XOOPS  2.6.0
execute.php
Go to the documentation of this file.
1 <?php
2 include('config/config.php');
3 if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") die('forbiden');
4 include('include/utils.php');
5 
6 
7 $thumb_pos = strpos($_POST['path_thumb'], $thumbs_base_path);
8 
9 if ($thumb_pos !=0
10  || strpos($_POST['path_thumb'],'../',strlen($thumbs_base_path)+$thumb_pos)!==FALSE
11  || strpos($_POST['path'],'/')===0
12  || strpos($_POST['path'],'../')!==FALSE
13  || strpos($_POST['path'],'./')===0)
14 {
15  die('wrong path');
16 }
17 
18 $language_file = 'lang/en_EN.php';
19 if (isset($_GET['lang']) && $_GET['lang'] != 'undefined' && $_GET['lang']!='')
20 {
21  $path_parts = pathinfo($_GET['lang']);
22  if (is_readable('lang/' .$path_parts['basename']. '.php'))
23  {
24  $language_file = 'lang/' .$path_parts['basename']. '.php';
25  }
26 }
27 
28 require_once $language_file;
29 
31 $path = $current_path.$_POST['path'];
32 $cycle = TRUE;
34 $i = 0;
35 while($cycle && $i<$max_cycles)
36 {
37  $i++;
38  if ($path == $base) $cycle=FALSE;
39 
40  if (file_exists($path."config.php"))
41  {
42  require_once($path."config.php");
43  $cycle = FALSE;
44  }
45  $path = fix_dirname($path)."/";
46  $cycle = FALSE;
47 }
48 
49 $path = $current_path.$_POST['path'];
50 $path_thumb = $_POST['path_thumb'];
51 if (isset($_POST['name']))
52 {
53  $name = $_POST['name'];
54  if (strpos($name,'../') !== FALSE) die('wrong name');
55 }
56 
57 $info = pathinfo($path);
58 if (isset($info['extension']) && !(isset($_GET['action']) && $_GET['action']=='delete_folder') && !in_array(strtolower($info['extension']), $ext))
59 {
60  die('wrong extension');
61 }
62 
63 if (isset($_GET['action']))
64 {
65  switch($_GET['action'])
66  {
67  case 'delete_file':
68  if ($delete_files){
69  unlink($path);
70  if (file_exists($path_thumb)) unlink($path_thumb);
71 
72  $info=pathinfo($path);
75  {
76  if ($path!="" && $path[strlen($path)-1]!="/") $path.="/";
77 
78  if (file_exists($info['dirname']."/".$path.$relative_image_creation_name_to_prepend[$k].$info['filename'].$relative_image_creation_name_to_append[$k].".".$info['extension']))
79  {
80  unlink($info['dirname']."/".$path.$relative_image_creation_name_to_prepend[$k].$info['filename'].$relative_image_creation_name_to_append[$k].".".$info['extension']);
81  }
82  }
83  }
84 
86  {
87  foreach($fixed_path_from_filemanager as $k=>$path)
88  {
89  if ($path!="" && $path[strlen($path)-1] != "/") $path.="/";
90 
91  $base_dir=$path.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
92  if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']))
93  {
94  unlink($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']);
95  }
96  }
97  }
98  }
99  break;
100  case 'delete_folder':
101  if ($delete_folders){
102  if (is_dir($path_thumb))
103  {
105  }
106 
107  if (is_dir($path))
108  {
109  deleteDir($path);
111  {
112  foreach($fixed_path_from_filemanager as $k=>$paths){
113  if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
114 
115  $base_dir=$paths.substr_replace($path, '', 0, strlen($current_path));
116  if (is_dir($base_dir)) deleteDir($base_dir);
117  }
118  }
119  }
120  }
121  break;
122  case 'create_folder':
123  if ($create_folders)
124  {
126  }
127  break;
128  case 'rename_folder':
129  if ($rename_folders){
131  $name=str_replace('.','',$name);
132 
133  if (!empty($name)){
135 
138  foreach($fixed_path_from_filemanager as $k=>$paths){
139  if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
140 
141  $base_dir=$paths.substr_replace($path, '', 0, strlen($current_path));
143  }
144  }
145  }
146  else {
147  die(lang_Empty_name);
148  }
149  }
150  break;
151  case 'rename_file':
152  if ($rename_files){
154  if (!empty($name))
155  {
157 
159 
161  {
162  $info=pathinfo($path);
163 
164  foreach($fixed_path_from_filemanager as $k=>$paths)
165  {
166  if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
167 
168  $base_dir = $paths.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
169  if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']))
170  {
171  rename_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension'],$fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k],$transliteration);
172  }
173  }
174  }
175  }
176  else {
177  die(lang_Empty_name);
178  }
179  }
180  break;
181  case 'duplicate_file':
182  if ($duplicate_files)
183  {
185  if (!empty($name))
186  {
188 
190 
192  {
193  $info=pathinfo($path);
194  foreach($fixed_path_from_filemanager as $k=>$paths)
195  {
196  if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.= "/";
197 
198  $base_dir=$paths.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
199 
200  if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']))
201  {
202  duplicate_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension'],$fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k]);
203  }
204  }
205  }
206  }
207  else
208  {
209  die(lang_Empty_name);
210  }
211  }
212  break;
213  case 'paste_clipboard':
214  if ( ! isset($_SESSION['RF']['clipboard_action'], $_SESSION['RF']['clipboard']['path'], $_SESSION['RF']['clipboard']['path_thumb'])
215  || $_SESSION['RF']['clipboard_action'] == ''
216  || $_SESSION['RF']['clipboard']['path'] == ''
217  || $_SESSION['RF']['clipboard']['path_thumb'] == '')
218  {
219  die();
220  }
221 
222  $action = $_SESSION['RF']['clipboard_action'];
223  $data = $_SESSION['RF']['clipboard'];
224  $data['path'] = $current_path.$data['path'];
225  $pinfo = pathinfo($data['path']);
226 
227  // user wants to paste to the same dir. nothing to do here...
