1534 lines
50 KiB
PHP
1534 lines
50 KiB
PHP
<?php
|
|
/**
|
|
* Filemanager PHP class
|
|
*
|
|
* filemanager.class.php
|
|
* class for the filemanager.php connector
|
|
*
|
|
* @license MIT License
|
|
* @author Riaan Los <mail (at) riaanlos (dot) nl>
|
|
* @author Simon Georget <simon (at) linea21 (dot) com>
|
|
* @copyright Authors
|
|
*/
|
|
|
|
class Filemanager {
|
|
|
|
protected $config = array();
|
|
protected $language = array();
|
|
protected $get = array();
|
|
protected $post = array();
|
|
protected $properties = array();
|
|
protected $item = array();
|
|
protected $languages = array();
|
|
protected $allowed_actions = array();
|
|
protected $root = ''; // Filemanager root folder
|
|
protected $doc_root = ''; // root folder known by JS : $this->config['options']['fileRoot'] (filepath or '/') or $_SERVER['DOCUMENT_ROOT'] - overwritten by setFileRoot() method
|
|
protected $dynamic_fileroot = ''; // Only set if setFileRoot() is called. Second part of the path : '/Filemanager/assets/' ( doc_root - $_SERVER['DOCUMENT_ROOT'])
|
|
protected $path_to_files = ''; // path to FM userfiles folder - automatically computed by the PHP class, something like '/var/www/Filemanager/userfiles'
|
|
protected $logger = false;
|
|
protected $logfile = '';
|
|
protected $cachefolder = '_thumbs/';
|
|
protected $thumbnail_width = 64;
|
|
protected $thumbnail_height = 64;
|
|
protected $separator = 'userfiles'; // @todo fix keep it or not?
|
|
|
|
public function __construct($extraConfig = '') {
|
|
|
|
// getting default config file
|
|
$content = file_get_contents("../../scripts/filemanager.config.js.default");
|
|
$config_default = json_decode($content, true);
|
|
|
|
// getting user config file
|
|
if(isset($_REQUEST['config'])) {
|
|
$this->getvar('config');
|
|
if (file_exists("../../scripts/" . $_REQUEST['config'])) {
|
|
$this->__log('Loading ' . basename($this->get['config']) . ' config file.');
|
|
$content = file_get_contents("../../scripts/" . basename($this->get['config']));
|
|
} else {
|
|
$this->__log($this->get['config'] . ' config file does not exists.');
|
|
$this->error("Given config file (".basename($this->get['config']).") does not exist !");
|
|
}
|
|
} else {
|
|
$content = file_get_contents("../../scripts/filemanager.config.js");
|
|
}
|
|
$config = json_decode($content, true);
|
|
|
|
// Prevent following bug https://github.com/simogeo/Filemanager/issues/398
|
|
$config_default['security']['uploadRestrictions'] = array();
|
|
|
|
if(!$config) {
|
|
$this->error("Error parsing the settings file! Please check your JSON syntax.");
|
|
}
|
|
$this->config = array_replace_recursive ($config_default, $config);
|
|
|
|
// override config options if needed
|
|
if(!empty($extraConfig)) {
|
|
$this->setup($extraConfig);
|
|
}
|
|
|
|
// set logfile path according to system if not set into config file
|
|
if(!isset($this->config['options']['logfile']))
|
|
$this->config['options']['logfile'] = sys_get_temp_dir(). '/filemanager.log';
|
|
|
|
$this->root = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR;
|
|
$this->properties = array(
|
|
'Date Created'=>null,
|
|
'Date Modified'=>null,
|
|
'Height'=>null,
|
|
'Width'=>null,
|
|
'Size'=>null
|
|
);
|
|
|
|
// Log actions or not?
|
|
if ($this->config['options']['logger'] == true ) {
|
|
if(isset($this->config['options']['logfile'])) {
|
|
$this->logfile = $this->config['options']['logfile'];
|
|
}
|
|
$this->enableLog();
|
|
}
|
|
|
|
// if fileRoot is set manually, $this->doc_root takes fileRoot value
|
|
// for security check in is_valid_path() method
|
|
// else it takes $_SERVER['DOCUMENT_ROOT'] default value
|
|
if ($this->config['options']['fileRoot'] !== false ) {
|
|
if($this->config['options']['serverRoot'] === true) {
|
|
$this->doc_root = $_SERVER['DOCUMENT_ROOT'];
|
|
$this->separator = basename($this->config['options']['fileRoot']);
|
|
$this->path_to_files = $_SERVER['DOCUMENT_ROOT'] .'/' . $this->config['options']['fileRoot'];
|
|
} else {
|
|
$this->doc_root = $this->config['options']['fileRoot'];
|
|
$this->separator = basename($this->config['options']['fileRoot']);
|
|
$this->path_to_files = $this->config['options']['fileRoot'];
|
|
}
|
|
} else {
|
|
$this->doc_root = $_SERVER['DOCUMENT_ROOT'];
|
|
$this->path_to_files = $this->root . $this->separator .'/' ;
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' $this->root value ' . $this->root);
|
|
$this->__log(__METHOD__ . ' $this->path_to_files ' . $this->path_to_files);
|
|
$this->__log(__METHOD__ . ' $this->doc_root value ' . $this->doc_root);
|
|
$this->__log(__METHOD__ . ' $this->separator value ' . $this->separator);
|
|
|
|
$this->setParams();
|
|
$this->setPermissions();
|
|
$this->availableLanguages();
|
|
$this->loadLanguageFile();
|
|
}
|
|
|
|
// $extraconfig should be formatted as json config array.
|
|
public function setup($extraconfig) {
|
|
|
|
// Prevent following bug https://github.com/simogeo/Filemanager/issues/398
|
|
$config_default['security']['uploadRestrictions'] = array();
|
|
|
|
$this->config = array_replace_recursive($this->config, $extraconfig);
|
|
|
|
}
|
|
|
|
// allow Filemanager to be used with dynamic folders
|
|
public function setFileRoot($path, $mkdir = false) {
|
|
|
|
// Paths are bit complex to handle - kind of nightmare actually ....
|
|
// 3 parts are availables
|
|
// [1] $this->doc_root. The first part of the path : '/var/www'
|
|
// [2] $this->dynamic_fileroot. The second part of the path : '/Filemanager/assets/' ( doc_root - $_SERVER['DOCUMENT_ROOT'])
|
|
// [3] $this->path_to_files or $this->doc_root. The full path : '/var/www/Filemanager/assets/'
|
|
|
|
$path = rtrim($path, '/') . '/';
|
|
if($this->config['options']['serverRoot'] === true) {
|
|
$this->doc_root = $_SERVER['DOCUMENT_ROOT']. '/'. $path; // i.e '/var/www/'
|
|
} else {
|
|
$this->doc_root = $path; // i.e '/var/www/'
|
|
}
|
|
|
|
// necessary for retrieving path when set dynamically with $fm->setFileRoot() method
|
|
// https://github.com/simogeo/Filemanager/issues/258 @todo to explore deeper
|
|
$this->dynamic_fileroot = str_replace("//","/",str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->doc_root));
|
|
$this->path_to_files = $this->doc_root;
|
|
$this->separator = basename($this->doc_root);
|
|
|
|
// do we create folder ?
