diff --git a/core/vendor/filemanager/UploadHandler.php b/core/vendor/filemanager/UploadHandler.php index ed212191..780c54d3 100755 --- a/core/vendor/filemanager/UploadHandler.php +++ b/core/vendor/filemanager/UploadHandler.php @@ -380,6 +380,10 @@ class UploadHandler $file->error = $this->get_error_message('accept_file_types'); return false; } + if (preg_match($this->options['image_file_types'], $file->name) && function_exists('exif_imagetype') && !@exif_imagetype($uploaded_file)) { + $file->error = $this->get_error_message('accept_file_types'); + return false; + } if ($uploaded_file && is_uploaded_file($uploaded_file)) { $file_size = $this->get_file_size($uploaded_file); } else { @@ -519,7 +523,7 @@ class UploadHandler // Remove path information and dots around the filename, to prevent uploading // into different directories or replacing hidden system files. // Also remove control characters and spaces (\x00..\x20) around the filename: - $name = trim($this->basename(stripslashes($name)), ".\x00..\x20"); + $name = trim($this->basename(stripslashes($name)), "\x00..\x20"); // Use a timestamp for empty filenames: if (!$name) { $name = str_replace('.', '-', microtime(true)); @@ -1330,6 +1334,11 @@ class UploadHandler '', $content_disposition_header )) : null; + // TODO check + // if (isset($content_disposition_header) && !empty($content_disposition_header) ) { + // $file_name = str_replace('attachment; filename="', '', $content_disposition_header); + // $file_name = str_replace('"', '', $file_name); + // } // Parse the Content-Range header, which has the following form: // Content-Range: bytes 0-524287/2000000 $content_range_header = $this->get_server_var('HTTP_CONTENT_RANGE'); diff --git a/core/vendor/filemanager/ajax_calls.php b/core/vendor/filemanager/ajax_calls.php index 025d5cfe..0fe40f3f 100755 --- a/core/vendor/filemanager/ajax_calls.php +++ b/core/vendor/filemanager/ajax_calls.php @@ -1,8 +1,6 @@ send(); exit; } + + +//check $_GET['file'] +if(isset($_GET['file']) && !checkRelativePath($_GET['file'])) { + response(trans('wrong path').AddErrorLocation())->send(); + exit; +} + +//check $_POST['file'] +if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) { + response(trans('wrong path').AddErrorLocation())->send(); + exit; +} + + $ftp = ftp_con($config); if(isset($_GET['action'])) @@ -52,7 +65,7 @@ if(isset($_GET['action'])) case 'filter': if (isset($_GET['type'])) { - if (isset($remember_text_filter) && $remember_text_filter) + if (isset($config['remember_text_filter']) && $config['remember_text_filter']) { $_SESSION['RF']["filter"] = $_GET['type']; } @@ -73,24 +86,10 @@ if(isset($_GET['action'])) $_SESSION['RF']["descending"] = $_GET['descending']; } break; - case 'image_size': // not used - $pos = strpos($_POST['path'], $upload_dir); - if ($pos !== false) - { - $info = getimagesize(substr_replace($_POST['path'], $current_path, $pos, strlen($upload_dir))); - response($info)->send(); - exit; - } - break; case 'save_img': $info = pathinfo($_POST['name']); - if ( - strpos($_POST['path'], '/') === 0 - || strpos($_POST['path'], '../') !== false - || strpos($_POST['path'], '..\\') !== false - || strpos($_POST['path'], './') === 0 - || (strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0) + if ((strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0) || $_POST['name'] != fix_filename($_POST['name'], $config) || ! in_array(strtolower($info['extension']), array( 'jpg', 'jpeg', 'png' )) ) @@ -106,7 +105,7 @@ if(isset($_GET['action'])) } if (!checkresultingsize(strlen($image_data))) { - response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } if($ftp){ @@ -116,42 +115,36 @@ if(isset($_GET['action'])) $temp .=".".substr(strrchr($_POST['url'],'.'),1); file_put_contents($temp,$image_data); - $ftp->put($ftp_base_folder.$upload_dir . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); + $ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); create_img($temp,$temp,122,91); - $ftp->put($ftp_base_folder.$ftp_thumbs_dir. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); + $ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); unlink($temp); }else{ - file_put_contents($current_path . $_POST['path'] . $_POST['name'],$image_data); - create_img($current_path . $_POST['path'] . $_POST['name'], $thumbs_base_path.$_POST['path'].$_POST['name'], 122, 91); + file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'],$image_data); + create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91); // TODO something with this function cause its blowing my mind new_thumbnails_creation( - $current_path.$_POST['path'], - $current_path.$_POST['path'].$_POST['name'], + $config['current_path'].$_POST['path'], + $config['current_path'].$_POST['path'].$_POST['name'], $_POST['name'], - $current_path, + $config['current_path'], $config ); } break; case 'extract': - if ( strpos($_POST['path'], '/') === 0 - || strpos($_POST['path'], '../') !== false - || strpos($_POST['path'], '..\\') !== false - || strpos($_POST['path'], './') === 0) - { - response(trans('wrong path'.AddErrorLocation()))->send(); - exit; + if(!$config['extract_files']){ + response(trans('wrong action').AddErrorLocation())->send(); } - if($ftp){ - $path = $ftp_base_url.$upload_dir . $_POST['path']; - $base_folder = $ftp_base_url.$upload_dir . fix_dirname($_POST['path']) . "/"; + $path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']; + $base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/"; }else{ - $path = $current_path . $_POST['path']; - $base_folder = $current_path . fix_dirname($_POST['path']) . "/"; + $path = $config['current_path'] . $_POST['path']; + $base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/"; } $info = pathinfo($path); @@ -184,32 +177,28 @@ if(isset($_GET['action'])) $sizeTotalFinal += $aStat['size']; } if (!checkresultingsize($sizeTotalFinal)) { - response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } - //make all the folders + //make all the folders and unzip into the folders for ($i = 0; $i < $zip->numFiles; $i++) { - $OnlyFileName = $zip->getNameIndex($i); - $FullFileName = $zip->statIndex($i); - if (substr($FullFileName['name'], -1, 1) == "/") - { - create_folder($base_folder . $FullFileName['name']); - } - } - //unzip into the folders - for ($i = 0; $i < $zip->numFiles; $i++) - { - $OnlyFileName = $zip->getNameIndex($i); $FullFileName = $zip->statIndex($i); - if ( ! (substr($FullFileName['name'], -1, 1) == "/")) - { - $fileinfo = pathinfo($OnlyFileName); - if (in_array(strtolower($fileinfo['extension']), $ext)) + if(checkRelativePath($FullFileName['name'])){ + if (substr($FullFileName['name'], -1, 1) == "/") { - copy('zip://' . $path . '#' . $OnlyFileName, $base_folder . $FullFileName['name']); + create_folder($base_folder . $FullFileName['name']); + } + + if ( ! (substr($FullFileName['name'], -1, 1) == "/")) + { + $fileinfo = pathinfo($FullFileName['name']); + if (in_array(strtolower($fileinfo['extension']), $config['ext'])) + { + copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']); + } } } } @@ -234,7 +223,7 @@ if(isset($_GET['action'])) $phar = new PharData($path); $phar->decompressFiles(); $files = array(); - check_files_extensions_on_phar($phar, $files, '', $ext); + check_files_extensions_on_phar($phar, $files, '', $config); $phar->extractTo($base_folder, $files, true); break; @@ -246,22 +235,28 @@ if(isset($_GET['action'])) if($ftp){ unlink($path); - $ftp->putAll($base_folder, "/".$ftp_base_folder . $upload_dir . fix_dirname($_POST['path']), FTP_BINARY); + $ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY); deleteDir($base_folder); } break; case 'media_preview': + if(isset($_GET['file'])){ + $_GET['file'] = sanitize($_GET['file']); + } + if(isset($_GET['title'])){ + $_GET['title'] = sanitize($_GET['title']); + } if($ftp){ - $preview_file = $ftp_base_url.$upload_dir . $_GET['file']; + $preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file']; }else{ - $preview_file = $current_path . $_GET["file"]; + $preview_file = $config['current_path'] . $_GET["file"]; } $info = pathinfo($preview_file); ob_start(); ?> -
+
- + - + '; - $ret .= '
'.$data.'
'; - } else { - $ret .= '
'.$data.'
'; - } + $ret .= ''; + $ret .= '
'.$data.'