228  if ($pinfo['dirname'] == rtrim($path, '/')) {
229  die();
230  }
231 
232  // user wants to paste folder to it's own sub folder.. baaaah.
233  if (is_dir($data['path']) && strpos($path, $data['path']) !== FALSE){
234  die();
235  }
236 
237  // something terribly gone wrong
238  if ($action != 'copy' && $action != 'cut'){
239  die('no action');
240  }
241 
242  // check for writability
243  if (is_really_writable($path) === FALSE || is_really_writable($path_thumb) === FALSE){
244  die($path.'--'.$path_thumb.'--'.lang_Dir_No_Write);
245  }
246 
247  // check if server disables copy or rename
248  if (is_function_callable(($action == 'copy' ? 'copy' : 'rename')) === FALSE){
249  die(sprintf(lang_Function_Disabled, ($action == 'copy' ? lcfirst(lang_Copy) : lcfirst(lang_Cut))));
250  }
251 
252  if ($action == 'copy')
253  {
254  rcopy($data['path'], $path);
255  rcopy($data['path_thumb'], $path_thumb);
256  }
257  elseif ($action == 'cut')
258  {
259  rrename($data['path'], $path);
260  rrename($data['path_thumb'], $path_thumb);
261 
262  // cleanup
263  if (is_dir($data['path']) === TRUE){
264  rrename_after_cleaner($data['path']);
265  rrename_after_cleaner($data['path_thumb']);
266  }
267  }
268 
269  // cleanup
270  $_SESSION['RF']['clipboard']['path'] = NULL;
271  $_SESSION['RF']['clipboard']['path_thumb'] = NULL;
272  $_SESSION['RF']['clipboard_action'] = NULL;
273 
274  break;
275  default:
276  die('wrong action');
277  }
278 }
279 
280 ?>
$current_path
Definition: config.php:3
$path
Definition: execute.php:31
$_SESSION['RF']["verify"]
Definition: dialog.php:4
$thumbs_base_path
Definition: config.php:67
$path_thumb
Definition: execute.php:50
$delete_files
Definition: config.php:121
rename_file($old_path, $name, $transliteration)
Definition: utils.php:24
$i
Definition: execute.php:34
$action
Definition: misc.php:32
rcopy($source, $destination, $is_rec=FALSE)
Definition: utils.php:368
const lang_Function_Disabled
Definition: az_AZ.php:76
if($mtime===false) if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) $path_parts
Definition: browse.php:86
$relative_path_from_current_pos
Definition: config.php:228
is_really_writable($dir)
Definition: utils.php:326
$rename_folders
Definition: config.php:126
if($thumb_pos!=0||strpos($_POST['path_thumb'],'../', strlen($thumbs_base_path)+$thumb_pos)!==FALSE||strpos($_POST['path'],'/')===0||strpos($_POST['path'],'../')!==FALSE||strpos($_POST['path'],'./')===0) $language_file
Definition: execute.php:18
rrename($source, $destination, $is_rec=FALSE)
Definition: utils.php:404
const lang_Dir_No_Write
Definition: az_AZ.php:75
is_function_callable($name)
Definition: utils.php:361
$fixed_image_creation
Definition: config.php:215
create_folder($path=false, $path_thumbs=false)
Definition: utils.php:119
rename_folder($old_path, $name, $transliteration)
Definition: utils.php:34
$base
Definition: execute.php:30
$delete_folders
Definition: config.php:123
$rename_files
Definition: config.php:125
$fixed_image_creation_name_to_prepend
Definition: config.php:217
if(isset($_POST['name'])) $info
Definition: execute.php:57
const lang_Empty_name
Definition: az_AZ.php:35
$ext
Definition: browse.php:87
$max_cycles
Definition: execute.php:33
const lang_Rename_existing_folder
Definition: az_AZ.php:34
$relative_image_creation
Definition: config.php:227
fix_filename($str, $transliteration)
Definition: utils.php:163
$cycle
Definition: execute.php:32
fix_dirname($str)
Definition: utils.php:191
$fixed_path_from_filemanager
Definition: config.php:216
const lang_Copy
Definition: az_AZ.php:59
const lang_Rename_existing_file
Definition: az_AZ.php:33
$transliteration
Definition: config.php:84
duplicate_file($old_path, $name)
Definition: utils.php:15
fix_path($path, $transliteration)
Definition: utils.php:210
$create_folders
Definition: config.php:122
$duplicate_files
Definition: config.php:127
deleteDir($dir)
Definition: utils.php:5
$thumb_pos
Definition: execute.php:7
rrename_after_cleaner($source)
Definition: utils.php:439
const lang_Cut
Definition: az_AZ.php:60