|
|
if($mkdir && !file_exists($this->doc_root)) {
|
|
mkdir($this->doc_root, 0755, true);
|
|
$this->__log(__METHOD__ . ' creating ' . $this->doc_root. ' folder through mkdir()');
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' $this->doc_root value overwritten : ' . $this->doc_root);
|
|
$this->__log(__METHOD__ . ' $this->dynamic_fileroot value ' . $this->dynamic_fileroot);
|
|
$this->__log(__METHOD__ . ' $this->path_to_files ' . $this->path_to_files);
|
|
$this->__log(__METHOD__ . ' $this->separator value ' . $this->separator);
|
|
}
|
|
|
|
public function error($string,$textarea=false) {
|
|
$array = array(
|
|
'Error'=>$string,
|
|
'Code'=>'-1',
|
|
'Properties'=>$this->properties
|
|
);
|
|
|
|
$this->__log( __METHOD__ . ' - error message : ' . $string);
|
|
|
|
if($textarea) {
|
|
echo '<textarea>' . json_encode($array) . '</textarea>';
|
|
} else {
|
|
echo json_encode($array);
|
|
}
|
|
die();
|
|
}
|
|
|
|
public function lang($string) {
|
|
if(isset($this->language[$string]) && $this->language[$string]!='') {
|
|
return $this->language[$string];
|
|
} else {
|
|
return 'Language string error on ' . $string;
|
|
}
|
|
}
|
|
|
|
public function getvar($var, $sanitize = true) {
|
|
if(!isset($_GET[$var]) || $_GET[$var]=='') {
|
|
$this->error(sprintf($this->lang('INVALID_VAR'),$var));
|
|
} else {
|
|
if($sanitize) {
|
|
$this->get[$var] = $this->sanitize($_GET[$var]);
|
|
} else {
|
|
$this->get[$var] = $_GET[$var];
|
|
}
|
|
return true;
|
|
}
|
|
}
|
|
public function postvar($var, $sanitize = true) {
|
|
if(!isset($_POST[$var]) || ($var != 'content' && $_POST[$var]=='')) {
|
|
$this->error(sprintf($this->lang('INVALID_VAR'),$var));
|
|
} else {
|
|
if($sanitize) {
|
|
$this->post[$var] = $this->sanitize($_POST[$var]);
|
|
} else {
|
|
$this->post[$var] = $_POST[$var];
|
|
}
|
|
return true;
|
|
}
|
|
}
|
|
|
|
public function getinfo() {
|
|
$this->item = array();
|
|
$this->item['properties'] = $this->properties;
|
|
$this->get_file_info('', false);
|
|
|
|
// handle path when set dynamically with $fm->setFileRoot() method
|
|
if($this->dynamic_fileroot != '') {
|
|
$path = $this->dynamic_fileroot. $this->get['path'];
|
|
// $path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files) . $this->get['path']; // instruction could replace the line above
|
|
$path = preg_replace('~/+~', '/', $path); // remove multiple slashes
|
|
} else {
|
|
$path = $this->get['path'];
|
|
}
|
|
|
|
$array = array(
|
|
'Path'=> $path,
|
|
'Filename'=>$this->item['filename'],
|
|
'File Type'=>$this->item['filetype'],
|
|
'Protected'=>$this->item['protected'],
|
|
'Preview'=>$this->item['preview'],
|
|
'Properties'=>$this->item['properties'],
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
return $array;
|
|
}
|
|
|
|
public function getfolder() {
|
|
$array = array();
|
|
$filesDir = array();
|
|
|
|
$current_path = $this->getFullPath();
|
|
|
|
|
|
if(!$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
if(!is_dir($current_path)) {
|
|
$this->error(sprintf($this->lang('DIRECTORY_NOT_EXIST'),$this->get['path']));
|
|
}
|
|
|
|
// check if file is readable
|
|
if(!$this->has_system_permission($current_path, array('r'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
|
|
}
|
|
|
|
if(!$handle = @opendir($current_path)) {
|
|
$this->error(sprintf($this->lang('UNABLE_TO_OPEN_DIRECTORY'),$this->get['path']));
|
|
} else {
|
|
while (false !== ($file = readdir($handle))) {
|
|
if($file != "." && $file != "..") {
|
|
array_push($filesDir, $file);
|
|
}
|
|
}
|
|
closedir($handle);
|
|
|
|
// By default
|
|
// Sorting files by name ('default' or 'NAME_DESC' cases from $this->config['options']['fileSorting']
|
|
natcasesort($filesDir);
|
|
|
|
foreach($filesDir as $file) {
|
|
|
|
if(is_dir($current_path . $file)) {
|
|
if(!in_array($file, $this->config['exclude']['unallowed_dirs']) && !preg_match( $this->config['exclude']['unallowed_dirs_REGEXP'], $file)) {
|
|
|
|
// check if file is writable and readable
|
|
if(!$this->has_system_permission($current_path . $file, array('w', 'r'))) {
|
|
$protected = 1;
|
|
$previewPath = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['directory'];
|
|
} else {
|
|
$protected =0;
|
|
$previewPath = $this->config['icons']['path'] . $this->config['icons']['directory'];
|
|
}
|
|
|
|
$array[$this->get['path'] . $file .'/'] = array(
|
|
'Path'=> $this->get['path'] . $file .'/',
|
|
'Filename'=>$file,
|
|
'File Type'=>'dir',
|
|
'Protected'=>$protected,
|
|
'Preview'=> $previewPath,
|
|
'Properties'=>array(
|
|
'Date Created'=> date($this->config['options']['dateFormat'], filectime($this->getFullPath($this->get['path'] . $file .'/'))),
|
|
'Date Modified'=> date($this->config['options']['dateFormat'], filemtime($this->getFullPath($this->get['path'] . $file .'/'))),
|
|
'filemtime'=> filemtime($this->getFullPath($this->get['path'] . $file .'/')),
|
|
'Height'=>null,
|
|
'Width'=>null,
|
|
'Size'=>null
|
|
),
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
}
|
|
} else if (!in_array($file, $this->config['exclude']['unallowed_files']) && !preg_match( $this->config['exclude']['unallowed_files_REGEXP'], $file)) {
|
|
$this->item = array();
|
|
$this->item['properties'] = $this->properties;
|
|
$this->get_file_info($this->get['path'] . $file, true);
|
|
|
|
|
|
if(!isset($this->params['type']) || (isset($this->params['type']) && strtolower($this->params['type'])=='images' && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
|
|
if($this->config['upload']['imagesOnly']== false || ($this->config['upload']['imagesOnly']== true && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
|
|
$array[$this->get['path'] . $file] = array(
|
|
'Path'=>$this->get['path'] . $file,
|
|
'Filename'=>$this->item['filename'],
|
|
'File Type'=>$this->item['filetype'],
|
|
'Protected'=>$this->item['protected'],
|
|
'Preview'=>$this->item['preview'],
|
|
'Properties'=>$this->item['properties'],
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$array = $this->sortFiles($array);
|
|
|
|
return $array;
|
|
}
|
|
|
|
|
|
public function editfile() {
|
|
|
|
$current_path = $this->getFullPath();
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($current_path, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
|
|
}
|
|
|
|
if(!$this->has_permission('edit') || !$this->is_valid_path($current_path) || !$this->is_editable($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' - editing file '. $current_path);
|
|
|
|
$content = file_get_contents($current_path);
|
|
