1 | <?php
|
---|
2 |
|
---|
3 | /** This file is part of KCFinder project
|
---|
4 | *
|
---|
5 | * @desc Browser actions class
|
---|
6 | * @package KCFinder
|
---|
7 | * @version 2.51
|
---|
8 | * @author Pavel Tzonkov <pavelc@users.sourceforge.net>
|
---|
9 | * @copyright 2010, 2011 KCFinder Project
|
---|
10 | * @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
|
---|
11 | * @license http://www.opensource.org/licenses/lgpl-2.1.php LGPLv2
|
---|
12 | * @link http://kcfinder.sunhater.com
|
---|
13 | */
|
---|
14 |
|
---|
15 | class browser extends uploader {
|
---|
16 | protected $action;
|
---|
17 | protected $thumbsDir;
|
---|
18 | protected $thumbsTypeDir;
|
---|
19 |
|
---|
20 | public function __construct() {
|
---|
21 | parent::__construct();
|
---|
22 |
|
---|
23 | if (isset($this->post['dir'])) {
|
---|
24 | $dir = $this->checkInputDir($this->post['dir'], true, false);
|
---|
25 | if ($dir === false) unset($this->post['dir']);
|
---|
26 | $this->post['dir'] = $dir;
|
---|
27 | }
|
---|
28 |
|
---|
29 | if (isset($this->get['dir'])) {
|
---|
30 | $dir = $this->checkInputDir($this->get['dir'], true, false);
|
---|
31 | if ($dir === false) unset($this->get['dir']);
|
---|
32 | $this->get['dir'] = $dir;
|
---|
33 | }
|
---|
34 |
|
---|
35 | $thumbsDir = $this->config['uploadDir'] . "/" . $this->config['thumbsDir'];
|
---|
36 | if ((
|
---|
37 | !is_dir($thumbsDir) &&
|
---|
38 | !@mkdir($thumbsDir, $this->config['dirPerms'])
|
---|
39 | ) ||
|
---|
40 |
|
---|
41 | !is_readable($thumbsDir) ||
|
---|
42 | !dir::isWritable($thumbsDir) ||
|
---|
43 | (
|
---|
44 | !is_dir("$thumbsDir/{$this->type}") &&
|
---|
45 | !@mkdir("$thumbsDir/{$this->type}", $this->config['dirPerms'])
|
---|
46 | )
|
---|
47 | )
|
---|
48 | $this->errorMsg("Cannot access or create thumbnails folder.");
|
---|
49 |
|
---|
50 | $this->thumbsDir = $thumbsDir;
|
---|
51 | $this->thumbsTypeDir = "$thumbsDir/{$this->type}";
|
---|
52 |
|
---|
53 | // Remove temporary zip downloads if exists
|
---|
54 | $files = dir::content($this->config['uploadDir'], array(
|
---|
55 | 'types' => "file",
|
---|
56 | 'pattern' => '/^.*\.zip$/i'
|
---|
57 | ));
|
---|
58 |
|
---|
59 | if (is_array($files) && count($files)) {
|
---|
60 | $time = time();
|
---|
61 | foreach ($files as $file)
|
---|
62 | if (is_file($file) && ($time - filemtime($file) > 3600))
|
---|
63 | unlink($file);
|
---|
64 | }
|
---|
65 |
|
---|
66 | if (isset($this->get['theme']) &&
|
---|
67 | ($this->get['theme'] == basename($this->get['theme'])) &&
|
---|
68 | is_dir("themes/{$this->get['theme']}")
|
---|
69 | )
|
---|
70 | $this->config['theme'] = $this->get['theme'];
|
---|
71 | }
|
---|
72 |
|
---|
73 | public function action() {
|
---|
74 | $act = isset($this->get['act']) ? $this->get['act'] : "browser";
|
---|
75 | if (!method_exists($this, "act_$act"))
|
---|
76 | $act = "browser";
|
---|
77 | $this->action = $act;
|
---|
78 | $method = "act_$act";
|
---|
79 |
|
---|
80 | if ($this->config['disabled']) {
|
---|
81 | $message = $this->label("You don't have permissions to browse server.");
|
---|
82 | if (in_array($act, array("browser", "upload")) ||
|
---|
83 | (substr($act, 0, 8) == "download")
|
---|
84 | )
|
---|
85 | $this->backMsg($message);
|
---|
86 | else {
|
---|
87 | header("Content-Type: text/plain; charset={$this->charset}");
|
---|
88 | die(json_encode(array('error' => $message)));
|
---|
89 | }
|
---|
90 | }
|
---|
91 |
|
---|
92 | if (!isset($this->session['dir']))
|
---|
93 | $this->session['dir'] = $this->type;
|
---|
94 | else {
|
---|
95 | $type = $this->getTypeFromPath($this->session['dir']);
|
---|
96 | $dir = $this->config['uploadDir'] . "/" . $this->session['dir'];
|
---|
97 | if (($type != $this->type) || !is_dir($dir) || !is_readable($dir))
|
---|
98 | $this->session['dir'] = $this->type;
|
---|
99 | }
|
---|
100 | $this->session['dir'] = path::normalize($this->session['dir']);
|
---|
101 |
|
---|
102 | if ($act == "browser") {
|
---|
103 | header("X-UA-Compatible: chrome=1");
|
---|
104 | header("Content-Type: text/html; charset={$this->charset}");
|
---|
105 | } elseif (
|
---|
106 | (substr($act, 0, 8) != "download") &&
|
---|
107 | !in_array($act, array("thumb", "upload"))
|
---|
108 | )
|
---|
109 | header("Content-Type: text/plain; charset={$this->charset}");
|
---|
110 |
|
---|
111 | $return = $this->$method();
|
---|
112 | echo ($return === true)
|
---|
113 | ? '{}'
|
---|
114 | : $return;
|
---|
115 | }
|
---|
116 |
|
---|
117 | protected function act_browser() {
|
---|
118 | if (isset($this->get['dir']) &&
|
---|
119 | is_dir("{$this->typeDir}/{$this->get['dir']}") &&
|
---|
120 | is_readable("{$this->typeDir}/{$this->get['dir']}")
