path, $type){
/**
* @param string $path
* @param string $type
* @return int[]
*/
function getFilesNumber(string $path, string $type): array
{
$files = 0;
$dirs = 0;
$tmp = listDirectory($path);
foreach ($tmp as $ff){
if($ff == '.' || $ff == '..')
foreach ($tmp as $ff) {
if ($ff == '.' || $ff == '..') {
continue;
elseif(is_file($path.'/'.$ff) && ($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff))))
} elseif (
is_file($path . '/' . $ff) &&
($type == '' || ($type == 'image' && RoxyFile::IsImage($ff)) || ($type == 'flash' && RoxyFile::IsFlash($ff)))
) {
$files++;
elseif(is_dir($path.'/'.$ff))
} elseif (is_dir($path . '/' . $ff)) {
$dirs++;
}
}
return array('files'=>$files, 'dirs'=>$dirs);
return array('files' => $files, 'dirs' => $dirs);
}
function GetDirs($path, $type){
function GetDirs(string $path, string $type): void
{
$ret = $sort = array();
$files = listDirectory(fixPath($path), 0);
foreach ($files as $f){
$fullPath = $path.'/'.$f;
if(!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..')
$files = listDirectory(fixPath($path));
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if (!is_dir(fixPath($fullPath)) || $f == '.' || $f == '..') {
continue;
}
$tmp = getFilesNumber(fixPath($fullPath), $type);
$ret[$fullPath] = array('path'=>$fullPath,'files'=>$tmp['files'],'dirs'=>$tmp['dirs']);
$ret[$fullPath] = array('path' => $fullPath, 'files' => $tmp['files'], 'dirs' => $tmp['dirs']);
$sort[$fullPath] = $f;
}
natcasesort($sort);
foreach ($sort as $k => $v) {
$tmp = $ret[$k];
echo ',{"p":"'.mb_ereg_replace('"', '\\"', $tmp['path']).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}';
echo ',{"p":"' . mb_ereg_replace('"', '\\"', $tmp['path']) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs($tmp['path'], $type);
}
}
$type = (empty($_GET['type'])?'':strtolower($_GET['type']));
if($type != 'image' && $type != 'flash')
$type = (empty($_GET['type']) ? '' : strtolower($_GET['type']));
if ($type != 'image' && $type != 'flash') {
$type = '';
}
echo "[\n";
$tmp = getFilesNumber(fixPath(getFilesPath()), $type);
echo '{"p":"'. mb_ereg_replace('"', '\\"', getFilesPath()).'","f":"'.$tmp['files'].'","d":"'.$tmp['dirs'].'"}';
echo '{"p":"' . mb_ereg_replace('"', '\\"', getFilesPath()) . '","f":"' . $tmp['files'] . '","d":"' . $tmp['dirs'] . '"}';
GetDirs(getFilesPath(), $type);
echo "\n]";
?>

View File

@ -29,10 +29,9 @@ checkAccess('DOWNLOAD');
$path = RoxyFile::FixPath(trim($_GET['f']));
verifyPath($path);
if(is_file(fixPath($path))){
if (is_file(fixPath($path))) {
$file = urldecode(basename($path));
header('Content-Disposition: attachment; filename="'.$file.'"');
header('Content-Disposition: attachment; filename="' . $file . '"');
header('Content-Type: application/force-download');
readfile(fixPath($path));
}
?>

View File

@ -22,7 +22,7 @@
*/
include '../system.inc.php';
include 'functions.inc.php';
@ini_set('memory_limit', -1);
@ini_set('memory_limit', '-1');
verifyAction('DOWNLOADDIR');
checkAccess('DOWNLOADDIR');
@ -30,26 +30,25 @@ $path = RoxyFile::FixPath(trim($_GET['d']));
verifyPath($path);
$path = fixPath($path);
if(!class_exists('ZipArchive')){
if (!class_exists('ZipArchive')) {
echo '<script>alert("Cannot create zip archive - ZipArchive class is missing. Check your PHP version and configuration");</script>';
}
else{
try{
} else {
try {
$filename = basename($path);
$zipFile = $filename.'.zip';
$zipPath = BASE_PATH.'/tmp/'.$zipFile;
$zipFile = $filename . '.zip';
$zipPath = BASE_PATH . '/tmp/' . $zipFile;
RoxyFile::ZipDir($path, $zipPath);
header('Content-Disposition: attachment; filename="'.$zipFile.'"');
header('Content-Disposition: attachment; filename="' . $zipFile . '"');
header('Content-Type: application/force-download');
readfile($zipPath);
function deleteTmp($zipPath){
function deleteTmp(string $zipPath): void
{
@unlink($zipPath);
}
register_shutdown_function('deleteTmp', $zipPath);
}
catch(Exception $ex){
echo '<script>alert("'. addslashes(t('E_CreateArchive')).'");</script>';
} catch (Exception $ex) {
echo '<script>alert("' . addslashes(t('E_CreateArchive')) . '");</script>';
}
}
?>