$content = htmlspecialchars($content);
|
|
|
|
if($content === false) {
|
|
$this->error(sprintf($this->lang('ERROR_OPENING_FILE')));
|
|
}
|
|
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Path'=>$this->get['path'],
|
|
'Content'=>$this->formatPath($content)
|
|
);
|
|
|
|
return $array;
|
|
}
|
|
|
|
public function savefile() {
|
|
|
|
$current_path = $this->getFullPath($this->post['path']);
|
|
|
|
if(!$this->has_permission('edit') || !$this->is_valid_path($current_path) || !$this->is_editable($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
if(!$this->has_system_permission($current_path, array('w'))) {
|
|
$this->error(sprintf($this->lang('ERROR_WRITING_PERM')));
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' - saving file '. $current_path);
|
|
|
|
$content = htmlspecialchars_decode($this->post['content']);
|
|
$r = file_put_contents($current_path, $content, LOCK_EX);
|
|
|
|
if(!is_numeric($r)) {
|
|
$this->error(sprintf($this->lang('ERROR_SAVING_FILE')));
|
|
}
|
|
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Path'=>$this->formatPath($this->post['path'])
|
|
);
|
|
|
|
return $array;
|
|
}
|
|
|
|
public function rename() {
|
|
|
|
$suffix='';
|
|
|
|
if(substr($this->get['old'],-1,1)=='/') {
|
|
$this->get['old'] = substr($this->get['old'],0,(strlen($this->get['old'])-1));
|
|
$suffix='/';
|
|
}
|
|
$tmp = explode('/',$this->get['old']);
|
|
$filename = $tmp[(sizeof($tmp)-1)];
|
|
$path = str_replace('/' . $filename,'',$this->get['old']);
|
|
|
|
$new_file = $this->getFullPath($path . '/' . $this->get['new']). $suffix;
|
|
$old_file = $this->getFullPath($this->get['old']) . $suffix;
|
|
|
|
if(!$this->has_permission('rename') || !$this->is_valid_path($old_file)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($old_file, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
|
|
}
|
|
|
|
// check if not requesting main FM userfiles folder
|
|
if($this->is_root_folder($old_file)) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED')));
|
|
}
|
|
|
|
// For file only - we check if the new given extension is allowed regarding the security Policy settings
|
|
if(is_file($old_file) && $this->config['security']['allowChangeExtensions'] && !$this->is_allowed_file_type($new_file)) {
|
|
$this->error(sprintf($this->lang('INVALID_FILE_TYPE')));
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' - renaming '. $old_file. ' to ' . $new_file);
|
|
|
|
if(file_exists ($new_file)) {
|
|
if($suffix=='/' && is_dir($new_file)) {
|
|
$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),$this->get['new']));
|
|
}
|
|
if($suffix=='' && is_file($new_file)) {
|
|
$this->error(sprintf($this->lang('FILE_ALREADY_EXISTS'),$this->get['new']));
|
|
}
|
|
}
|
|
|
|
if(!rename($old_file,$new_file)) {
|
|
if(is_dir($old_file)) {
|
|
$this->error(sprintf($this->lang('ERROR_RENAMING_DIRECTORY'),$filename,$this->get['new']));
|
|
} else {
|
|
$this->error(sprintf($this->lang('ERROR_RENAMING_FILE'),$filename,$this->get['new']));
|
|
}
|
|
}
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Old Path'=>$this->formatPath($this->get['old'].$suffix),
|
|
'Old Name'=>$filename,
|
|
'New Path'=>$this->formatPath($path . '/' . $this->get['new'].$suffix),
|
|
'New Name'=>$this->get['new']
|
|
);
|
|
return $array;
|
|
}
|
|
|
|
public function move() {
|
|
|
|
// dynamic fileroot dir must be used when enabled
|
|
if($this->dynamic_fileroot != '') {
|
|
$rootDir = $this->dynamic_fileroot;
|
|
//$rootDir = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files); // instruction could replace the line above
|
|
} else {
|
|
$rootDir = $this->get['root'];
|
|
}
|
|
|
|
$rootDir = str_replace('//', '/', $rootDir);
|
|
$oldPath = $this->getFullPath($this->get['old']);
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($oldPath, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
|
|
}
|
|
|
|
|
|
// check if not requesting main FM userfiles folder
|
|
if($this->is_root_folder($oldPath)) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
|
|
}
|
|
|
|
// old path
|
|
$tmp = explode('/',trim($this->get['old'], '/'));
|
|
$fileName = array_pop($tmp); // file name or new dir name
|
|
$path = '/' . implode('/', $tmp) . '/';
|
|
|
|
// new path
|
|
if (substr($this->get['new'], 0, 1) != "/") {
|
|
// make path relative from old dir
|
|
$newPath = $path . '/' . $this->get['new'] . '/';
|
|
} else {
|
|
$newPath = $rootDir . '/' . $this->get['new'] . '/';
|
|
}
|
|
|
|
$newPath = preg_replace('#/+#', '/', $newPath);
|
|
$newPath = $this->expandPath($newPath, true);
|
|
|
|
$newRelativePath = str_replace('./', '',$newPath);
|
|
$newPath = $this->getFullPath($newPath);
|
|
|
|
if(!$this->has_permission('move') || !$this->is_valid_path($oldPath) || !$this->is_valid_path($newPath)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
// check if file already exists
|
|
if (file_exists($newPath.$fileName)) {
|
|
if(is_dir($newPath.$fileName)) {
|
|
$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),rtrim($this->get['new'], '/').'/'.$fileName));
|
|
} else {
|
|
$this->error(sprintf($this->lang('FILE_ALREADY_EXISTS'),rtrim($this->get['new'], '/').'/'.$fileName));
|
|
}
|
|
}
|
|
|
|
// create dir if not exists
|
|
if (!file_exists($newPath)) {
|
|
if(!mkdir($newPath,0755, true)) {
|
|
$this->error(sprintf($this->lang('UNABLE_TO_CREATE_DIRECTORY'),$newPath));
|
|
}
|
|
}
|
|
|
|
// move
|
|
$this->__log(__METHOD__ . ' - moving '. $oldPath. ' to directory ' . $newPath);
|
|
|
|
if(!rename($oldPath,$newPath . $fileName)) {
|
|
if(is_dir($oldPath)) {
|
|
$this->error(sprintf($this->lang('ERROR_RENAMING_DIRECTORY'),$path,$this->get['new']));
|
|
} else {
|
|
$this->error(sprintf($this->lang('ERROR_RENAMING_FILE'),$path . $fileName,$this->get['new']));
|
|
}
|
|
}
|
|
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Old Path'=>$path,
|
|
'Old Name'=>$fileName,
|
|
'New Path'=>$this->formatPath($newRelativePath),
|
|
'New Name'=>$fileName,
|
|
);
|
|
return $array;
|
|
}
|
|
|
|
public function delete() {
|
|
|
|
$current_path = $this->getFullPath();
|
|
$thumbnail_path = $this->get_thumbnail_path($current_path);
|
|
|
|
|
|
if(!$this->has_permission('delete') || !$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($current_path, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
|
|
}
|
|
|
|
// check if not requesting main FM userfiles folder
|
|
if($this->is_root_folder($current_path)) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED')));
|
|
}
|
|
|
|
if(is_dir($current_path)) {
|
|
|
|
$this->unlinkRecursive($current_path);