'; } elseif ($preview_mode == 'google') { if($ftp){ $url_file = $selected_file; }else{ - $url_file = $base_url . $upload_dir . str_replace($current_path, '', $_GET["file"]); + $url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]); } $googledoc_url = urlencode($url_file); - $googledoc_html = ""; - $ret = $googledoc_html; + $ret = ""; } - } else { + }else{ $data = stripslashes(htmlspecialchars(file_get_contents($selected_file))); - $ret = ''; + if(in_array($info['extension'],array('html','html'))){ + $ret = ''; + }else{ + $ret = ''; + } + } response($ret)->send(); @@ -700,4 +689,3 @@ if(isset($_GET['action'])) response(trans('no action passed').AddErrorLocation())->send(); exit; } -?> \ No newline at end of file diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index cb063909..9b3828ce 100755 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -1,5 +1,5 @@ false, + 'multiple_selection' => true, /* | | The user can have a select button that pass a json to external input or pass the first file selected to editor | If you use responsivefilemanager tinymce extension can copy into editor multiple object like images, videos, audios, links in the same time | */ - 'multiple_selection_action_button' => false, + 'multiple_selection_action_button' => true, /* |-------------------------------------------------------------------------- @@ -330,23 +330,28 @@ $config = array( 'rename_files' => true, 'rename_folders' => true, 'duplicate_files' => true, + 'extract_files' => true, 'copy_cut_files' => true, // for copy/cut files 'copy_cut_dirs' => true, // for copy/cut directories 'chmod_files' => true, // change file permissions 'chmod_dirs' => true, // change folder permissions 'preview_text_files' => true, // eg.: txt, log etc. 'edit_text_files' => true, // eg.: txt, log etc. - 'create_text_files' => true, // only create files with exts. defined in $editable_text_file_exts + 'create_text_files' => true, // only create files with exts. defined in $config['editable_text_file_exts'] + 'download_files' => true, // allow download files or just preview // you can preview these type of files if $preview_text_files is true - 'previewable_text_file_exts' => array( "bsh", "c","css", "cc", "cpp", "cs", "csh", "cyc", "cv", "htm", "html", "java", "js", "m", "mxml", "perl", "pl", "pm", "py", "rb", "sh", "xhtml", "xml","xsl" ), - 'previewable_text_file_exts_no_prettify' => array( 'txt', 'log' ), + 'previewable_text_file_exts' => array( "bsh", "c","css", "cc", "cpp", "cs", "csh", "cyc", "cv", "htm", "html", "java", "js", "m", "mxml", "perl", "pl", "pm", "py", "rb", "sh", "xhtml", "xml","xsl",'txt', 'log','' ), // you can edit these type of files if $edit_text_files is true (only text based files) - // you can create these type of files if $create_text_files is true (only text based files) + // you can create these type of files if $config['create_text_files'] is true (only text based files) // if you want you can add html,css etc. // but for security reasons it's NOT RECOMMENDED! - 'editable_text_file_exts' => array( 'txt', 'log', 'xml', 'html', 'css', 'htm', 'js' ), + 'editable_text_file_exts' => array( 'txt', 'log', 'xml', 'html', 'css', 'htm', 'js','' ), + + 'jplayer_exts' => array("mp4","flv","webmv","webma","webm","m4a","m4v","ogv","oga","mp3","midi","mid","ogg","wav"), + + 'cad_exts' => array('dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'svg'), // Preview with Google Documents 'googledoc_enabled' => true, @@ -363,8 +368,8 @@ $config = array( //********************** //Allowed extensions (lowercase insert) //********************** - 'ext_img' => array( 'jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg', 'ico' ), //Images - 'ext_file' => array( 'doc', 'docx', 'rtf', 'pdf', 'xls', 'xlsx', 'txt', 'csv', 'html', 'xhtml', 'psd', 'sql', 'log', 'fla', 'xml', 'ade', 'adp', 'mdb', 'accdb', 'ppt', 'pptx', 'odt', 'ots', 'ott', 'odb', 'odg', 'otp', 'otg', 'odf', 'ods', 'odp', 'css', 'ai', 'kmz','dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'tiff'), //Files + 'ext_img' => array( 'jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff','svg', 'ico' ), //Images + 'ext_file' => array( 'doc', 'docx', 'rtf', 'pdf', 'xls', 'xlsx', 'txt', 'csv', 'html', 'xhtml', 'psd', 'sql', 'log', 'fla', 'xml', 'ade', 'adp', 'mdb', 'accdb', 'ppt', 'pptx', 'odt', 'ots', 'ott', 'odb', 'odg', 'otp', 'otg', 'odf', 'ods', 'odp', 'css', 'ai', 'kmz','dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'tiff',''), //Files 'ext_video' => array( 'mov', 'mpeg', 'm4v', 'mp4', 'avi', 'mpg', 'wma', "flv", "webm" ), //Video 'ext_music' => array( 'mp3', 'mpga', 'm4a', 'ac3', 'aiff', 'mid', 'ogg', 'wav' ), //Audio 'ext_misc' => array( 'zip', 'rar', 'gz', 'tar', 'iso', 'dmg' ), //Archives @@ -374,7 +379,21 @@ $config = array( // If you insert an extensions blacklist array the filemanager don't check any extensions but simply block the extensions in the list // otherwise check Allowed extensions configuration //********************* - 'ext_blacklist' => false, //['jpg'], + 'ext_blacklist' => false,//['exe','bat','jpg'], + + + //Empty filename permits like .htaccess, .env, ... + 'empty_filename' => false, + + /* + |-------------------------------------------------------------------------- + | accept files without extension + |-------------------------------------------------------------------------- + | + | If you want to accept files without extension, remember to add '' extension on allowed extension + | + */ + 'files_without_extension' => false, /****************** * AVIARY config @@ -480,4 +499,3 @@ return array_merge( ), ) ); -?> diff --git a/core/vendor/filemanager/css/rtl-style.css b/core/vendor/filemanager/css/rtl-style.css index eb67f806..dd0800c5 100755 Binary files a/core/vendor/filemanager/css/rtl-style.css and b/core/vendor/filemanager/css/rtl-style.css differ diff --git a/core/vendor/filemanager/dialog.php b/core/vendor/filemanager/dialog.php index a7c5bfe0..d0fafcfa 100755 --- a/core/vendor/filemanager/dialog.php +++ b/core/vendor/filemanager/dialog.php @@ -4,17 +4,14 @@ $time = time(); $config = include 'config/config.php'; -//TODO switch to array -extract($config, EXTR_OVERWRITE); - if (USE_ACCESS_KEYS == TRUE){ - if (!isset($_GET['akey'], $access_keys) || empty($access_keys)){ + if (!isset($_GET['akey'], $config['access_keys']) || empty($config['access_keys'])){ die('Access Denied!'); } $_GET['akey'] = strip_tags(preg_replace( "/[^a-zA-Z0-9\._-]/", '', $_GET['akey'])); - if (!in_array($_GET['akey'], $access_keys)){ + if (!in_array($_GET['akey'], $config['access_keys'])){ die('Access Denied!'); } } @@ -24,19 +21,22 @@ $_SESSION['RF']["verify"] = "RESPONSIVEfilemanager"; if(isset($_POST['submit'])){ include 'upload.php'; }else{ + $config['default_language'] = $config['default_language']; + $available_languages = include 'lang/languages.php'; -$lang = $config['default_language']; -$languages = include 'lang/languages.php'; -if (isset($_GET['lang'])) -{ - $lang = strip_tags($_GET['lang']); - if(array_key_exists($lang,$languages)){ - $_SESSION['RF']['language'] = $lang; + list($preferred_language) = array_values(array_filter(array( + isset($_GET['lang']) ? $_GET['lang'] : null, + isset($_SESSION['RF']['language']) ? $_SESSION['RF']['language'] : null, + $config['default_language'] + ))); + + if(array_key_exists($preferred_language, $available_languages)) + { + $_SESSION['RF']['language'] = $preferred_language; } -}elseif(isset($_SESSION['RF']['language']) && $_SESSION['RF']['language']) - $lang = strip_tags($_SESSION['RF']['language']); - if(array_key_exists($lang,$languages)){ - $_SESSION['RF']['language'] = $lang; + else + { + $_SESSION['RF']['language'] = $config['default_language']; } } include 'include/utils.php'; @@ -47,10 +47,8 @@ if (isset($_GET['fldr']) && !empty($_GET['fldr'])) { }elseif(isset($_SESSION['RF']['fldr']) && !empty($_SESSION['RF']['fldr'])){ $subdir_path = rawurldecode(trim(strip_tags($_SESSION['RF']['fldr']),"/")); } -if (strpos($subdir_path,'../') === FALSE - && strpos($subdir_path,'./') === FALSE - && strpos($subdir_path,'..\\') === FALSE - && strpos($subdir_path,'.\\') === FALSE) + +if ( checkRelativePath($subdir_path)) { $subdir = strip_tags($subdir_path) ."