View File

@ -26,34 +26,35 @@ include 'functions.inc.php';
verifyAction('FILESLIST');
checkAccess('FILESLIST');
$path = RoxyFile::FixPath(empty($_POST['d'])? getFilesPath(): $_POST['d']);
$type = (empty($_POST['type'])?'':strtolower($_POST['type']));
if($type != 'image' && $type != 'flash')
$path = RoxyFile::FixPath(empty($_POST['d']) ? getFilesPath() : $_POST['d']);
$type = (empty($_POST['type']) ? '' : strtolower($_POST['type']));
if ($type != 'image' && $type != 'flash') {
$type = '';
}
verifyPath($path);
$files = listDirectory(fixPath($path), 0);
$files = listDirectory(fixPath($path));
natcasesort($files);
$str = '';
echo '[';
foreach ($files as $f){
$fullPath = $path.'/'.$f;
if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f)))
foreach ($files as $f) {
$fullPath = $path . '/' . $f;
if (!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) {
continue;
}
$size = filesize(fixPath($fullPath));
$time = filemtime(fixPath($fullPath));
$w = 0;
$h = 0;
if(RoxyFile::IsImage($f)){
if (RoxyFile::IsImage($f)) {
$tmp = @getimagesize(fixPath($fullPath));
if($tmp){
if ($tmp) {
$w = $tmp[0];
$h = $tmp[1];
}
}
$str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},';
$str .= '{"p":"' . mb_ereg_replace('"', '\\"', $fullPath) . '","s":"' . $size . '","t":"' . $time . '","w":"' . $w . '","h":"' . $h . '"},';
}
$str = mb_substr($str, 0, -1);
echo $str;
echo ']';
?>