|
|
|
|
// we remove thumbnails if needed
|
|
$this->__log(__METHOD__ . ' - deleting thumbnails folder '. $thumbnail_path);
|
|
$this->unlinkRecursive($thumbnail_path);
|
|
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Path'=>$this->formatPath($this->get['path'])
|
|
);
|
|
|
|
$this->__log(__METHOD__ . ' - deleting folder '. $current_path);
|
|
return $array;
|
|
|
|
} else if(file_exists($current_path)) {
|
|
|
|
unlink($current_path);
|
|
|
|
// delete thumbail if exists
|
|
$this->__log(__METHOD__ . ' - deleting thumbnail file '. $thumbnail_path);
|
|
if(file_exists($thumbnail_path)) unlink($thumbnail_path);
|
|
|
|
$array = array(
|
|
'Error'=>"",
|
|
'Code'=>0,
|
|
'Path'=>$this->formatPath($this->get['path'])
|
|
);
|
|
|
|
$this->__log(__METHOD__ . ' - deleting file '. $current_path);
|
|
return $array;
|
|
|
|
} else {
|
|
$this->error(sprintf($this->lang('INVALID_DIRECTORY_OR_FILE')));
|
|
}
|
|
}
|
|
|
|
public function replace() {
|
|
|
|
$this->setParams();
|
|
|
|
if(!isset($_FILES['fileR']) || !is_uploaded_file($_FILES['fileR']['tmp_name'])) {
|
|
|
|
// if fileSize limit set by the user is greater than size allowed in php.ini file, we apply server restrictions
|
|
// and log a warning into file
|
|
if($this->config['upload']['fileSizeLimit'] > $this->getMaxUploadFileSize()) {
|
|
$this->__log(__METHOD__ . ' [WARNING] : file size limit set by user is greater than size allowed in php.ini file : '. $this->config['upload']['fileSizeLimit']. $this->lang('mb') .' > '. $this->getMaxUploadFileSize(). $this->lang('mb'). '.');
|
|
$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
|
|
$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
|
|
}
|
|
|
|
$this->error(sprintf($this->lang('INVALID_FILE_UPLOAD') . ' '. sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb'))),true);
|
|
}
|
|
// we determine max upload size if not set
|
|
if($this->config['upload']['fileSizeLimit'] == 'auto') {
|
|
$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
|
|
}
|
|
|
|
if($_FILES['fileR']['size'] > ($this->config['upload']['fileSizeLimit'] * 1024 * 1024)) {
|
|
$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
|
|
}
|
|
|
|
// we check the given file has the same extension as the old one
|
|
if(strtolower(pathinfo($_FILES['fileR']['name'], PATHINFO_EXTENSION)) != strtolower(pathinfo($this->post['newfilepath'], PATHINFO_EXTENSION))) {
|
|
$this->error(sprintf($this->lang('ERROR_REPLACING_FILE') . ' '. pathinfo($this->post['newfilepath'], PATHINFO_EXTENSION)),true);
|
|
}
|
|
|
|
if(!$this->is_allowed_file_type($_FILES['fileR']['name'])) {
|
|
$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
|
|
}
|
|
|
|
// we check if extension is allowed regarding the security Policy settings
|
|
if(!$this->is_allowed_file_type($_FILES['fileR']['name'])) {
|
|
$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
|
|
}
|
|
|
|
// we check if only images are allowed
|
|
if($this->config['upload']['imagesOnly'] || (isset($this->params['type']) && strtolower($this->params['type'])=='images')) {
|
|
if(!($size = @getimagesize($_FILES['fileR']['tmp_name']))){
|
|
$this->error(sprintf($this->lang('UPLOAD_IMAGES_ONLY')),true);
|
|
}
|
|
if(!in_array($size[2], array(1, 2, 3, 7, 8))) {
|
|
$this->error(sprintf($this->lang('UPLOAD_IMAGES_TYPE_JPEG_GIF_PNG')),true);
|
|
}
|
|
}
|
|
|
|
$current_path = $this->getFullPath($this->post['newfilepath']);
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($current_path, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')), true);
|
|
}
|
|
|
|
if(!$this->has_permission('replace') || !$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
move_uploaded_file($_FILES['fileR']['tmp_name'], $current_path);
|
|
|
|
// we delete thumbnail if file is image and thumbnail already
|
|
if($this->is_image($current_path) && file_exists($this->get_thumbnail($current_path))) {
|
|
unlink($this->get_thumbnail($current_path));
|
|
}
|
|
|
|
// automatically resize image if it's too big
|
|
$imagePath = $current_path;
|
|
if($this->is_image($imagePath) && $this->config['images']['resize']['enabled']) {
|
|
if ($size = @getimagesize($imagePath)){
|
|
if ($size[0] > $this->config['images']['resize']['maxWidth'] || $size[1] > $this->config['images']['resize']['maxHeight']) {
|
|
require_once('./inc/wideimage/lib/WideImage.php');
|
|
|
|
$image = WideImage::load($imagePath);
|
|
$resized = $image->resize($this->config['images']['resize']['maxWidth'], $this->config['images']['resize']['maxHeight'], 'inside');
|
|
$resized->saveToFile($imagePath);
|
|
|
|
$this->__log(__METHOD__ . ' - resizing image : '. $current_path);
|
|
}
|
|
}
|
|
}
|
|
|
|
chmod($current_path, 0644);
|
|
|
|
$response = array(
|
|
'Path'=>dirname($this->post['newfilepath']),
|
|
'Name'=>basename($this->post['newfilepath']),
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
|
|
$this->__log(__METHOD__ . ' - replacing file '. $current_path);
|
|
|
|
echo '<textarea>' . json_encode($response) . '</textarea>';
|
|
die();
|
|
}
|
|
|
|
public function add() {
|
|
|
|
$this->setParams();
|
|
|
|
if(!isset($_FILES['newfile']) || !is_uploaded_file($_FILES['newfile']['tmp_name'])) {
|
|
|
|
// if fileSize limit set by the user is greater than size allowed in php.ini file, we apply server restrictions
|
|
// and log a warning into file
|
|
if($this->config['upload']['fileSizeLimit'] > $this->getMaxUploadFileSize()) {
|
|
$this->__log(__METHOD__ . ' [WARNING] : file size limit set by user is greater than size allowed in php.ini file : '. $this->config['upload']['fileSizeLimit'] . 'Mb > '. $this->getMaxUploadFileSize() .'Mb.');
|
|
$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
|
|
$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
|
|
}
|
|
|
|
$this->error(sprintf($this->lang('INVALID_FILE_UPLOAD') . ' '. sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb'))),true);
|
|
}
|
|
// we determine max upload size if not set
|
|
if($this->config['upload']['fileSizeLimit'] == 'auto') {
|
|
$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
|
|
}
|
|
|
|
if($_FILES['newfile']['size'] > ($this->config['upload']['fileSizeLimit'] * 1024 * 1024)) {
|
|
$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
|
|
}
|
|
|
|
// we check if extension is allowed regarding the security Policy settings
|
|
if(!$this->is_allowed_file_type($_FILES['newfile']['name'])) {
|
|
$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
|
|
}
|
|
|
|
// we check if only images are allowed
|
|