|
---|
121 | )
|
---|
122 | $this->session['dir'] = path::normalize("{$this->type}/{$this->get['dir']}");
|
---|
123 |
|
---|
124 | return $this->output();
|
---|
125 | }
|
---|
126 |
|
---|
127 | protected function act_init() {
|
---|
128 | $tree = $this->getDirInfo($this->typeDir);
|
---|
129 | $tree['dirs'] = $this->getTree($this->session['dir']);
|
---|
130 | if (!is_array($tree['dirs']) || !count($tree['dirs']))
|
---|
131 | unset($tree['dirs']);
|
---|
132 | $files = $this->getFiles($this->session['dir']);
|
---|
133 | $dirWritable = dir::isWritable("{$this->config['uploadDir']}/{$this->session['dir']}");
|
---|
134 | $data = array(
|
---|
135 | 'tree' => &$tree,
|
---|
136 | 'files' => &$files,
|
---|
137 | 'dirWritable' => $dirWritable
|
---|
138 | );
|
---|
139 | return json_encode($data);
|
---|
140 | }
|
---|
141 |
|
---|
142 | protected function act_thumb() {
|
---|
143 | $this->getDir($this->get['dir'], true);
|
---|
144 | if (!isset($this->get['file']) || !isset($this->get['dir']))
|
---|
145 | $this->sendDefaultThumb();
|
---|
146 | $file = $this->get['file'];
|
---|
147 | if (basename($file) != $file)
|
---|
148 | $this->sendDefaultThumb();
|
---|
149 | $file = "{$this->thumbsDir}/{$this->type}/{$this->get['dir']}/$file";
|
---|
150 | if (!is_file($file) || !is_readable($file)) {
|
---|
151 | $file = "{$this->config['uploadDir']}/{$this->type}/{$this->get['dir']}/" . basename($file);
|
---|
152 | if (!is_file($file) || !is_readable($file))
|
---|
153 | $this->sendDefaultThumb($file);
|
---|
154 | $image = new gd($file);
|
---|
155 | if ($image->init_error)
|
---|
156 | $this->sendDefaultThumb($file);
|
---|
157 | $browsable = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG);
|
---|
158 | if (in_array($image->type, $browsable) &&
|
---|
159 | ($image->get_width() <= $this->config['thumbWidth']) &&
|
---|
160 | ($image->get_height() <= $this->config['thumbHeight'])
|
---|
161 | ) {
|
---|
162 | $type =
|
---|
163 | ($image->type == IMAGETYPE_GIF) ? "gif" : (
|
---|
164 | ($image->type == IMAGETYPE_PNG) ? "png" : "jpeg");
|
---|
165 | $type = "image/$type";
|
---|
166 | httpCache::file($file, $type);
|
---|
167 | } else
|
---|
168 | $this->sendDefaultThumb($file);
|
---|
169 | }
|
---|
170 | httpCache::file($file, "image/jpeg");
|
---|
171 | }
|
---|
172 |
|
---|
173 | protected function act_expand() {
|
---|
174 | return json_encode(array('dirs' => $this->getDirs($this->postDir())));
|
---|
175 | }
|
---|
176 |
|
---|
177 | protected function act_chDir() {
|
---|
178 | $this->postDir(); // Just for existing check
|
---|
179 | $this->session['dir'] = $this->type . "/" . $this->post['dir'];
|
---|
180 | $dirWritable = dir::isWritable("{$this->config['uploadDir']}/{$this->session['dir']}");
|
---|
181 | return json_encode(array(
|
---|
182 | 'files' => $this->getFiles($this->session['dir']),
|
---|
183 | 'dirWritable' => $dirWritable
|
---|
184 | ));
|
---|
185 | }
|
---|
186 |
|
---|
187 | protected function act_newDir() {
|
---|
188 | if (!$this->config['access']['dirs']['create'] ||
|
---|
189 | !isset($this->post['dir']) ||
|
---|
190 | !isset($this->post['newDir'])
|
---|
191 | )
|
---|
192 | $this->errorMsg("Unknown error.");
|
---|
193 |
|
---|
194 | $dir = $this->postDir();
|
---|
195 | $newDir = $this->normalizeDirname(trim($this->post['newDir']));
|
---|
196 | if (!strlen($newDir))
|
---|
197 | $this->errorMsg("Please enter new folder name.");
|
---|
198 | if (preg_match('/[\/\\\\]/s', $newDir))
|
---|
199 | $this->errorMsg("Unallowable characters in folder name.");
|
---|
200 | if (substr($newDir, 0, 1) == ".")
|
---|
201 | $this->errorMsg("Folder name shouldn't begins with '.'");
|
---|
202 | if (file_exists("$dir/$newDir"))
|
---|
203 | $this->errorMsg("A file or folder with that name already exists.");
|
---|
204 | if (!@mkdir("$dir/$newDir", $this->config['dirPerms']))
|
---|
205 | $this->errorMsg("Cannot create {dir} folder.", array('dir' => $newDir));
|
---|
206 | return true;
|
---|
207 | }
|
---|
208 |
|
---|
209 | protected function act_renameDir() {
|
---|
210 | if (!$this->config['access']['dirs']['rename'] ||
|
---|
211 | !isset($this->post['dir']) ||
|
---|
212 | !isset($this->post['newName'])
|
---|
213 | )
|
---|
214 | $this->errorMsg("Unknown error.");
|
---|
215 |
|
---|
216 | $dir = $this->postDir();
|
---|
217 | $newName = $this->normalizeDirname(trim($this->post['newName']));
|
---|
218 | if (!strlen($newName))
|
---|
219 | $this->errorMsg("Please enter new folder name.");
|
---|
220 | if (preg_match('/[\/\\\\]/s', $newName))
|
---|
221 | $this->errorMsg("Unallowable characters in folder name.");
|
---|
222 | if (substr($newName, 0, 1) == ".")