/"; $_SESSION['RF']['fldr'] = $subdir_path; @@ -70,11 +68,11 @@ setcookie('last_position',$subdir,time() + (86400 * 7)); if ($subdir == "/") { $subdir = ""; } // If hidden folders are specified -if(count($hidden_folders)){ +if(count($config['hidden_folders'])){ // If hidden folder appears in the path specified in URL parameter "fldr" $dirs = explode('/', $subdir); foreach($dirs as $dir){ - if($dir !== '' && in_array($dir, $hidden_folders)){ + if($dir !== '' && in_array($dir, $config['hidden_folders'])){ // Ignore the path $subdir = ""; break; @@ -82,8 +80,8 @@ if(count($hidden_folders)){ } } -if ($show_total_size) { - list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($current_path,false); +if ($config['show_total_size']) { + list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($config['current_path'],false); } /*** *SUB-DIR CODE @@ -94,9 +92,10 @@ if (!isset($_SESSION['RF']["subfolder"])) } $rfm_subfolder = ''; -if (!empty($_SESSION['RF']["subfolder"]) && strpos($_SESSION['RF']["subfolder"],'../') === FALSE && strpos($_SESSION['RF']["subfolder"],'..\\') === FALSE -&& strpos($_SESSION['RF']["subfolder"],'./') === FALSE && strpos($_SESSION['RF']["subfolder"],"/") !== 0 -&& strpos($_SESSION['RF']["subfolder"],'.') === FALSE) +if (!empty($_SESSION['RF']["subfolder"]) + && strpos($_SESSION['RF']["subfolder"],"/") !== 0 + && strpos($_SESSION['RF']["subfolder"],'.') === FALSE +) { $rfm_subfolder = $_SESSION['RF']['subfolder']; } @@ -105,23 +104,23 @@ if ($rfm_subfolder != "" && $rfm_subfolder[strlen($rfm_subfolder)-1] != "/") { $ $ftp=ftp_con($config); -if (($ftp && !$ftp->isDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir)) || (!$ftp && !file_exists($current_path.$rfm_subfolder.$subdir))) +if (($ftp && !$ftp->isDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir)) || (!$ftp && !file_exists($config['current_path'].$rfm_subfolder.$subdir))) { $subdir = ''; $rfm_subfolder = ""; } -$cur_dir = $upload_dir.$rfm_subfolder.$subdir; -$cur_path = $current_path.$rfm_subfolder.$subdir; -$thumbs_path = $thumbs_base_path.$rfm_subfolder; +$cur_dir = $config['upload_dir'].$rfm_subfolder.$subdir; +$cur_path = $config['current_path'].$rfm_subfolder.$subdir; +$thumbs_path = $config['thumbs_base_path'].$rfm_subfolder; $parent = $rfm_subfolder.$subdir; if($ftp){ - $cur_dir = $ftp_base_folder.$cur_dir; + $cur_dir = $config['ftp_base_folder'].$cur_dir; $cur_path = str_replace(array('/..','..'),'',$cur_dir); - $thumbs_path = str_replace(array('/..','..'),'',$ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder); - $parent = $ftp_base_folder.$parent; + $thumbs_path = str_replace(array('/..','..'),'',$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder); + $parent = $config['ftp_base_folder'].$parent; } if(!$ftp){ @@ -132,11 +131,10 @@ if(!$ftp){ $i++; if ($parent=="./") $parent=""; - if (file_exists($current_path.$parent."config.php")) + if (file_exists($config['current_path'].$parent."config.php")) { - $configTemp = include $current_path.$parent.'config.php'; + $configTemp = include $config['current_path'].$parent.'config.php'; $config = array_merge($config,$configTemp); - extract($config, EXTR_OVERWRITE); $cycle = FALSE; } @@ -192,7 +190,7 @@ $crossdomain=!!$crossdomain; //view type if(!isset($_SESSION['RF']["view_type"])) { - $view = $default_view; + $view = $config['default_view']; $_SESSION['RF']["view_type"] = $view; } @@ -253,7 +251,7 @@ if (isset($_GET['extensions'])){ $ext_tmp = array(); foreach($extensions as $extension){ $extension = fix_strtolower($extension); - if(in_array( $extension, $config['ext'])){ + if(check_file_extension( $extension, $config)){ $ext_tmp[]=$extension; } } @@ -311,7 +309,7 @@ $get_params['fldr'] =''; $get_params = http_build_query($get_params); ?> - + @@ -325,7 +323,7 @@ $get_params = http_build_query($get_params); - +
- +