if($this->config['upload']['imagesOnly'] || (isset($this->params['type']) && strtolower($this->params['type'])=='images')) {
|
|
if(!($size = @getimagesize($_FILES['newfile']['tmp_name']))){
|
|
$this->error(sprintf($this->lang('UPLOAD_IMAGES_ONLY')),true);
|
|
}
|
|
if(!in_array($size[2], array(1, 2, 3, 7, 8))) {
|
|
$this->error(sprintf($this->lang('UPLOAD_IMAGES_TYPE_JPEG_GIF_PNG')),true);
|
|
}
|
|
}
|
|
$_FILES['newfile']['name'] = $this->cleanString($_FILES['newfile']['name'],array('.','-'));
|
|
|
|
$current_path = $this->getFullPath($this->post['currentpath']);
|
|
|
|
if(!$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
if(!$this->config['upload']['overwrite']) {
|
|
$_FILES['newfile']['name'] = $this->checkFilename($current_path,$_FILES['newfile']['name']);
|
|
}
|
|
move_uploaded_file($_FILES['newfile']['tmp_name'], $current_path . $_FILES['newfile']['name']);
|
|
|
|
// automatically resize image if it's too big
|
|
$imagePath = $current_path . $_FILES['newfile']['name'];
|
|
if($this->is_image($imagePath) && $this->config['images']['resize']['enabled']) {
|
|
if ($size = @getimagesize($imagePath)){
|
|
if ($size[0] > $this->config['images']['resize']['maxWidth'] || $size[1] > $this->config['images']['resize']['maxHeight']) {
|
|
require_once('./inc/wideimage/lib/WideImage.php');
|
|
|
|
$image = WideImage::load($imagePath);
|
|
$resized = $image->resize($this->config['images']['resize']['maxWidth'], $this->config['images']['resize']['maxHeight'], 'inside');
|
|
$resized->saveToFile($imagePath);
|
|
|
|
$this->__log(__METHOD__ . ' - resizing image : '. $_FILES['newfile']['name']. ' into '. $current_path);
|
|
}
|
|
}
|
|
}
|
|
|
|
chmod($current_path . $_FILES['newfile']['name'], 0644);
|
|
|
|
$response = array(
|
|
'Path'=>$this->post['currentpath'],
|
|
'Name'=>$_FILES['newfile']['name'],
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
|
|
$this->__log(__METHOD__ . ' - adding file '. $_FILES['newfile']['name']. ' into '. $current_path);
|
|
|
|
echo '<textarea>' . json_encode($response) . '</textarea>';
|
|
die();
|
|
}
|
|
|
|
public function addfolder() {
|
|
|
|
$current_path = $this->getFullPath();
|
|
|
|
if(!$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
if(is_dir($current_path . $this->get['name'])) {
|
|
$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),$this->get['name']));
|
|
|
|
}
|
|
$newdir = $this->cleanString($this->get['name']);
|
|
if(!mkdir($current_path . $newdir,0755)) {
|
|
$this->error(sprintf($this->lang('UNABLE_TO_CREATE_DIRECTORY'),$newdir));
|
|
}
|
|
$array = array(
|
|
'Parent'=>$this->get['path'],
|
|
'Name'=>$this->get['name'],
|
|
'Error'=>"",
|
|
'Code'=>0
|
|
);
|
|
$this->__log(__METHOD__ . ' - adding folder '. $current_path . $newdir);
|
|
|
|
return $array;
|
|
}
|
|
|
|
/**
|
|
* function zipFile. Creates a zip file from source to destination
|
|
*
|
|
* @param string $source Source path for zip
|
|
* @param string $destination Destination path for zip
|
|
* @param string|boolean $flag OPTIONAL If true includes the folder also
|
|
* @return boolean
|
|
* @link http://stackoverflow.com/questions/17584869/zip-main-folder-with-sub-folder-inside
|
|
*/
|
|
public function zipFile($source, $destination, $flag = '')
|
|
{
|
|
if (!extension_loaded('zip') || !file_exists($source)) {
|
|
return false;
|
|
}
|
|
|
|
$zip = new ZipArchive();
|
|
if (!$zip->open($destination, ZIPARCHIVE::CREATE)) {
|
|
return false;
|
|
}
|
|
|
|
$source = str_replace('\\', '/', realpath($source));
|
|
if($flag)
|
|
{
|
|
$flag = basename($source) . '/';
|
|
//$zip->addEmptyDir(basename($source) . '/');
|
|
}
|
|
|
|
if (is_dir($source) === true)
|
|
{
|
|
// add file to prevent empty archive error on download
|
|
$zip->addFromString('fm', "This archive has been generated by simogeo's Filemanager : https://github.com/simogeo/Filemanager/");
|
|
|
|
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
|
|
foreach ($files as $file)
|
|
{
|
|
$file = str_replace('\\', '/', realpath($file));
|
|
|
|
if (is_dir($file) === true)
|
|
{
|
|
$zip->addEmptyDir(str_replace($source . '/', '', $flag.$file . '/'));
|
|
}
|
|
else if (is_file($file) === true)
|
|
{
|
|
$zip->addFromString(str_replace($source . '/', '', $flag.$file), file_get_contents($file));
|
|
}
|
|
}
|
|
}
|
|
else if (is_file($source) === true)
|
|
{
|
|
$zip->addFromString($flag.basename($source), file_get_contents($source));
|
|
}
|
|
|
|
return $zip->close();
|
|
}
|
|
|
|
public function download() {
|
|
|
|
$current_path = $this->getFullPath();
|
|
|
|
if(!$this->has_permission('download') || !$this->is_valid_path($current_path)) {
|
|
$this->error("No way.");
|
|
}
|
|
|
|
// check if file is writable
|
|
if(!$this->has_system_permission($current_path, array('w'))) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
|
|
}
|
|
|
|
// we check if extension is allowed regarding the security Policy settings
|
|
if(is_file($current_path)) {
|
|
if(!$this->is_allowed_file_type(basename($current_path))) {
|
|
$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
|
|
}
|
|
|
|
} else {
|
|
|
|
// check if permission is granted
|
|
if(is_dir($current_path) && $this->config['security']['allowFolderDownload'] == false ) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
|
|
}
|
|
|
|
// check if not requesting main FM userfiles folder
|
|
if($this->is_root_folder($current_path)) {
|
|
$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
|
|
}
|
|
|
|
$destination_path = sys_get_temp_dir().'/'.uniqid().'.zip';
|
|
|
|
// if Zip archive is created
|
|
if($this->zipFile($current_path, $destination_path, true)) {
|
|
$current_path = $destination_path;
|
|
} else {
|
|
$this->error($this->lang('ERROR_CREATING_ZIP'));
|
|
}
|
|
|
|
}
|
|
|
|
if(isset($this->get['path']) && file_exists($current_path)) {
|
|
header("Content-type: application/force-download");
|
|
header('Content-Disposition: inline; filename="' . basename($current_path) . '"');
|
|
header("Content-Transfer-Encoding: Binary");
|
|
header("Content-length: ".filesize($current_path));
|
|
header('Content-Type: application/octet-stream');
|
|
header('Content-Disposition: attachment; filename="' . basename($current_path) . '"');
|
|
readfile($current_path);
|
|
$this->__log(__METHOD__ . ' - downloading '. $current_path);
|
|
exit();
|
|
} else {
|
|
$this->error(sprintf($this->lang('FILE_DOES_NOT_EXIST'),$current_path));
|
|
}
|
|
}
|
|
|
|
public function preview($thumbnail) {
|
|
|
|
$current_path = $this->getFullPath();
|
|
|
|
if(isset($this->get['path']) && file_exists($current_path)) {