|
---|
223 | $this->errorMsg("Folder name shouldn't begins with '.'");
|
---|
224 | if (!@rename($dir, dirname($dir) . "/$newName"))
|
---|
225 | $this->errorMsg("Cannot rename the folder.");
|
---|
226 | $thumbDir = "$this->thumbsTypeDir/{$this->post['dir']}";
|
---|
227 | if (is_dir($thumbDir))
|
---|
228 | @rename($thumbDir, dirname($thumbDir) . "/$newName");
|
---|
229 | return json_encode(array('name' => $newName));
|
---|
230 | }
|
---|
231 |
|
---|
232 | protected function act_deleteDir() {
|
---|
233 | if (!$this->config['access']['dirs']['delete'] ||
|
---|
234 | !isset($this->post['dir']) ||
|
---|
235 | !strlen(trim($this->post['dir']))
|
---|
236 | )
|
---|
237 | $this->errorMsg("Unknown error.");
|
---|
238 |
|
---|
239 | $dir = $this->postDir();
|
---|
240 |
|
---|
241 | if (!dir::isWritable($dir))
|
---|
242 | $this->errorMsg("Cannot delete the folder.");
|
---|
243 | $result = !dir::prune($dir, false);
|
---|
244 | if (is_array($result) && count($result))
|
---|
245 | $this->errorMsg("Failed to delete {count} files/folders.",
|
---|
246 | array('count' => count($result)));
|
---|
247 | $thumbDir = "$this->thumbsTypeDir/{$this->post['dir']}";
|
---|
248 | if (is_dir($thumbDir)) dir::prune($thumbDir);
|
---|
249 | return true;
|
---|
250 | }
|
---|
251 |
|
---|
252 | protected function act_upload() {
|
---|
253 | if (!$this->config['access']['files']['upload'] ||
|
---|
254 | !isset($this->post['dir'])
|
---|
255 | )
|
---|
256 | $this->errorMsg("Unknown error.");
|
---|
257 |
|
---|
258 | $dir = $this->postDir();
|
---|
259 |
|
---|
260 | if (!dir::isWritable($dir))
|
---|
261 | $this->errorMsg("Cannot access or write to upload folder.");
|
---|
262 |
|
---|
263 | if (is_array($this->file['name'])) {
|
---|
264 | $return = array();
|
---|
265 | foreach ($this->file['name'] as $i => $name) {
|
---|
266 | $return[] = $this->moveUploadFile(array(
|
---|
267 | 'name' => $name,
|
---|
268 | 'tmp_name' => $this->file['tmp_name'][$i],
|
---|
269 | 'error' => $this->file['error'][$i]
|
---|
270 | ), $dir);
|
---|
271 | }
|
---|
272 | return implode("\n", $return);
|
---|
273 | } else
|
---|
274 | return $this->moveUploadFile($this->file, $dir);
|
---|
275 | }
|
---|
276 |
|
---|
277 | protected function act_download() {
|
---|
278 | $dir = $this->postDir();
|
---|
279 | if (!isset($this->post['dir']) ||
|
---|
280 | !isset($this->post['file']) ||
|
---|
281 | (false === ($file = "$dir/{$this->post['file']}")) ||
|
---|
282 | !file_exists($file) || !is_readable($file)
|
---|
283 | )
|
---|
284 | $this->errorMsg("Unknown error.");
|
---|
285 |
|
---|
286 | header("Pragma: public");
|
---|
287 | header("Expires: 0");
|
---|
288 | header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
|
---|
289 | header("Cache-Control: private", false);
|
---|
290 | header("Content-Type: application/octet-stream");
|
---|
291 | header('Content-Disposition: attachment; filename="' . str_replace('"', "_", $this->post['file']) . '"');
|
---|
292 | header("Content-Transfer-Encoding:Â binary");
|
---|
293 | header("Content-Length: " . filesize($file));
|
---|
294 | readfile($file);
|
---|
295 | die;
|
---|
296 | }
|
---|
297 |
|
---|
298 | protected function act_rename() {
|
---|
299 | $dir = $this->postDir();
|
---|
300 | if (!$this->config['access']['files']['rename'] ||
|
---|
301 | !isset($this->post['dir']) ||
|
---|
302 | !isset($this->post['file']) ||
|
---|
303 | !isset($this->post['newName']) ||
|
---|
304 | (false === ($file = "$dir/{$this->post['file']}")) ||
|
---|
305 | !file_exists($file) || !is_readable($file) || !file::isWritable($file)
|
---|
306 | )
|
---|
307 | $this->errorMsg("Unknown error.");
|
---|
308 |
|
---|
309 | if (isset($this->config['denyExtensionRename']) &&
|
---|
310 | $this->config['denyExtensionRename'] &&
|
---|
311 | (file::getExtension($this->post['file'], true) !==
|
---|
312 | file::getExtension($this->post['newName'], true)
|
---|
313 | )
|
---|
314 | )
|
---|
315 | $this->errorMsg("You cannot rename the extension of files!");
|
---|
316 |
|
---|
317 | $newName = $this->normalizeFilename(trim($this->post['newName']));
|
---|
318 | if (!strlen($newName))
|
---|
319 | $this->errorMsg("Please enter new file name.");
|
---|
320 | if (preg_match('/[\/\\\\]/s', $newName))
|
---|
321 | $this->errorMsg("Unallowable characters in file name.");
|
---|
322 | if (substr($newName, 0, 1) == ".")