View File

@ -20,93 +20,121 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
include 'security.inc.php';
function t($key){
include_once 'security.inc.php';
function t(string $key): string
{
global $LANG;
if(empty($LANG)){
if (empty($LANG)) {
$file = 'en.json';
$langPath = '../lang/';
if(defined('LANG')){
if(LANG == 'auto'){
if (defined('LANG')) {
if (LANG == 'auto') {
$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
if(is_file($langPath.$lang.'.json'))
$file = $lang.'.json';
if (is_file($langPath . $lang . '.json'))
$file = $lang . '.json';
} elseif (is_file($langPath . LANG . '.json')) {
$file = LANG . '.json';
}
elseif(is_file($langPath.LANG.'.json'))
$file = LANG.'.json';
}
$file = $langPath.$file;
$LANG = json_decode(file_get_contents($file), true);
$file = $langPath . $file;
$LANG = json_decode((string) file_get_contents($file), true);
}
if(!$LANG[$key])
if (!$LANG[$key]) {
$LANG[$key] = $key;
}
return $LANG[$key];
}
function checkPath($path){
$ret = false;
if(mb_strpos($path.'/', getFilesPath()) === 0)
$ret = true;
return $ret;
function checkPath(string $path): bool
{
return mb_strpos($path . '/', getFilesPath()) === 0;
}
function verifyAction($action){
if(!defined($action) || !constant($action))
function verifyAction(string $action): void
{
if (!defined($action) || !constant($action)) {
exit;
else{
}
$confUrl = constant($action);
if (!is_string($confUrl)) {
die('Error parsing configuration');
}
$qStr = mb_strpos($confUrl, '?');
if($qStr !== false)
$confUrl = mb_substr ($confUrl, 0, $qStr);
$confUrl = BASE_PATH.'/'.$confUrl;
if ($qStr !== false) {
$confUrl = mb_substr($confUrl, 0, $qStr);
}
$confUrl = BASE_PATH . '/' . $confUrl;
$confUrl = RoxyFile::FixPath($confUrl);
$thisUrl = dirname(__FILE__).'/'.basename($_SERVER['PHP_SELF']);
$thisUrl = dirname(__FILE__) . '/' . basename($_SERVER['PHP_SELF']);
$thisUrl = RoxyFile::FixPath($thisUrl);
if($thisUrl != $confUrl){
if ($thisUrl != $confUrl) {
echo "$confUrl $thisUrl";
exit;
}
}
}
function verifyPath($path){
if(!checkPath($path)){
echo getErrorRes("Access to $path is denied").' '.$path;
function verifyPath(string $path): void
{
if (!checkPath($path)) {
echo getErrorRes("Access to $path is denied") . ' ' . $path;
exit;
}
}
function fixPath($path){
$path = $_SERVER['DOCUMENT_ROOT'].'/'.$path;
function fixPath(string $path): string
{
$path = $_SERVER['DOCUMENT_ROOT'] . '/' . $path;
$path = str_replace('\\', '/', $path);
$path = RoxyFile::FixPath($path);
return $path;
}
function gerResultStr($type, $str = ''){
return '{"res":"'. addslashes($type).'","msg":"'. addslashes($str).'"}';
function getResultStr(string $type, string $str = ''): string
{
return '{"res":"' . addslashes($type) . '","msg":"' . addslashes($str) . '"}';
}
function getSuccessRes($str = ''){
return gerResultStr('ok', $str);
function getSuccessRes(string $str = ''): string
{
return getResultStr('ok', $str);
}
function getErrorRes($str = ''){
return gerResultStr('error', $str);
function getErrorRes(string $str = ''): string
{
return getResultStr('error', $str);
}
function getFilesPath(){
$ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != ''?$_SESSION[SESSION_PATH_KEY]:FILES_ROOT);
if(!$ret){
$ret = RoxyFile::FixPath(BASE_PATH.'/Uploads');
function getFilesPath(): string
{
$ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != '' ? $_SESSION[SESSION_PATH_KEY] : FILES_ROOT);
if (!$ret) {
$ret = RoxyFile::FixPath(BASE_PATH . '/Uploads');
$tmp = $_SERVER['DOCUMENT_ROOT'];
if(mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\')
if (mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\')
$tmp = mb_substr($tmp, 0, -1);
$ret = str_replace(RoxyFile::FixPath($tmp), '', $ret);
}
return $ret;
}
function listDirectory($path){
/**
* @param string $path
* @return string[]
*/
function listDirectory(string $path): array
{
$ret = @scandir($path);
if($ret === false){
$ret = array();
if ($ret === false) {
$ret = [];
$d = opendir($path);
if($d){
while(($f = readdir($d)) !== false){
if ($d) {
while (($f = readdir($d)) !== false) {
$ret[] = $f;
}
closedir($d);
@ -115,125 +143,167 @@ function listDirectory($path){
return $ret;
}
class RoxyFile{
static public function CheckWritable($dir){
class RoxyFile
{
static public function CheckWritable(string $dir): bool
{
$ret = false;
if(self::CreatePath($dir)){
$dir = self::FixPath($dir.'/');
if (self::CreatePath($dir)) {
$dir = self::FixPath($dir . '/');
$testFile = 'writetest.txt';
$f = @fopen($dir.$testFile, 'w', false);
if($f){
$f = @fopen($dir . $testFile, 'w', false);
if ($f) {
fclose($f);
$ret = true;
@unlink($dir.$testFile);
@unlink($dir . $testFile);
}
}
return $ret;
}
static function CanUploadFile($filename){
$ret = false;
$forbidden = array_filter(preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter(preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
/**
* @param $path
* @return bool
*/
static public function CreatePath(string $path): bool
{
if (is_dir($path))
return true;
$prev_path = substr($path, 0, strrpos($path, '/', -2) + 1 );
$return = self::createPath($prev_path);
return $return && is_writable($prev_path) && mkdir($path);
}
static function CanUploadFile(string $filename): bool
{
$forbidden = array_filter((array) preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter((array) preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
$ext = RoxyFile::GetExtension($filename);
if((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed)))
$ret = true;
return $ret;
if ((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) {
return true;
}
static function ZipAddDir($path, $zip, $zipPath){
return false;
}
static public function ZipAddDir(string $path, ZipArchive $zip, string $zipPath): void
{
$d = opendir($path);
$zipPath = str_replace('//', '/', $zipPath);
if($zipPath && $zipPath != '/'){
if ($zipPath && $zipPath != '/') {
$zip->addEmptyDir($zipPath);
}
while(($f = readdir($d)) !== false){
if($f == '.' || $f == '..')
if (is_resource($d)) {
while (($f = readdir($d)) !== false) {
if ($f == '.' || $f == '..')
continue;
$filePath = $path.'/'.$f;
if(is_file($filePath)){