|
|
|
|
// if $thumbnail is set to true we return the thumbnail
|
|
if($this->config['options']['generateThumbnails'] == true && $thumbnail == true) {
|
|
// get thumbnail (and create it if needed)
|
|
$returned_path = $this->get_thumbnail($current_path);
|
|
} else {
|
|
$returned_path = $current_path;
|
|
}
|
|
|
|
header("Content-type: image/" . strtolower(pathinfo($returned_path, PATHINFO_EXTENSION)));
|
|
header("Content-Transfer-Encoding: Binary");
|
|
header("Content-length: ".filesize($returned_path));
|
|
header('Content-Disposition: inline; filename="' . basename($returned_path) . '"');
|
|
readfile($returned_path);
|
|
|
|
exit();
|
|
|
|
} else {
|
|
$this->error(sprintf($this->lang('FILE_DOES_NOT_EXIST'),$current_path));
|
|
}
|
|
}
|
|
|
|
public function getMaxUploadFileSize() {
|
|
|
|
$max_upload = (int) ini_get('upload_max_filesize');
|
|
$max_post = (int) ini_get('post_max_size');
|
|
$memory_limit = (int) ini_get('memory_limit');
|
|
|
|
$upload_mb = min($max_upload, $max_post, $memory_limit);
|
|
|
|
$this->__log(__METHOD__ . ' - max upload file size is '. $upload_mb. 'Mb');
|
|
|
|
return $upload_mb;
|
|
}
|
|
|
|
private function setParams() {
|
|
$tmp = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/');
|
|
$tmp = explode('?',$tmp);
|
|
$params = array();
|
|
if(isset($tmp[1]) && $tmp[1]!='') {
|
|
$params_tmp = explode('&',$tmp[1]);
|
|
if(is_array($params_tmp)) {
|
|
foreach($params_tmp as $value) {
|
|
$tmp = explode('=',$value);
|
|
if(isset($tmp[0]) && $tmp[0]!='' && isset($tmp[1]) && $tmp[1]!='') {
|
|
$params[$tmp[0]] = $tmp[1];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$this->params = $params;
|
|
}
|
|
|
|
private function setPermissions() {
|
|
|
|
$this->allowed_actions = $this->config['options']['capabilities'];
|
|
|
|
if($this->config['edit']['enabled']) array_push($this->allowed_actions, 'edit');
|
|
|
|
}
|
|
|
|
// check if system permission is granted
|
|
private function has_system_permission($filepath, $perms) {
|
|
|
|
if(in_array('r', $perms)) {
|
|
if(!is_readable($filepath)) return false;
|
|
}
|
|
if(in_array('w', $perms)) {
|
|
if(!is_writable($filepath)) return false;
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
private function get_file_info($path='', $thumbnail = false) {
|
|
|
|
// DO NOT rawurlencode() since $current_path it
|
|
// is used for displaying name file
|
|
if($path=='') {
|
|
$current_path = $this->get['path'];
|
|
} else {
|
|
$current_path = $path;
|
|
}
|
|
$tmp = explode('/',$current_path);
|
|
$this->item['filename'] = $tmp[(sizeof($tmp)-1)];
|
|
|
|
$tmp = explode('.',$this->item['filename']);
|
|
$this->item['filetype'] = $tmp[(sizeof($tmp)-1)];
|
|
$this->item['filemtime'] = filemtime($this->getFullPath($current_path));
|
|
$this->item['filectime'] = filectime($this->getFullPath($current_path));
|
|
|
|
// check if file is writable and readable
|
|
if(!$this->has_system_permission($this->getFullPath($current_path), array('w', 'r'))) {
|
|
$this->item['protected'] = 1;
|
|
$this->item['preview'] = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['default'];
|
|
// prevent Internal Server Error HTTP_CODE 500 on non readable files/folders
|
|
// without returning errors
|
|
return;
|
|
|
|
} else {
|
|
$this->item['protected'] = 0;
|
|
$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['default'];
|
|
}
|
|
|
|
if(is_dir($current_path)) {
|
|
|
|
$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['directory'];
|
|
|
|
} else if(in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt']))) {
|
|
|
|
// svg should not be previewed as raster formats images
|
|
if($this->item['filetype'] == 'svg') {
|
|
$this->item['preview'] = $current_path;
|
|
} else {
|
|
$this->item['preview'] = 'connectors/php/filemanager.php?mode=preview&path='. rawurlencode($current_path).'&'. time();
|
|
if($thumbnail) $this->item['preview'] .= '&thumbnail=true';
|
|
}
|
|
//if(isset($get['getsize']) && $get['getsize']=='true') {
|
|
$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
|
|
if ($this->item['properties']['Size']) {
|
|
list($width, $height, $type, $attr) = getimagesize($this->getFullPath($current_path));
|
|
} else {
|
|
$this->item['properties']['Size'] = 0;
|
|
list($width, $height) = array(0, 0);
|
|
}
|
|
$this->item['properties']['Height'] = $height;
|
|
$this->item['properties']['Width'] = $width;
|
|
$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
|
|
//}
|
|
|
|
} else if(file_exists($this->root . $this->config['icons']['path'] . strtolower($this->item['filetype']) . '.png')) {
|
|
|
|
$this->item['preview'] = $this->config['icons']['path'] . strtolower($this->item['filetype']) . '.png';
|
|
$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
|
|
if (!$this->item['properties']['Size']) $this->item['properties']['Size'] = 0;
|
|
|
|
}
|
|
|
|
$this->item['properties']['Date Modified'] = date($this->config['options']['dateFormat'], $this->item['filemtime']);
|
|
$this->item['properties']['filemtime'] = filemtime($this->getFullPath($current_path));
|
|
//$return['properties']['Date Created'] = $this->config['options']['dateFormat'], $return['filectime']); // PHP cannot get create timestamp
|
|
}
|
|
|
|
private function getFullPath($path = '') {
|
|
|
|
if($path == '') {
|
|
if(isset($this->get['path'])) $path = $this->get['path'];
|
|
}
|
|
|
|
if($this->config['options']['fileRoot'] !== false) {
|
|
$full_path = $this->doc_root . rawurldecode(str_replace ( $this->doc_root , '' , $path));
|
|
if($this->dynamic_fileroot != '') {
|
|
$full_path = $this->doc_root . rawurldecode(str_replace ( $this->dynamic_fileroot , '' , $path));
|
|
// $dynPart = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files); // instruction could replace the line above
|
|
// $full_path = $this->path_to_files . rawurldecode(str_replace ( $dynPart , '' , $path)); // instruction could replace the line above
|
|
}
|
|
} else {
|
|
$full_path = $this->doc_root . rawurldecode($path);
|
|
}
|
|
|
|
$full_path = str_replace("//", "/", $full_path);
|
|
|
|
// $this->__log("getFullPath() returned path : " . $full_path);
|
|
|
|
return $full_path;
|
|
|
|
}
|
|
|
|
/**
|
|
* format path regarding the initial configuration
|
|
* @param string $path
|
|
*/
|
|
private function formatPath($path) {
|
|
|
|
if($this->dynamic_fileroot != '') {
|
|
|
|
$a = explode($this->separator, $path);
|
|
return end($a);
|
|
|
|
} else {
|
|
|
|
return $path;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