@@ -634,9 +633,9 @@ $class_ext = ''; $src = ''; if($ftp){ try{ - $files = $ftp->scanDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir); - if (!$ftp->isDir($ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir)){ - create_folder(false,$ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir,$ftp,$config); + $files = $ftp->scanDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir); + if (!$ftp->isDir($config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir)){ + create_folder(false,$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir,$ftp,$config); } }catch(FtpClient\FtpException $e){ echo "Error: "; @@ -645,7 +644,7 @@ if($ftp){ die(); } }else{ - $files = scandir($current_path.$rfm_subfolder.$subdir); + $files = scandir($config['current_path'].$rfm_subfolder.$subdir); } $n_files= count($files); @@ -664,11 +663,14 @@ foreach($files as $k=>$file){ if($file['type']=='file'){ $current_files_number++; $file_ext = substr(strrchr($file['name'],'.'),1); + $is_dir = false; }else{ $current_folders_number++; $file_ext=trans('Type_dir'); + $is_dir = true; } $sorted[$k]=array( + 'is_dir'=>$is_dir, 'file'=>$file['name'], 'file_lcase'=>strtolower($file['name']), 'date'=>$date, @@ -680,16 +682,17 @@ foreach($files as $k=>$file){ if($file!="." && $file!=".."){ - if(is_dir($current_path.$rfm_subfolder.$subdir.$file)){ - $date=filemtime($current_path.$rfm_subfolder.$subdir. $file); + if(is_dir($config['current_path'].$rfm_subfolder.$subdir.$file)){ + $date=filemtime($config['current_path'].$rfm_subfolder.$subdir. $file); $current_folders_number++; - if($show_folder_size){ - list($size,$nfiles,$nfolders) = folder_info($current_path.$rfm_subfolder.$subdir.$file,false); + if($config['show_folder_size']){ + list($size,$nfiles,$nfolders) = folder_info($config['current_path'].$rfm_subfolder.$subdir.$file,false); } else { $size=0; } $file_ext=trans('Type_dir'); $sorted[$k]=array( + 'is_dir'=>true, 'file'=>$file, 'file_lcase'=>strtolower($file), 'date'=>$date, @@ -697,17 +700,18 @@ foreach($files as $k=>$file){ 'permissions' =>'', 'extension'=>fix_strtolower($file_ext) ); - if($show_folder_size){ + if($config['show_folder_size']){ $sorted[$k]['nfiles'] = $nfiles; $sorted[$k]['nfolders'] = $nfolders; } }else{ $current_files_number++; - $file_path=$current_path.$rfm_subfolder.$subdir.$file; + $file_path=$config['current_path'].$rfm_subfolder.$subdir.$file; $date=filemtime($file_path); $size=filesize($file_path); $file_ext = substr(strrchr($file,'.'),1); $sorted[$k]=array( + 'is_dir'=>false, 'file'=>$file, 'file_lcase'=>strtolower($file), 'date'=>$date, @@ -720,18 +724,52 @@ foreach($files as $k=>$file){ } } - function filenameSort($x, $y) { - return $x['file_lcase'] < $y['file_lcase']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['file_lcase'] < $y['file_lcase'] + : $x['file_lcase'] >= $y['file_lcase']; + } } + function dateSort($x, $y) { - return $x['date'] < $y['date']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['date'] < $y['date'] + : $x['date'] >= $y['date']; + } } + function sizeSort($x, $y) { - return $x['size'] < $y['size']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['size'] < $y['size'] + : $x['size'] >= $y['size']; + } } + function extensionSort($x, $y) { - return $x['extension'] < $y['extension']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['extension'] < $y['extension'] + : $x['extension'] >= $y['extension']; + } } switch($sort_by){ @@ -749,15 +787,12 @@ switch($sort_by){ break; } -if(!$descending){ - $sorted=array_reverse($sorted); -} - if($subdir!=""){ $sorted = array_merge(array(array('file'=>'..')),$sorted); } $files=$sorted; + ?>
@@ -773,13 +808,13 @@ $files=$sorted;
- + - + - + @@ -807,28 +842,28 @@ $files=$sorted;
: - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - $file_number_limit_js){ ?> + $config['file_number_limit_js']){ ?> @@ -867,7 +902,7 @@ $files=$sorted; ?>
    • - +
  • ">
    • @@ -888,8 +923,8 @@ $files=$sorted;
  • ( ".trans('Files')." - ".$current_folders_number." ".trans('Folders');?>)
    • - -
  • + +
    • @@ -897,15 +932,15 @@ $files=$sorted;
    - isDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir)) || (!$ftp && @opendir($current_path.$rfm_subfolder.$subdir)===FALSE)){ ?> + isDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir)) || (!$ftp && @opendir($config['current_path'].$rfm_subfolder.$subdir)===FALSE)){ ?>
    There is an error! The upload folder there isn't. Check your config.php file.