|
---|
323 | $this->errorMsg("File name shouldn't begins with '.'");
|
---|
324 | $newName = "$dir/$newName";
|
---|
325 | if (file_exists($newName))
|
---|
326 | $this->errorMsg("A file or folder with that name already exists.");
|
---|
327 | $ext = file::getExtension($newName);
|
---|
328 | if (!$this->validateExtension($ext, $this->type))
|
---|
329 | $this->errorMsg("Denied file extension.");
|
---|
330 | if (!@rename($file, $newName))
|
---|
331 | $this->errorMsg("Unknown error.");
|
---|
332 |
|
---|
333 | $thumbDir = "{$this->thumbsTypeDir}/{$this->post['dir']}";
|
---|
334 | $thumbFile = "$thumbDir/{$this->post['file']}";
|
---|
335 |
|
---|
336 | if (file_exists($thumbFile))
|
---|
337 | @rename($thumbFile, "$thumbDir/" . basename($newName));
|
---|
338 | return true;
|
---|
339 | }
|
---|
340 |
|
---|
341 | protected function act_delete() {
|
---|
342 | $dir = $this->postDir();
|
---|
343 | if (!$this->config['access']['files']['delete'] ||
|
---|
344 | !isset($this->post['dir']) ||
|
---|
345 | !isset($this->post['file']) ||
|
---|
346 | (false === ($file = "$dir/{$this->post['file']}")) ||
|
---|
347 | !file_exists($file) || !is_readable($file) || !file::isWritable($file) ||
|
---|
348 | !@unlink($file)
|
---|
349 | )
|
---|
350 | $this->errorMsg("Unknown error.");
|
---|
351 |
|
---|
352 | $thumb = "{$this->thumbsTypeDir}/{$this->post['dir']}/{$this->post['file']}";
|
---|
353 | if (file_exists($thumb)) @unlink($thumb);
|
---|
354 | return true;
|
---|
355 | }
|
---|
356 |
|
---|
357 | protected function act_cp_cbd() {
|
---|
358 | $dir = $this->postDir();
|
---|
359 | if (!$this->config['access']['files']['copy'] ||
|
---|
360 | !isset($this->post['dir']) ||
|
---|
361 | !is_dir($dir) || !is_readable($dir) || !dir::isWritable($dir) ||
|
---|
362 | !isset($this->post['files']) || !is_array($this->post['files']) ||
|
---|
363 | !count($this->post['files'])
|
---|
364 | )
|
---|
365 | $this->errorMsg("Unknown error.");
|
---|
366 |
|
---|
367 | $error = array();
|
---|
368 | foreach($this->post['files'] as $file) {
|
---|
369 | $file = path::normalize($file);
|
---|
370 | if (substr($file, 0, 1) == ".") continue;
|
---|
371 | $type = explode("/", $file);
|
---|
372 | $type = $type[0];
|
---|
373 | if ($type != $this->type) continue;
|
---|
374 | $path = "{$this->config['uploadDir']}/$file";
|
---|
375 | $base = basename($file);
|
---|
376 | $replace = array('file' => $base);
|
---|
377 | $ext = file::getExtension($base);
|
---|
378 | if (!file_exists($path))
|
---|
379 | $error[] = $this->label("The file '{file}' does not exist.", $replace);
|
---|
380 | elseif (substr($base, 0, 1) == ".")
|
---|
381 | $error[] = "$base: " . $this->label("File name shouldn't begins with '.'");
|
---|
382 | elseif (!$this->validateExtension($ext, $type))
|
---|
383 | $error[] = "$base: " . $this->label("Denied file extension.");
|
---|
384 | elseif (file_exists("$dir/$base"))
|
---|
385 | $error[] = "$base: " . $this->label("A file or folder with that name already exists.");
|
---|
386 | elseif (!is_readable($path) || !is_file($path))
|
---|
387 | $error[] = $this->label("Cannot read '{file}'.", $replace);
|
---|
388 | elseif (!@copy($path, "$dir/$base"))
|
---|
389 | $error[] = $this->label("Cannot copy '{file}'.", $replace);
|
---|
390 | else {
|
---|
391 | if (function_exists("chmod"))
|
---|
392 | @chmod("$dir/$base", $this->config['filePerms']);
|
---|
393 | $fromThumb = "{$this->thumbsDir}/$file";
|
---|
394 | if (is_file($fromThumb) && is_readable($fromThumb)) {
|
---|
395 | $toThumb = "{$this->thumbsTypeDir}/{$this->post['dir']}";
|
---|
396 | if (!is_dir($toThumb))
|
---|
397 | @mkdir($toThumb, $this->config['dirPerms'], true);
|
---|
398 | $toThumb .= "/$base";
|
---|
399 | @copy($fromThumb, $toThumb);
|
---|
400 | }
|
---|
401 | }
|
---|
402 | }
|
---|
403 | if (count($error))
|
---|
404 | return json_encode(array('error' => $error));
|
---|
405 | return true;
|
---|
406 | }
|
---|
407 |
|
---|
408 | protected function act_mv_cbd() {
|
---|
409 | $dir = $this->postDir();
|
---|
410 | if (!$this->config['access']['files']['move'] ||
|
---|
411 | !isset($this->post['dir']) ||
|
---|
412 | !is_dir($dir) || !is_readable($dir) || !dir::isWritable($dir) ||
|
---|
413 | !isset($this->post['files']) || !is_array($this->post['files']) ||
|
---|
414 | !count($this->post['files'])
|
---|
415 | )
|
---|
416 | $this->errorMsg("Unknown error.");
|
---|
417 |
|
---|
418 | $error = array();
|
---|
419 | foreach($this->post['files'] as $file) {
|
---|
420 | $file = path::normalize($file);
|
---|
421 | if (substr($file, 0, 1) == ".") continue;
|
---|
422 | $type = explode("/", $file);
|
---|
423 | $type = $type[0];
|
---|
424 | if ($type != $this->type) continue;
|
---|
425 | $path = "{$this->config['uploadDir']}/$file";
|
---|
426 | $base = basename($file);
|
---|
427 | $replace = array('file' => $base);
|
---|
428 | $ext = file::getExtension($base);
|
---|
429 | if (!file_exists($path))
|
---|
430 | $error[] = $this->label("The file '{file}' does not exist.", $replace);
|
---|
431 | elseif (substr($base, 0, 1) == ".")