private function sortFiles($array) {
|
|
|
|
// handle 'NAME_ASC'
|
|
if($this->config['options']['fileSorting'] == 'NAME_ASC') {
|
|
$array = array_reverse($array);
|
|
}
|
|
|
|
// handle 'TYPE_ASC' and 'TYPE_DESC'
|
|
if(strpos($this->config['options']['fileSorting'], 'TYPE_') !== false || $this->config['options']['fileSorting'] == 'default') {
|
|
|
|
$a = array();
|
|
$b = array();
|
|
|
|
foreach ($array as $key=>$item){
|
|
if(strcmp($item["File Type"], "dir") == 0) {
|
|
$a[$key]=$item;
|
|
}else{
|
|
$b[$key]=$item;
|
|
}
|
|
}
|
|
|
|
if($this->config['options']['fileSorting'] == 'TYPE_ASC') {
|
|
$array = array_merge($a, $b);
|
|
}
|
|
|
|
if($this->config['options']['fileSorting'] == 'TYPE_DESC' || $this->config['options']['fileSorting'] == 'default') {
|
|
$array = array_merge($b, $a);
|
|
}
|
|
}
|
|
|
|
// handle 'MODIFIED_ASC' and 'MODIFIED_DESC'
|
|
if(strpos($this->config['options']['fileSorting'], 'MODIFIED_') !== false) {
|
|
|
|
$modified_order_array = array(); // new array as a column to sort collector
|
|
|
|
foreach ($array as $item) {
|
|
$modified_order_array[] = $item['Properties']['filemtime'];
|
|
}
|
|
|
|
if($this->config['options']['fileSorting'] == 'MODIFIED_ASC') {
|
|
array_multisort($modified_order_array, SORT_ASC, $array);
|
|
}
|
|
if($this->config['options']['fileSorting'] == 'MODIFIED_DESC') {
|
|
array_multisort($modified_order_array, SORT_DESC, $array);
|
|
}
|
|
return $array;
|
|
|
|
}
|
|
|
|
return $array;
|
|
|
|
|
|
}
|
|
|
|
// @todo to remove
|
|
// private function startsWith($haystack, $needle) {
|
|
// // search backwards starting from haystack length characters from the end
|
|
// return $needle === "" || strrpos($haystack, $needle, -strlen($haystack)) !== FALSE;
|
|
// }
|
|
|
|
private function is_valid_path($path) {
|
|
|
|
// @todo to remove
|
|
// if(!$this->startsWith(realpath($path), realpath($this->path_to_files))) return false;
|
|
// @see https://github.com/simogeo/Filemanager/issues/332
|
|
// @see http://stackoverflow.com/questions/5642785/php-a-good-way-to-universalize-paths-across-oss-slash-directions
|
|
|
|
// $givenpath = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
|
|
// $rootpath = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $this->path_to_files);
|
|
// $this->__log('substr doc_root : ' . substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen($this->doc_root)));
|
|
// $this->__log('doc_root : ' . realpath($this->doc_root) . DIRECTORY_SEPARATOR);
|
|
|
|
// return $this->startsWith($givenpath, $rootpath);
|
|
|
|
$this->__log('substr path_to_files : ' . substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen($this->path_to_files)));
|
|
$this->__log('path_to_files : ' . realpath($this->path_to_files) . DIRECTORY_SEPARATOR);
|
|
|
|
return (substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen(realpath($this->path_to_files))) . DIRECTORY_SEPARATOR) == (realpath($this->path_to_files) . DIRECTORY_SEPARATOR);
|
|
|
|
|
|
}
|
|
|
|
private function unlinkRecursive($dir,$deleteRootToo=true) {
|
|
if(!$dh = @opendir($dir)) {
|
|
return;
|
|
}
|
|
while (false !== ($obj = readdir($dh))) {
|
|
if($obj == '.' || $obj == '..') {
|
|
continue;
|
|
}
|
|
|
|
if (!@unlink($dir . '/' . $obj)) {
|
|
$this->unlinkRecursive($dir.'/'.$obj, true);
|
|
}
|
|
}
|
|
|
|
closedir($dh);
|
|
|
|
if ($deleteRootToo) {
|
|
@rmdir($dir);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* is_allowed_file_type()
|
|
* check if extension is allowed regarding the security Policy / Restrictions settings
|
|
* @param string $file
|
|
*/
|
|
private function is_allowed_file_type($file) {
|
|
|
|
$path_parts = pathinfo($file);
|
|
|
|
// if there is no extension
|
|
if (! isset ( $path_parts ['extension'] )) {
|
|
// we check if no extension file are allowed
|
|
return (bool) $this->config['security']['allowNoExtension'];
|
|
}
|
|
|
|
$exts = array_map('strtolower', $this->config['security']['uploadRestrictions']);
|
|
|
|
if($this->config['security']['uploadPolicy'] == 'DISALLOW_ALL') {
|
|
|
|
if(!in_array(strtolower($path_parts['extension']), $exts))
|
|
return false;
|
|
}
|
|
if($this->config['security']['uploadPolicy'] == 'ALLOW_ALL') {
|
|
|
|
if(in_array(strtolower($path_parts['extension']), $exts))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
private function cleanString($string, $allowed = array()) {
|
|
$allow = null;
|
|
|
|
if (!empty($allowed)) {
|
|
foreach ($allowed as $value) {
|
|
$allow .= "\\$value";
|
|
}
|
|
}
|
|
|
|
$mapping = array(
|
|
'Š'=>'S', 'š'=>'s', 'Đ'=>'Dj', 'đ'=>'dj', 'Ž'=>'Z', 'ž'=>'z', 'Č'=>'C', 'č'=>'c', 'Ć'=>'C', 'ć'=>'c',
|
|
'À'=>'A', 'Á'=>'A', 'Â'=>'A', 'Ã'=>'A', 'Ä'=>'A', 'Å'=>'A', 'Æ'=>'A', 'Ç'=>'C', 'È'=>'E', 'É'=>'E',
|
|
'Ê'=>'E', 'Ë'=>'E', 'Ì'=>'I', 'Í'=>'I', 'Î'=>'I', 'Ï'=>'I', 'Ñ'=>'N', 'Ò'=>'O', 'Ó'=>'O', 'Ô'=>'O',
|
|
'Õ'=>'O', 'Ö'=>'O', 'Ő'=>'O', 'Ø'=>'O', 'Ù'=>'U', 'Ú'=>'U', 'Û'=>'U', 'Ü'=>'U', 'Ű'=>'U', 'Ý'=>'Y',
|
|
'Þ'=>'B', 'ß'=>'Ss','à'=>'a', 'á'=>'a', 'â'=>'a', 'ã'=>'a', 'ä'=>'a', 'å'=>'a', 'æ'=>'a', 'ç'=>'c',
|
|
'è'=>'e', 'é'=>'e', 'ê'=>'e', 'ë'=>'e', 'ì'=>'i', 'í'=>'i', 'î'=>'i', 'ï'=>'i', 'ð'=>'o', 'ñ'=>'n',
|
|
'ò'=>'o', 'ó'=>'o', 'ô'=>'o', 'õ'=>'o', 'ö'=>'o', 'ő'=>'o', 'ø'=>'o', 'ù'=>'u', 'ú'=>'u', 'ű'=>'u',
|
|
'û'=>'u', 'ü'=>'u', 'ý'=>'y', 'ý'=>'y', 'þ'=>'b', 'ÿ'=>'y', 'Ŕ'=>'R', 'ŕ'=>'r', ' '=>'_', "'"=>'_', '/'=>''
|
|
);
|
|
|
|
if (is_array($string)) {
|
|
|
|
$cleaned = array();
|
|
|
|
foreach ($string as $key => $clean) {
|
|
$clean = strtr($clean, $mapping);
|
|
|
|
if($this->config['options']['chars_only_latin'] == true) {
|
|
$clean = preg_replace("/[^{$allow}_a-zA-Z0-9]/u", '', $clean);
|
|
// $clean = preg_replace("/[^{$allow}_a-zA-Z0-9\x{0430}-\x{044F}\x{0410}-\x{042F}]/u", '', $clean); // allow only latin alphabet with cyrillic
|
|
}
|
|
$cleaned[$key] = preg_replace('/[_]+/', '_', $clean); // remove double underscore
|
|
}
|
|
} else {
|
|
$clean = strtr($string, $mapping);
|
|
if($this->config['options']['chars_only_latin'] == true) {
|
|
$clean = preg_replace("/[^{$allow}_a-zA-Z0-9]/u", '', $clean);
|
|
// $clean = preg_replace("/[^{$allow}_a-zA-Z0-9\x{0430}-\x{044F}\x{0410}-\x{042F}]/u", '', $string); // allow only latin alphabet with cyrillic
|
|
}
|
|
$cleaned = preg_replace('/[_]+/', '_', $clean); // remove double underscore
|
|
|
|
}
|
|
return $cleaned;
|
|
}
|
|
|
|
/**
|
|
* Checking if permission is set or not for a given action
|
|
* @param string $action
|
|
* @return boolean
|
|
*/
|
|
private function has_permission($action) {
|
|