$zip->addFile($filePath, ($zipPath?$zipPath.'/':'').$f);
}
elseif(is_dir($filePath)){
self::ZipAddDir($filePath, $zip, ($zipPath?$zipPath.'/':'').$f);
$filePath = $path . '/' . $f;
if (is_file($filePath)) {
$zip->addFile($filePath, ($zipPath ? $zipPath . '/' : '') . $f);
} elseif (is_dir($filePath)) {
self::ZipAddDir($filePath, $zip, ($zipPath ? $zipPath . '/' : '') . $f);
}
}
}
if (is_resource($d)) {
closedir($d);
}
static function ZipDir($path, $zipFile, $zipPath = ''){
}
static public function ZipDir(string $path, string $zipFile, string $zipPath = ''): void
{
$zip = new ZipArchive();
$zip->open($zipFile, ZIPARCHIVE::CREATE);
self::ZipAddDir($path, $zip, $zipPath);
$zip->close();
}
static function IsImage($fileName){
$ret = false;
static public function IsImage(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName));
if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'jpe' || $ext == 'png' || $ext == 'gif' || $ext == 'ico')
$ret = true;
return $ret;
$imageExtensions = ['jpg', 'jpeg', 'jpe', 'png', 'gif', 'ico', 'webp'];
return in_array($ext, $imageExtensions);
}
static function IsFlash($fileName){
$ret = false;
static public function IsFlash(string $fileName): bool
{
$ext = strtolower(self::GetExtension($fileName));
if($ext == 'swf' || $ext == 'flv' || $ext == 'swc' || $ext == 'swt')
$ret = true;
return $ret;
$flashExtensions = ['swf', 'flv', 'swc', 'swt'];
return in_array($ext, $flashExtensions);
}
/**
* Returns human formated file size
*
* @param int $filesize
* @return string
*/
static function FormatFileSize($filesize){
$ret = '';
static public function FormatFileSize(int $filesize): string
{
$unit = 'B';
if($filesize > 1024){
if ($filesize > 1024) {
$unit = 'KB';
$filesize = $filesize / 1024;
}
if($filesize > 1024){
if ($filesize > 1024) {
$unit = 'MB';
$filesize = $filesize / 1024;
}
if($filesize > 1024){
if ($filesize > 1024) {
$unit = 'GB';
$filesize = $filesize / 1024;
}
$ret = round($filesize, 2).' '.$unit;
$ret = round($filesize, 2) . ' ' . $unit;
return $ret;
}
/**
* Returns MIME type of $filename
*
* @param string $filename
* @return string
*/
static function GetMIMEType($filename){
$type = 'application/octet-stream';
static public function GetMIMEType(string $filename): string
{
$ext = self::GetExtension($filename);
switch(strtolower($ext)){
case 'jpg': $type = 'image/jpeg';break;
case 'jpeg': $type = 'image/jpeg';break;
case 'gif': $type = 'image/gif';break;
case 'png': $type = 'image/png';break;
case 'bmp': $type = 'image/bmp';break;
case 'tiff': $type = 'image/tiff';break;
case 'tif': $type = 'image/tiff';break;
case 'pdf': $type = 'application/pdf';break;
case 'rtf': $type = 'application/msword';break;
case 'doc': $type = 'application/msword';break;
case 'xls': $type = 'application/vnd.ms-excel'; break;
case 'zip': $type = 'application/zip'; break;
case 'swf': $type = 'application/x-shockwave-flash'; break;
default: $type = 'application/octet-stream';
switch (strtolower($ext)) {
case 'jpg':
case 'jpeg':
return 'image/jpeg';
case 'gif':
return 'image/gif';
case 'png':
return 'image/png';
case 'bmp':
return 'image/bmp';
case 'webp':
return 'image/webp';
case 'tiff':
case 'tif':
return 'image/tiff';
case 'pdf':
return 'application/pdf';
case 'rtf':
case 'doc':
return 'application/msword';
case 'xls':
return 'application/vnd.ms-excel';
case 'zip':
return 'application/zip';
case 'swf':
return 'application/x-shockwave-flash';
default:
return 'application/octet-stream';
}
return $type;
}
/**
@ -243,22 +313,23 @@ class RoxyFile{
* @param string $sep
* @return string
*/
static function CleanupFilename($filename, $sep = '_'){
static public function CleanupFilename(string $filename, string $sep = '_'): string
{
$str = '';
if(strpos($filename,'.')){
$ext = self::GetExtension($filename) ;
if (strpos($filename, '.')) {
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
}
else{
} else {
$ext = '';
$name = $filename;
}
if(mb_strlen($name) > 32)
if (mb_strlen($name) > 32) {
$name = mb_substr($name, 0, 32);
}
$str = str_replace('.php', '', $str);
$str = mb_ereg_replace("[^\\w]", $sep, $name);
$str = (string) mb_ereg_replace("[^\\w]", $sep, $name);
$str = mb_ereg_replace("$sep+", $sep, $str).($ext?'.'.$ext:'');
$str = (string) mb_ereg_replace("$sep+", $sep, $str) . ($ext ? '.' . $ext : '');
return $str;
}
@ -269,11 +340,13 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function GetExtension($filename) {
static public function GetExtension(string $filename): string
{
$ext = '';
if(mb_strrpos($filename, '.') !== false)
if (mb_strrpos($filename, '.') !== false) {
$ext = mb_substr($filename, mb_strrpos($filename, '.') + 1);
}
return strtolower($ext);
}
@ -284,33 +357,39 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function GetName($filename) {
$name = '';
static public function GetName(string $filename): string
{
$tmp = mb_strpos($filename, '?');
if($tmp !== false)
$filename = mb_substr ($filename, 0, $tmp);
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
$dotPos = mb_strrpos($filename, '.');
if($dotPos !== false)
if ($dotPos !== false) {
$name = mb_substr($filename, 0, $dotPos);
else
} else {
$name = $filename;
}
return $name;
}
static function GetFullName($filename) {
$tmp = mb_strpos($filename, '?');
if($tmp !== false)
$filename = mb_substr ($filename, 0, $tmp);
$filename = basename($filename);
return $filename;
static public function GetFullName(string $filename): string
{
$tmp = mb_strpos($filename, '?');
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
static public function FixPath($path){
$path = mb_ereg_replace('[\\\/]+', '/', $path);
$path = mb_ereg_replace('\.\.\/', '', $path);
return basename($filename);
}
static public function FixPath(string $path): string
{
$path = (string) mb_ereg_replace('[\\\/]+', '/', $path);
$path = (string) mb_ereg_replace('\.\.\/', '', $path);
return $path;
}
/**
* creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir
*
@ -318,27 +397,31 @@ class RoxyFile{
* @param string $filename
* @return string
*/
static function MakeUniqueFilename($dir, $filename){
$temp = '';