|
---|
432 | $error[] = "$base: " . $this->label("File name shouldn't begins with '.'");
|
---|
433 | elseif (!$this->validateExtension($ext, $type))
|
---|
434 | $error[] = "$base: " . $this->label("Denied file extension.");
|
---|
435 | elseif (file_exists("$dir/$base"))
|
---|
436 | $error[] = "$base: " . $this->label("A file or folder with that name already exists.");
|
---|
437 | elseif (!is_readable($path) || !is_file($path))
|
---|
438 | $error[] = $this->label("Cannot read '{file}'.", $replace);
|
---|
439 | elseif (!file::isWritable($path) || !@rename($path, "$dir/$base"))
|
---|
440 | $error[] = $this->label("Cannot move '{file}'.", $replace);
|
---|
441 | else {
|
---|
442 | if (function_exists("chmod"))
|
---|
443 | @chmod("$dir/$base", $this->config['filePerms']);
|
---|
444 | $fromThumb = "{$this->thumbsDir}/$file";
|
---|
445 | if (is_file($fromThumb) && is_readable($fromThumb)) {
|
---|
446 | $toThumb = "{$this->thumbsTypeDir}/{$this->post['dir']}";
|
---|
447 | if (!is_dir($toThumb))
|
---|
448 | @mkdir($toThumb, $this->config['dirPerms'], true);
|
---|
449 | $toThumb .= "/$base";
|
---|
450 | @rename($fromThumb, $toThumb);
|
---|
451 | }
|
---|
452 | }
|
---|
453 | }
|
---|
454 | if (count($error))
|
---|
455 | return json_encode(array('error' => $error));
|
---|
456 | return true;
|
---|
457 | }
|
---|
458 |
|
---|
459 | protected function act_rm_cbd() {
|
---|
460 | if (!$this->config['access']['files']['delete'] ||
|
---|
461 | !isset($this->post['files']) ||
|
---|
462 | !is_array($this->post['files']) ||
|
---|
463 | !count($this->post['files'])
|
---|
464 | )
|
---|
465 | $this->errorMsg("Unknown error.");
|
---|
466 |
|
---|
467 | $error = array();
|
---|
468 | foreach($this->post['files'] as $file) {
|
---|
469 | $file = path::normalize($file);
|
---|
470 | if (substr($file, 0, 1) == ".") continue;
|
---|
471 | $type = explode("/", $file);
|
---|
472 | $type = $type[0];
|
---|
473 | if ($type != $this->type) continue;
|
---|
474 | $path = "{$this->config['uploadDir']}/$file";
|
---|
475 | $base = basename($file);
|
---|
476 | $replace = array('file' => $base);
|
---|
477 | if (!is_file($path))
|
---|
478 | $error[] = $this->label("The file '{file}' does not exist.", $replace);
|
---|
479 | elseif (!@unlink($path))
|
---|
480 | $error[] = $this->label("Cannot delete '{file}'.", $replace);
|
---|
481 | else {
|
---|
482 | $thumb = "{$this->thumbsDir}/$file";
|
---|
483 | if (is_file($thumb)) @unlink($thumb);
|
---|
484 | }
|
---|
485 | }
|
---|
486 | if (count($error))
|
---|
487 | return json_encode(array('error' => $error));
|
---|
488 | return true;
|
---|
489 | }
|
---|
490 |
|
---|
491 | protected function act_downloadDir() {
|
---|
492 | $dir = $this->postDir();
|
---|
493 | if (!isset($this->post['dir']) || $this->config['denyZipDownload'])
|
---|
494 | $this->errorMsg("Unknown error.");
|
---|
495 | $filename = basename($dir) . ".zip";
|
---|
496 | do {
|
---|
497 | $file = md5(time() . session_id());
|
---|
498 | $file = "{$this->config['uploadDir']}/$file.zip";
|
---|
499 | } while (file_exists($file));
|
---|
500 | new zipFolder($file, $dir);
|
---|
501 | header("Content-Type: application/x-zip");
|
---|
502 | header('Content-Disposition: attachment; filename="' . str_replace('"', "_", $filename) . '"');
|
---|
503 | header("Content-Length: " . filesize($file));
|
---|
504 | readfile($file);
|
---|
505 | unlink($file);
|
---|
506 | die;
|
---|
507 | }
|
---|
508 |
|
---|
509 | protected function act_downloadSelected() {
|
---|
510 | $dir = $this->postDir();
|
---|
511 | if (!isset($this->post['dir']) ||
|
---|
512 | !isset($this->post['files']) ||
|
---|
513 | !is_array($this->post['files']) ||
|
---|
514 | $this->config['denyZipDownload']
|
---|
515 | )
|
---|
516 | $this->errorMsg("Unknown error.");
|
---|
517 |
|
---|
518 | $zipFiles = array();
|
---|
519 | foreach ($this->post['files'] as $file) {
|
---|
520 | $file = path::normalize($file);
|
---|
521 | if ((substr($file, 0, 1) == ".") || (strpos($file, '/') !== false))
|
---|
522 | continue;
|
---|
523 | $file = "$dir/$file";
|
---|
524 | if (!is_file($file) || !is_readable($file))
|
---|
525 | continue;
|
---|
526 | $zipFiles[] = $file;
|
---|
527 | }
|
---|
528 |
|
---|
529 | do {
|
---|
530 | $file = md5(time() . session_id());
|
---|
531 | $file = "{$this->config['uploadDir']}/$file.zip";
|
---|
532 | } while (file_exists($file));
|
---|
533 |
|
---|
534 | $zip = new ZipArchive();
|
---|
535 | $res = $zip->open($file, ZipArchive::CREATE);
|
---|
536 | if ($res === TRUE) {
|
---|
537 | foreach ($zipFiles as $cfile)
|
---|
538 | $zip->addFile($cfile, basename($cfile));
|
---|
539 | $zip->close();
|
---|
540 | }
|
---|
541 | header("Content-Type: application/x-zip");
|
---|
542 | header('Content-Disposition: attachment; filename="selected_files_' . basename($file) . '"');
|
---|
543 | header("Content-Length: " . filesize($file));
|
---|
544 | readfile($file);
|
---|
545 | unlink($file);
|
---|
546 | die;
|
---|
547 | }
|
---|
548 |
|
---|
549 | protected function act_downloadClipboard() {
|
---|
550 | if (!isset($this->post['files']) ||
|
---|
551 | !is_array($this->post['files']) ||
|
---|
552 | $this->config['denyZipDownload']
|
---|
553 | )
|
---|
554 | $this->errorMsg("Unknown error.");
|
---|
555 |
|
---|
556 | $zipFiles = array();
|
---|
557 | foreach ($this->post['files'] as $file) {
|
---|
558 | $file = path::normalize($file);
|
---|
559 | if ((substr($file, 0, 1) == "."))