return in_array($action, $this->allowed_actions);
|
|
}
|
|
|
|
/**
|
|
* Return Thumbnail path from given path
|
|
* works for both file and dir path
|
|
* @param string $path
|
|
*/
|
|
private function get_thumbnail_path($path) {
|
|
|
|
$pos = strrpos($path, $this->separator);
|
|
$a[0] = substr($path,0,$pos);
|
|
$a[1] = substr($path,$pos+strlen($this->separator));
|
|
|
|
$path_parts = pathinfo($path);
|
|
|
|
$thumbnail_path = $a[0].$this->separator.'/'.$this->cachefolder.dirname(end($a)).'/';
|
|
if(!is_dir($path)) $thumbnail_name = $path_parts['filename'] . '_' . $this->thumbnail_width . 'x' . $this->thumbnail_height . 'px.' . $path_parts['extension'];
|
|
|
|
if(is_dir($path)) {
|
|
$thumbnail_fullpath = $thumbnail_path;
|
|
} else {
|
|
$thumbnail_fullpath = $thumbnail_path.$thumbnail_name;
|
|
}
|
|
|
|
return $thumbnail_fullpath;
|
|
|
|
}
|
|
|
|
/**
|
|
* For debugging just call
|
|
* the direct URL http://localhost/Filemanager/connectors/php/filemanager.php?mode=preview&path=%2FFilemanager%2Fuserfiles%2FMy%20folder3%2Fblanches_neiges.jPg&thumbnail=true
|
|
* and echo vars below
|
|
* @param string $path
|
|
*/
|
|
private function get_thumbnail($path) {
|
|
|
|
require_once('./inc/wideimage/lib/WideImage.php');
|
|
|
|
$thumbnail_fullpath = $this->get_thumbnail_path($path);
|
|
|
|
// echo $thumbnail_fullpath.'<br>';
|
|
|
|
// if thumbnail does not exist we generate it or cacheThumbnail is set to false
|
|
if(!file_exists($thumbnail_fullpath) || $this->config['options']['cacheThumbnails'] == false) {
|
|
|
|
// create folder if it does not exist
|
|
if(!file_exists(dirname($thumbnail_fullpath))) {
|
|
mkdir(dirname($thumbnail_fullpath), 0755, true);
|
|
}
|
|
$image = WideImage::load($path);
|
|
$resized = $image->resize($this->thumbnail_width, $this->thumbnail_height, 'outside')->crop('center', 'center', $this->thumbnail_width, $this->thumbnail_height);
|
|
$resized->saveToFile($thumbnail_fullpath);
|
|
|
|
$this->__log(__METHOD__ . ' - generating thumbnail : '. $thumbnail_fullpath);
|
|
|
|
}
|
|
|
|
return $thumbnail_fullpath;
|
|
}
|
|
|
|
private function sanitize($var) {
|
|
|
|
$sanitized = strip_tags($var);
|
|
$sanitized = str_replace('http://', '', $sanitized);
|
|
$sanitized = str_replace('https://', '', $sanitized);
|
|
$sanitized = str_replace('../', '', $sanitized);
|
|
|
|
return $sanitized;
|
|
}
|
|
|
|
private function checkFilename($path,$filename,$i='') {
|
|
if(!file_exists($path . $filename)) {
|
|
return $filename;
|
|
} else {
|
|
$_i = $i;
|
|
$tmp = explode(/*$this->config['upload']['suffix'] . */$i . '.',$filename);
|
|
if($i=='') {
|
|
$i=1;
|
|
} else {
|
|
$i++;
|
|
}
|
|
$filename = str_replace($_i . '.' . $tmp[(sizeof($tmp)-1)],$i . '.' . $tmp[(sizeof($tmp)-1)],$filename);
|
|
return $this->checkFilename($path,$filename,$i);
|
|
}
|
|
}
|
|
|
|
private function loadLanguageFile() {
|
|
|
|
// we load langCode var passed into URL if present and if exists
|
|
// else, we use default configuration var
|
|
$lang = $this->config['options']['culture'];
|
|
if(isset($this->params['langCode']) && in_array($this->params['langCode'], $this->languages)) $lang = $this->params['langCode'];
|
|
|
|
if(file_exists($this->root. 'scripts/languages/'.$lang.'.js')) {
|
|
$stream =file_get_contents($this->root. 'scripts/languages/'.$lang.'.js');
|
|
$this->language = json_decode($stream, true);
|
|
} else {
|
|
$l = substr($lang,0,2); // we try with 2 chars language file
|
|
if(file_exists($this->root. 'scripts/languages/'.$l.'.js')) {
|
|
$stream =file_get_contents($this->root. 'scripts/languages/'.$l.'.js');
|
|
$this->language = json_decode($stream, true);
|
|
} else {
|
|
// we include default language file
|
|
$stream =file_get_contents($this->root. 'scripts/languages/'.$this->config['options']['culture'].'.js');
|
|
$this->language = json_decode($stream, true);
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
private function availableLanguages() {
|
|
|
|
if ($handle = opendir($this->root.'/scripts/languages/')) {
|
|
while (false !== ($file = readdir($handle))) {
|
|
if ($file != "." && $file != "..") {
|
|
array_push($this->languages, pathinfo($file, PATHINFO_FILENAME));
|
|
}
|
|
}
|
|
closedir($handle);
|
|
}
|
|
}
|
|
|
|
private function is_image($path) {
|
|
|
|
$a = getimagesize($path);
|
|
$image_type = $a[2];
|
|
|
|
return in_array($image_type , array(IMAGETYPE_GIF , IMAGETYPE_JPEG ,IMAGETYPE_PNG , IMAGETYPE_BMP));
|
|
}
|
|
|
|
private function is_root_folder($path) {
|
|
return rtrim($this->path_to_files,"/") == rtrim($path,"/");
|
|
}
|
|
|
|
private function is_editable($file) {
|
|
|
|
$path_parts = pathinfo($file);
|
|
|
|
$exts = array_map('strtolower', $this->config['edit']['editExt']);
|
|
|
|
return in_array($path_parts['extension'], $exts);
|
|
}
|
|
|
|
|
|
private function get_user_ip()
|
|
{
|
|
$client = @$_SERVER['HTTP_CLIENT_IP'];
|
|
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
$remote = $_SERVER['REMOTE_ADDR'];
|
|
|
|
if(filter_var($client, FILTER_VALIDATE_IP))
|
|
{
|
|
$ip = $client;
|
|
}
|
|
elseif(filter_var($forward, FILTER_VALIDATE_IP))
|
|
{
|
|
$ip = $forward;
|
|
}
|
|
else
|
|
{
|
|
$ip = $remote;
|
|
}
|
|
|
|
return $ip;
|
|
}
|
|
|
|
|
|
private function __log($msg) {
|
|
|
|
if($this->logger == true) {
|
|
|
|
$fp = fopen($this->logfile, "a");
|
|
$str = "[" . date("d/m/Y h:i:s", time()) . "]#". $this->get_user_ip() . "#" . $msg;
|
|
fwrite($fp, $str . PHP_EOL);
|
|
fclose($fp);
|
|
}
|
|
|
|
}
|
|
|
|
public function enableLog($logfile = '') {
|
|
|
|
$this->logger = true;
|
|
|
|
if($logfile != '') {
|
|
$this->logfile = $logfile;
|
|
}
|
|
|
|
$this->__log(__METHOD__ . ' - Log enabled (in '. $this->logfile. ' file)');
|
|
|
|
}
|
|
|
|
public function disableLog() {
|
|
|
|
$this->logger = false;
|
|
|
|
$this->__log(__METHOD__ . ' - Log disabled');
|
|
}
|
|
|
|
/**
|
|
* Remove "../" from path
|
|
*
|
|
* @param string path to be converted
|
|
* @param bool if dir names should be cleaned
|
|
* @return string or false in case of error (as exception are not used here)
|
|
*/
|
|
public function expandPath($path, $clean = false)
|
|
{
|
|
$todo = explode('/', $path);
|
|
$fullPath = array();
|
|
|
|
foreach ($todo as $dir) {
|
|
if ($dir == '..') {
|
|
$element = array_pop($fullPath);
|
|
if (is_null($element)) {
|
|
return false;
|
|
}
|
|
} else {
|
|
if ($clean) {
|
|
$dir = $this->cleanString($dir);
|
|
}
|
|
array_push($fullPath, $dir);
|
|
}
|
|
}
|
|
return implode('/', $fullPath);
|
|
}
|
|
}
|
|
?>
|