static public function MakeUniqueFilename(string $dir, string $filename): string
{
;
$dir .= '/';
$dir = self::FixPath($dir.'/');
$dir = self::FixPath($dir . '/');
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
$name = self::CleanupFilename($name);
$name = mb_ereg_replace(' \\- Copy \\d+$', '', $name);
if($ext)
$ext = '.'.$ext;
if(!$name)
if ($ext) {
$ext = '.' . $ext;
}
if (!$name) {
$name = 'file';
}
$i = 0;
do{
$temp = ($i > 0? $name." - Copy $i": $name).$ext;
do {
$temp = ($i > 0 ? $name . " - Copy $i" : $name) . $ext;
$i++;
}while(file_exists($dir.$temp));
} while (file_exists($dir . $temp));
return $temp;
}
/**
* creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir
*
@ -346,44 +429,44 @@ class RoxyFile{
* @param string $name
* @return string
*/
static function MakeUniqueDirname($dir, $name){
$temp = '';
$dir = self::FixPath($dir.'/');
static public function MakeUniqueDirname(string $dir, string $name): string
{
$dir = self::FixPath($dir . '/');
$name = mb_ereg_replace(' - Copy \\d+$', '', $name);
if(!$name)
if (!$name) {
$name = 'directory';
}
$i = 0;
do{
$temp = ($i? $name." - Copy $i": $name);
do {
$temp = ($i ? $name . " - Copy $i" : $name);
$i++;
}while(is_dir($dir.$temp));
} while (is_dir($dir . $temp));
return $temp;
}
}
class RoxyImage{
public static function GetImage($path){
$img = null;
class RoxyImage
{
public static function GetImage(string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
switch($ext){
switch ($ext) {
case 'png':
$img = imagecreatefrompng($path);
break;
return imagecreatefrompng($path);
case 'gif':
$img = imagecreatefromgif($path);
break;
return imagecreatefromgif($path);
default:
$img = imagecreatefromjpeg($path);
return imagecreatefromjpeg($path);
}
}
return $img;
public static function OutputImage($img, string $type, ?string $destination = '', int $quality = 90)
{
if(is_string($img)) {
$img = self::GetImage($img);
}
public static function OutputImage($img, $type, $destination = '', $quality = 90){
if(is_string($img))
$img = self::GetImage ($img);
switch(strtolower($type)){
case 'png':
imagepng($img, $destination);
@ -396,10 +479,11 @@ class RoxyImage{
}
}
public static function SetAlpha($img, $path) {
public static function SetAlpha($img, string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
if($ext == "gif" || $ext == "png"){
imagecolortransparent($img, imagecolorallocatealpha($img, 0, 0, 0, 127));
if ($ext == "gif" || $ext == "png") {
imagecolortransparent($img, (int) imagecolorallocatealpha($img, 0, 0, 0, 127));
imagealphablending($img, false);
imagesavealpha($img, true);
}
@ -407,39 +491,55 @@ class RoxyImage{
return $img;
}
public static function Resize($source, $destination, $width = '150',$height = 0, $quality = 90) {
$tmp = getimagesize($source);
public static function Resize(
string $source,
?string $destination,
int $width = 150,
int $height = 0,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
$r = $w / $h;
if($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))){
if($source != $destination)
if ($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))) {
if ($source != $destination) {
self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
return;
}
$newWidth = $width;
$newHeight = floor($newWidth / $r);
if(($height > 0 && $newHeight > $height) || !$width){
if (($height > 0 && $newHeight > $height) || !$width) {
$newHeight = $height;
$newWidth = intval($newHeight * $r);
}
$thumbImg = imagecreatetruecolor($newWidth, $newHeight);
$thumbImg = imagecreatetruecolor((int) $newWidth, (int) $newHeight);
$img = self::GetImage($source);
$thumbImg = self::SetAlpha($thumbImg, $source);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, $newWidth, $newHeight, $w, $h);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, (int) $newWidth, (int) $newHeight, $w, $h);
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
public static function CropCenter($source, $destination, $width, $height, $quality = 90) {
$tmp = getimagesize($source);
public static function CropCenter(
string $source,
?string $destination,
int $width,
int $height,
int $quality = 90
): void
{
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
if(($w <= $width) && (!$height || ($h <= $height))){
if (($w <= $width) && (!$height || ($h <= $height))) {
self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
$ratio = $width / $height;
@ -447,25 +547,37 @@ class RoxyImage{
$cropWidth = floor($h * $ratio);
$cropHeight = floor($cropWidth / $ratio);
if($cropWidth > $w){
if ($cropWidth > $w) {
$cropWidth = $w;
$cropHeight = $w / $ratio;
}
if($cropHeight > $h){
if ($cropHeight > $h) {
$cropHeight = $h;
$cropWidth = $h * $ratio;
}
if($cropWidth < $w){
if ($cropWidth < $w) {
$left = floor(($w - $cropWidth) / 2);
}
if($cropHeight < $h){
$top = floor(($h- $cropHeight) / 2);
if ($cropHeight < $h) {
$top = floor(($h - $cropHeight) / 2);
}
self::Crop($source, $destination, $left, $top, $cropWidth, $cropHeight, $width, $height, $quality);
self::Crop($source, $destination, (int) $left, (int) $top, $cropWidth, $cropHeight, $width, $height, $quality);
}
public static function Crop($source, $destination, $x, $y, $cropWidth, $cropHeight, $width, $height, $quality = 90) {
public static function Crop(
string $source,
?string $destination,
int $x,
int $y,
int $cropWidth,
int $cropHeight,
int $width,
int $height,
int $quality = 90
): void
{
$thumbImg = imagecreatetruecolor($width, $height);
$img = self::GetImage($source);
@ -476,14 +588,18 @@ class RoxyImage{
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
}
$tmp = json_decode(file_get_contents(BASE_PATH.'/conf.json'), true);
if($tmp){
foreach ($tmp as $k=>$v)
define($k, $v);
}
else
$tmp = json_decode((string) file_get_contents(BASE_PATH . '/conf.json'), true);
if (!$tmp || !is_array($tmp)) {
die('Error parsing configuration');
}
foreach ($tmp as $k => $v) {
define((string) $k, $v);
}
$FilesRoot = fixPath(getFilesPath());
if(!is_dir($FilesRoot))
@mkdir($FilesRoot, octdec(DIRPERMISSIONS));
?>
if (!is_dir($FilesRoot)) {
@mkdir($FilesRoot, (int) octdec(DIRPERMISSIONS));
}