|
---|
560 | continue;
|
---|
561 | $type = explode("/", $file);
|
---|
562 | $type = $type[0];
|
---|
563 | if ($type != $this->type)
|
---|
564 | continue;
|
---|
565 | $file = $this->config['uploadDir'] . "/$file";
|
---|
566 | if (!is_file($file) || !is_readable($file))
|
---|
567 | continue;
|
---|
568 | $zipFiles[] = $file;
|
---|
569 | }
|
---|
570 |
|
---|
571 | do {
|
---|
572 | $file = md5(time() . session_id());
|
---|
573 | $file = "{$this->config['uploadDir']}/$file.zip";
|
---|
574 | } while (file_exists($file));
|
---|
575 |
|
---|
576 | $zip = new ZipArchive();
|
---|
577 | $res = $zip->open($file, ZipArchive::CREATE);
|
---|
578 | if ($res === TRUE) {
|
---|
579 | foreach ($zipFiles as $cfile)
|
---|
580 | $zip->addFile($cfile, basename($cfile));
|
---|
581 | $zip->close();
|
---|
582 | }
|
---|
583 | header("Content-Type: application/x-zip");
|
---|
584 | header('Content-Disposition: attachment; filename="clipboard_' . basename($file) . '"');
|
---|
585 | header("Content-Length: " . filesize($file));
|
---|
586 | readfile($file);
|
---|
587 | unlink($file);
|
---|
588 | die;
|
---|
589 | }
|
---|
590 |
|
---|
591 | protected function act_check4Update() {
|
---|
592 | if ($this->config['denyUpdateCheck'])
|
---|
593 | return json_encode(array('version' => false));
|
---|
594 |
|
---|
595 | // Caching HTTP request for 6 hours
|
---|
596 | if (isset($this->session['checkVersion']) &&
|
---|
597 | isset($this->session['checkVersionTime']) &&
|
---|
598 | ((time() - $this->session['checkVersionTime']) < 21600)
|
---|
599 | )
|
---|
600 | return json_encode(array('version' => $this->session['checkVersion']));
|
---|
601 |
|
---|
602 | $protocol = "http";
|
---|
603 | $host = "kcfinder.sunhater.com";
|
---|
604 | $port = 80;
|
---|
605 | $path = "/checkVersion.php";
|
---|
606 |
|
---|
607 | $url = "$protocol://$host:$port$path";
|
---|
608 | $pattern = '/^\d+\.\d+$/';
|
---|
609 | $responsePattern = '/^[A-Z]+\/\d+\.\d+\s+\d+\s+OK\s*([a-zA-Z0-9\-]+\:\s*[^\n]*\n)*\s*(.*)\s*$/';
|
---|
610 |
|
---|
611 | // file_get_contents()
|
---|
612 | if (ini_get("allow_url_fopen") &&
|
---|
613 | (false !== ($ver = file_get_contents($url))) &&
|
---|
614 | preg_match($pattern, $ver)
|
---|
615 |
|
---|
616 | // HTTP extension
|
---|
617 | ) {} elseif (
|
---|
618 | function_exists("http_get") &&
|
---|
619 | (false !== ($ver = @http_get($url))) &&
|
---|
620 | (
|
---|
621 | (
|
---|
622 | preg_match($responsePattern, $ver, $match) &&
|
---|
623 | false !== ($ver = $match[2])
|
---|
624 | ) || true
|
---|
625 | ) &&
|
---|
626 | preg_match($pattern, $ver)
|
---|
627 |
|
---|
628 | // Curl extension
|
---|
629 | ) {} elseif (
|
---|
630 | function_exists("curl_init") &&
|
---|
631 | (false !== ( $curl = @curl_init($url) )) &&
|
---|
632 | ( @ob_start() || (@curl_close($curl) && false)) &&
|
---|
633 | ( @curl_exec($curl) || (@curl_close($curl) && false)) &&
|
---|
634 | ((false !== ( $ver = @ob_get_clean() )) || (@curl_close($curl) && false)) &&
|
---|
635 | ( @curl_close($curl) || true ) &&
|
---|
636 | preg_match($pattern, $ver)
|
---|
637 |
|
---|
638 | // Socket extension
|
---|
639 | ) {} elseif (function_exists('socket_create')) {
|
---|
640 | $cmd =
|
---|
641 | "GET $path " . strtoupper($protocol) . "/1.1\r\n" .
|
---|
642 | "Host: $host\r\n" .