View File

@ -26,21 +26,21 @@ include 'functions.inc.php';
verifyAction('MOVEDIR');
checkAccess('MOVEDIR');
$path = RoxyFile::FixPath(trim(empty($_GET['d'])?'':$_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n'])?'':$_GET['n']));
$path = RoxyFile::FixPath(trim(empty($_GET['d']) ? '' : $_GET['d']));
$newPath = RoxyFile::FixPath(trim(empty($_GET['n']) ? '' : $_GET['n']));
verifyPath($path);
verifyPath($newPath);
if(is_dir(fixPath($path))){
if(mb_strpos($newPath, $path) === 0)
if (is_dir(fixPath($path))) {
if (mb_strpos($newPath, $path) === 0) {
echo getErrorRes(t('E_CannotMoveDirToChild'));
elseif(file_exists(fixPath($newPath).'/'.basename($path)))
} elseif (file_exists(fixPath($newPath) . '/' . basename($path))) {
echo getErrorRes(t('E_DirAlreadyExists'));
elseif(rename(fixPath($path), fixPath($newPath).'/'.basename($path)))
} elseif (rename(fixPath($path), fixPath($newPath) . '/' . basename($path))) {
echo getSuccessRes();
else
echo getErrorRes(t('E_MoveDir').' '.basename($path));
}
else
} else {
echo getErrorRes(t('E_MoveDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_MoveDirInvalisPath'));
?>
}

View File

@ -26,25 +26,24 @@ include 'functions.inc.php';
verifyAction('MOVEFILE');
checkAccess('MOVEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
if(!$newPath)
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$newPath = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
if (!$newPath) {
$newPath = getFilesPath();
}
verifyPath($path);
verifyPath($newPath);
if(!RoxyFile::CanUploadFile(basename($newPath))) {
if (!RoxyFile::CanUploadFile(basename($newPath))) {
echo getErrorRes(t('E_FileExtensionForbidden'));
}
elseif(is_file(fixPath($path))){
if(file_exists(fixPath($newPath)))
echo getErrorRes(t('E_MoveFileAlreadyExists').' '.basename($newPath));
elseif(rename(fixPath($path), fixPath($newPath)))
} elseif (is_file(fixPath($path))) {
if (file_exists(fixPath($newPath))) {
echo getErrorRes(t('E_MoveFileAlreadyExists') . ' ' . basename($newPath));
} elseif (rename(fixPath($path), fixPath($newPath))) {
echo getSuccessRes();
else
echo getErrorRes(t('E_MoveFile').' '.basename($path));
}
else {
} else {
echo getErrorRes(t('E_MoveFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_MoveFileInvalisPath'));
}
?>

View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEDIR');
checkAccess('RENAMEDIR');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])? '': $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])? '': $_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? '' : $_POST['d']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_dir(fixPath($path))){
if(fixPath($path.'/') == fixPath(getFilesPath().'/'))
if (is_dir(fixPath($path))) {
if (fixPath($path . '/') == fixPath(getFilesPath() . '/')) {
echo getErrorRes(t('E_CannotRenameRoot'));
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
else
echo getErrorRes(t('E_RenameDir').' '.basename($path));
}
else
} else {
echo getErrorRes(t('E_RenameDir') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_RenameDirInvalidPath'));
?>
}

View File

@ -26,18 +26,18 @@ include 'functions.inc.php';
verifyAction('RENAMEFILE');
checkAccess('RENAMEFILE');
$path = RoxyFile::FixPath(trim(empty($_POST['f'])?'':$_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n'])?'':$_POST['n']));
$path = RoxyFile::FixPath(trim(empty($_POST['f']) ? '' : $_POST['f']));
$name = RoxyFile::FixPath(trim(empty($_POST['n']) ? '' : $_POST['n']));
verifyPath($path);
if(is_file(fixPath($path))){
if(!RoxyFile::CanUploadFile($name))
echo getErrorRes(t('E_FileExtensionForbidden').' ".'.RoxyFile::GetExtension($name).'"');
elseif(rename(fixPath($path), dirname(fixPath($path)).'/'.$name))
if (is_file(fixPath($path))) {
if (!RoxyFile::CanUploadFile($name)) {
echo getErrorRes(t('E_FileExtensionForbidden') . ' ".' . RoxyFile::GetExtension($name) . '"');
} elseif (rename(fixPath($path), dirname(fixPath($path)) . '/' . $name)) {
echo getSuccessRes();
else
echo getErrorRes(t('E_RenameFile').' '.basename($path));
}
else
} else {
echo getErrorRes(t('E_RenameFile') . ' ' . basename($path));
}
} else {
echo getErrorRes(t('E_RenameFileInvalidPath'));
?>
}

View File

@ -20,7 +20,8 @@
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
function checkAccess($action) {
function checkAccess(string $action): void
{
unset($action);
if($_COOKIE['filemanagerkey'] !== md5_file("../../../../../../config.inc.php")) die('nice try, noob.');
}
?>

View File

@ -29,18 +29,17 @@ header("Cache-Control: max-age=3600");
verifyAction('GENERATETHUMB');
checkAccess('GENERATETHUMB');
$path = RoxyFile::FixPath(urldecode(empty($_GET['f'])?'':$_GET['f']));
$path = RoxyFile::FixPath(urldecode(empty($_GET['f']) ? '' : $_GET['f']));
verifyPath($path);
@chmod(fixPath(dirname($path)), octdec(DIRPERMISSIONS));
@chmod(fixPath($path), octdec(FILEPERMISSIONS));
@chmod(fixPath(dirname($path)), (int) octdec(DIRPERMISSIONS));
@chmod(fixPath($path), (int) octdec(FILEPERMISSIONS));
$w = intval(empty($_GET['width'])?'100':$_GET['width']);
$h = intval(empty($_GET['height'])?'0':$_GET['height']);
$w = intval(empty($_GET['width']) ? '100' : $_GET['width']);
$h = intval(empty($_GET['height']) ? '0' : $_GET['height']);
header('Content-type: '.RoxyFile::GetMIMEType(basename($path)));
if($w && $h)
RoxyImage::CropCenter(fixPath($path), null, $w, $h);
else
RoxyImage::Resize(fixPath($path), null, $w, $h);
?>