|
---|
643 | "Connection: Close\r\n\r\n";
|
---|
644 |
|
---|
645 | if ((false !== ( $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP) )) &&
|
---|
646 | (false !== @socket_connect($socket, $host, $port) ) &&
|
---|
647 | (false !== @socket_write($socket, $cmd, strlen($cmd)) ) &&
|
---|
648 | (false !== ( $ver = @socket_read($socket, 2048) )) &&
|
---|
649 | preg_match($responsePattern, $ver, $match)
|
---|
650 | )
|
---|
651 | $ver = $match[2];
|
---|
652 |
|
---|
653 | if (isset($socket) && is_resource($socket))
|
---|
654 | @socket_close($socket);
|
---|
655 | }
|
---|
656 |
|
---|
657 | if (isset($ver) && preg_match($pattern, $ver)) {
|
---|
658 | $this->session['checkVersion'] = $ver;
|
---|
659 | $this->session['checkVersionTime'] = time();
|
---|
660 | return json_encode(array('version' => $ver));
|
---|
661 | } else
|
---|
662 | return json_encode(array('version' => false));
|
---|
663 | }
|
---|
664 |
|
---|
665 | protected function moveUploadFile($file, $dir) {
|
---|
666 | $message = $this->checkUploadedFile($file);
|
---|
667 |
|
---|
668 | if ($message !== true) {
|
---|
669 | if (isset($file['tmp_name']))
|
---|
670 | @unlink($file['tmp_name']);
|
---|
671 | return "{$file['name']}: $message";
|
---|
672 | }
|
---|
673 |
|
---|
674 | $filename = $this->normalizeFilename($file['name']);
|
---|
675 | $target = "$dir/" . file::getInexistantFilename($filename, $dir);
|
---|
676 |
|
---|
677 | if (!@move_uploaded_file($file['tmp_name'], $target) &&
|
---|
678 | !@rename($file['tmp_name'], $target) &&
|
---|
679 | !@copy($file['tmp_name'], $target)
|
---|
680 | ) {
|
---|
681 | @unlink($file['tmp_name']);
|
---|
682 | return "{$file['name']}: " . $this->label("Cannot move uploaded file to target folder.");
|
---|
683 | } elseif (function_exists('chmod'))
|
---|
684 | chmod($target, $this->config['filePerms']);
|
---|
685 |
|
---|
686 | $this->makeThumb($target);
|
---|
687 | return "/" . basename($target);
|
---|
688 | }
|
---|
689 |
|
---|
690 | protected function sendDefaultThumb($file=null) {
|
---|
691 | if ($file !== null) {
|
---|
692 | $ext = file::getExtension($file);
|
---|
693 | $thumb = "themes/{$this->config['theme']}/img/files/big/$ext.png";
|
---|
694 | }
|
---|
695 | if (!isset($thumb) || !file_exists($thumb))
|
---|
696 | $thumb = "themes/{$this->config['theme']}/img/files/big/..png";
|
---|
697 | header("Content-Type: image/png");
|
---|
698 | readfile($thumb);
|
---|
699 | die;
|
---|
700 | }
|
---|
701 |
|
---|
702 | protected function getFiles($dir) {
|
---|
703 | $thumbDir = "{$this->config['uploadDir']}/{$this->config['thumbsDir']}/$dir";
|
---|
704 | $dir = "{$this->config['uploadDir']}/$dir";
|
---|
705 | $return = array();
|
---|
706 | $files = dir::content($dir, array('types' => "file"));
|
---|
707 | if ($files === false)
|
---|
708 | return $return;
|
---|
709 |
|
---|
710 | foreach ($files as $file) {
|
---|
711 | $size = @getimagesize($file);
|
---|
712 | if (is_array($size) && count($size)) {
|
---|
713 | $thumb_file = "$thumbDir/" . basename($file);
|
---|
714 | if (!is_file($thumb_file))
|
---|
715 | $this->makeThumb($file, false);
|
---|
716 | $smallThumb =
|
---|
717 | ($size[0] <= $this->config['thumbWidth']) &&
|
---|
718 | ($size[1] <= $this->config['thumbHeight']) &&
|
---|
719 | in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_PNG, IMAGETYPE_JPEG));
|
---|
720 | } else
|
---|
721 | $smallThumb = false;
|
---|
722 |
|
---|
723 | $stat = stat($file);
|
---|
724 | if ($stat === false) continue;
|
---|
725 | $name = basename($file);
|
---|
726 | $ext = file::getExtension($file);
|
---|
727 | $bigIcon = file_exists("themes/{$this->config['theme']}/img/files/big/$ext.png");
|
---|
728 | $smallIcon = file_exists("themes/{$this->config['theme']}/img/files/small/$ext.png");
|
---|
729 | $thumb = file_exists("$thumbDir/$name");
|
---|
730 | $return[] = array(
|
---|
731 | 'name' => stripcslashes($name),
|
---|
732 | 'size' => $stat['size'],
|
---|
733 | 'mtime' => $stat['mtime'],
|
---|
734 | 'date' => @strftime($this->dateTimeSmall, $stat['mtime']),
|
---|
735 | 'readable' => is_readable($file),
|
---|
736 | 'writable' => file::isWritable($file),
|
---|
737 | 'bigIcon' => $bigIcon,
|
---|
738 | 'smallIcon' => $smallIcon,
|
---|
739 | 'thumb' => $thumb,
|
---|
740 | 'smallThumb' => $smallThumb
|
---|
741 | );
|
---|
742 | }
|
---|
743 | return $return;
|
---|
744 | }
|
---|
745 |
|
---|
746 | protected function getTree($dir, $index=0) {
|
---|
747 | $path = explode("/", $dir);
|
---|
748 |
|
---|
749 | $pdir = "";
|
---|
750 | for ($i = 0; ($i <= $index && $i < count($path)); $i++)
|
---|
751 | $pdir .= "/{$path[$i]}";
|
---|
752 | if (strlen($pdir))
|
---|
753 | $pdir = substr($pdir, 1);
|
---|
754 |
|
---|
755 | $fdir = "{$this->config['uploadDir']}/$pdir";
|
---|
756 |
|
---|
757 | $dirs = $this->getDirs($fdir);
|
---|
758 |
|
---|
759 | if (is_array($dirs) && count($dirs) && ($index <= count($path) - 1)) {
|
---|
760 |
|
---|
761 | foreach ($dirs as $i => $cdir) {
|
---|
762 | if ($cdir['hasDirs'] &&
|
---|
763 | (
|
---|
764 | ($index == count($path) - 1) ||
|
---|
765 | ($cdir['name'] == $path[$index + 1])
|
---|
766 | )
|
---|
767 | ) {
|
---|
768 | $dirs[$i]['dirs'] = $this->getTree($dir, $index + 1);
|
---|
769 | if (!is_array($dirs[$i]['dirs']) || !count($dirs[$i]['dirs'])) {
|
---|
770 | unset($dirs[$i]['dirs']);
|
---|
771 | continue;
|
---|
772 | }
|
---|
773 | }
|
---|
774 | }
|
---|
775 | } else
|
---|
776 | return false;
|
---|
777 |
|
---|
778 | return $dirs;
|
---|
779 | }
|
---|
780 |
|
---|
781 | protected function postDir($existent=true) {
|
---|
782 | $dir = $this->typeDir;
|
---|
783 | if (isset($this->post['dir']))
|
---|
784 | $dir .= "/" . $this->post['dir'];
|
---|
785 | if ($existent && (!is_dir($dir) || !is_readable($dir)))
|
---|
786 | $this->errorMsg("Inexistant or inaccessible folder.");
|
---|
787 | return $dir;
|
---|
788 | }
|
---|
789 |
|
---|
790 | protected function getDir($existent=true) {
|
---|
791 | $dir = $this->typeDir;
|
---|
792 | if (isset($this->get['dir']))
|
---|
793 | $dir .= "/" . $this->get['dir'];
|
---|
794 | if ($existent && (!is_dir($dir) || !is_readable($dir)))
|
---|
795 | $this->errorMsg("Inexistant or inaccessible folder.");
|
---|
796 | return $dir;
|
---|
797 | }
|
---|
798 |
|
---|
799 | protected function getDirs($dir) {
|
---|
800 | $dirs = dir::content($dir, array('types' => "dir"));
|
---|
801 | $return = array();
|
---|
802 | if (is_array($dirs)) {
|
---|
803 | $writable = dir::isWritable($dir);
|
---|
804 | foreach ($dirs as $cdir) {
|
---|
805 | $info = $this->getDirInfo($cdir);
|
---|
806 | if ($info === false) continue;
|
---|
807 | $info['removable'] = $writable && $info['writable'];
|
---|
808 | $return[] = $info;
|
---|
809 | }
|
---|
810 | }
|
---|
811 | return $return;
|
---|
812 | }
|
---|
813 |
|
---|
814 | protected function getDirInfo($dir, $removable=false) {
|
---|
815 | if ((substr(basename($dir), 0, 1) == ".") || !is_dir($dir) || !is_readable($dir))
|
---|
816 | return false;
|
---|
817 | $dirs = dir::content($dir, array('types' => "dir"));
|
---|
818 | if (is_array($dirs)) {
|
---|
819 | foreach ($dirs as $key => $cdir)
|
---|
820 | if (substr(basename($cdir), 0, 1) == ".")
|
---|
821 | unset($dirs[$key]);
|
---|
822 | $hasDirs = count($dirs) ? true : false;
|
---|
823 | } else
|
---|
824 | $hasDirs = false;
|
---|
825 |
|
---|
826 | $writable = dir::isWritable($dir);
|
---|
827 | $info = array(
|
---|
828 | 'name' => stripslashes(basename($dir)),
|
---|
829 | 'readable' => is_readable($dir),
|
---|
830 | 'writable' => $writable,
|
---|
831 | 'removable' => $removable && $writable && dir::isWritable(dirname($dir)),
|
---|
832 | 'hasDirs' => $hasDirs
|
---|
833 | );
|
---|
834 |
|
---|
835 | if ($dir == "{$this->config['uploadDir']}/{$this->session['dir']}")
|
---|
836 | $info['current'] = true;
|
---|
837 |
|
---|
838 | return $info;
|
---|
839 | }
|
---|
840 |
|
---|
841 | protected function output($data=null, $template=null) {
|
---|
842 | if (!is_array($data)) $data = array();
|
---|
843 | if ($template === null)
|
---|
844 | $template = $this->action;
|
---|
845 |
|
---|
846 | if (file_exists("tpl/tpl_$template.php")) {
|
---|
847 | ob_start();
|
---|
848 | $eval = "unset(\$data);unset(\$template);unset(\$eval);";
|
---|
849 | $_ = $data;
|
---|
850 | foreach (array_keys($data) as $key)
|
---|
851 | if (preg_match('/^[a-z\d_]+$/i', $key))
|
---|
852 | $eval .= "\$$key=\$_['$key'];";
|
---|
853 | $eval .= "unset(\$_);require \"tpl/tpl_$template.php\";";
|
---|
854 | eval($eval);
|
---|
855 | return ob_get_clean();
|
---|
856 | }
|
---|
857 |
|
---|
858 | return "";
|
---|
859 | }
|
---|
860 |
|
---|
861 | protected function errorMsg($message, array $data=null) {
|
---|
862 | if (in_array($this->action, array("thumb", "upload", "download", "downloadDir")))
|
---|
863 | die($this->label($message, $data));
|
---|
864 | if (($this->action === null) || ($this->action == "browser"))
|
---|
865 | $this->backMsg($message, $data);
|
---|
866 | else {
|
---|
867 | $message = $this->label($message, $data);
|
---|
868 | die(json_encode(array('error' => $message)));
|
---|
869 | }
|
---|
870 | }
|
---|
871 | }
|
---|
872 |
|
---|
873 | ?> |
---|