View File

@ -26,58 +26,57 @@ include 'functions.inc.php';
verifyAction('UPLOAD');
checkAccess('UPLOAD');
$isAjax = (isset($_POST['method']) && $_POST['method'] == 'ajax');
$path = RoxyFile::FixPath(trim(empty($_POST['d'])?getFilesPath():$_POST['d']));
$path = RoxyFile::FixPath(trim(empty($_POST['d']) ? getFilesPath() : $_POST['d']));
verifyPath($path);
$res = '';
if(is_dir(fixPath($path))){
if(!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])){
$errors = $errorsExt = array();
foreach($_FILES['files']['tmp_name'] as $k=>$v){
$errors = $errorsExt = array();
if (is_dir(fixPath($path))) {
if (!empty($_FILES['files']) && is_array($_FILES['files']['tmp_name'])) {
foreach ($_FILES['files']['tmp_name'] as $k => $v) {
$filename = $_FILES['files']['name'][$k];
$filename = RoxyFile::MakeUniqueFilename(fixPath($path), $filename);
$filePath = fixPath($path).'/'.$filename;
$filePath = fixPath($path) . '/' . $filename;
$isUploaded = true;
if(!RoxyFile::CanUploadFile($filename)){
if (!RoxyFile::CanUploadFile($filename)) {
$errorsExt[] = $filename;
$isUploaded = false;
}
elseif(!move_uploaded_file($v, $filePath)){
} elseif (!move_uploaded_file($v, $filePath)) {
$errors[] = $filename;
$isUploaded = false;
}
if(is_file($filePath)){
@chmod ($filePath, octdec(FILEPERMISSIONS));
if (is_file($filePath)) {
@chmod($filePath, (int) octdec(FILEPERMISSIONS));
}
if($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)){
if ($isUploaded && RoxyFile::IsImage($filename) && (intval(MAX_IMAGE_WIDTH) > 0 || intval(MAX_IMAGE_HEIGHT) > 0)) {
RoxyImage::Resize($filePath, $filePath, intval(MAX_IMAGE_WIDTH), intval(MAX_IMAGE_HEIGHT));
}
}
if($errors && $errorsExt)
$res = getSuccessRes(t('E_UploadNotAll').' '.t('E_FileExtensionForbidden'));
elseif($errorsExt)
if ($errors && $errorsExt) {
$res = getSuccessRes(t('E_UploadNotAll') . ' ' . t('E_FileExtensionForbidden'));
} elseif ($errorsExt) {
$res = getSuccessRes(t('E_FileExtensionForbidden'));
elseif($errors)
} elseif ($errors) {
$res = getSuccessRes(t('E_UploadNotAll'));
else
} else {
$res = getSuccessRes();
}
else
} else {
$res = getErrorRes(t('E_UploadNoFiles'));
}
else
}
} else {
$res = getErrorRes(t('E_UploadInvalidPath'));
if($isAjax){
if($errors || $errorsExt)
$res = getErrorRes(t('E_UploadNotAll'));
echo $res;
}
else{
if ($isAjax) {
if ($errors || $errorsExt) {
$res = getErrorRes(t('E_UploadNotAll'));
}
echo $res;
} else {
echo '
<script>
parent.fileUploaded('.$res.');
parent.fileUploaded(' . $res . ')
</script>';
}
?>

View File

@ -4,7 +4,20 @@ parameters:
- ../../o3-shop/shop-ce/source/oxfunctions.php
paths:
- Application
excludePaths:
- Application/fileman
level: 9
phpVersion: 70400
ignoreErrors:
- '#Constant FILES_ROOT not found.#'
- '#Constant SESSION_PATH_KEY not found.#'
- '#Constant FORBIDDEN_UPLOADS not found.#'
- '#Constant ALLOWED_UPLOADS not found.#'
- '#Constant BASE_PATH not found.#'
- '#Constant DIRPERMISSIONS not found.#'
- '#Constant FILEPERMISSIONS not found.#'
- '#Constant MAX_IMAGE_HEIGHT not found.#'
- '#Constant MAX_IMAGE_WIDTH not found.#'
- '#Method RoxyImage\:\:OutputImage\(\) has no return type specified.#'
- '#Method RoxyImage\:\:OutputImage\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has no return type specified.#'
- '#Method RoxyImage\:\:SetAlpha\(\) has parameter \$img with no type specified.#'
- '#Method RoxyImage\:\:GetImage\(\) has no return type specified.#'