    - -
    + +
    - +
    ">
    " href="javascript:void('')" data-sort="name">
    @@ -921,18 +956,17 @@ $files=$sorted;
      " id="main-item-container"> $file_number_limit_js && $file!=".." && stripos($file,$filter)===false)){ + if($file == '.' || ( substr($file, 0, 1) == '.' && isset( $file_array[ 'extension' ] ) && $file_array[ 'extension' ] == fix_strtolower(trans( 'Type_dir' ) )) || (isset($file_array['extension']) && $file_array['extension']!=fix_strtolower(trans('Type_dir'))) || ($file == '..' && $subdir == '') || in_array($file, $config['hidden_folders']) || ($filter!='' && $n_files>$config['file_number_limit_js'] && $file!=".." && stripos($file,$filter)===false)){ continue; } $new_name=fix_filename($file,$config); if($ftp && $file!='..' && $file!=$new_name){ //rename - rename_folder($current_path.$subdir.$file,$new_name,$ftp,$config); + rename_folder($config['current_path'].$subdir.$file,$new_name,$ftp,$config); $file=$new_name; } //add in thumbs folder if not exist @@ -961,7 +995,7 @@ $files=$sorted; $file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename']; $file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete']; } - ?>
      directory" data-type=""> + ?>
      directory" data-type=""> "/> @@ -969,13 +1003,13 @@ $files=$sorted; ">
      - .png" /> + .png" />
      - .png" /> + .png" />
      @@ -987,24 +1021,24 @@ $files=$sorted;
      -

      ">">

      +

      ">">

      - +
      - " title="" data-folder="1" data-permissions="" data-path=""> - - " title="" data-confirm="" data-path="" > - + " title="" data-folder="1" data-permissions=""> + + " title="" data-confirm="" > +
      @@ -1018,40 +1052,45 @@ $files=$sorted; foreach ($files as $nu=>$file_array) { $file=$file_array['file']; - if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || (!$config['ext_blacklist'] && !in_array(fix_strtolower($file_array['extension']), $ext)) || ($config['ext_blacklist'] && in_array(fix_strtolower($file_array['extension']), $config['ext_blacklist'])) || ($filter!='' && $n_files>$file_number_limit_js && stripos($file,$filter)===false)) + if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || !check_extension($file_array['extension'],$config) || ($filter!='' && $n_files>$config['file_number_limit_js'] && stripos($file,$filter)===false)) continue; - foreach ( $hidden_files as $hidden_file ) { + foreach ( $config['hidden_files'] as $hidden_file ) { if ( fnmatch($hidden_file, $file, FNM_PATHNAME) ) { continue 2; } } - $filename=substr($file, 0, '-' . (strlen($file_array['extension']) + 1)); + if(strlen($file_array['extension'])===0){ + $filename = $file; + } if(!$ftp){ - $file_path=$current_path.$rfm_subfolder.$subdir.$file; + $file_path=$config['current_path'].$rfm_subfolder.$subdir.$file; //check if file have illegal caracter if($file!=fix_filename($file,$config)){ $file1=fix_filename($file,$config); - $file_path1=($current_path.$rfm_subfolder.$subdir.$file1); + $file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1); if(file_exists($file_path1)){ $i = 1; $info=pathinfo($file1); - while(file_exists($current_path.$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) { + while(file_exists($config['current_path'].$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) { $i++; } $file1=$info['filename'].".[".$i."].".$info['extension']; - $file_path1=($current_path.$rfm_subfolder.$subdir.$file1); + $file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1); } $filename=substr($file1, 0, '-' . (strlen($file_array['extension']) + 1)); + if(strlen($file_array['extension'])===0){ + $filename = $file1; + } rename_file($file_path,fix_filename($filename,$config),$ftp,$config); $file=$file1; $file_array['extension']=fix_filename($file_array['extension'],$config); $file_path=$file_path1; } }else{ - $file_path = $config['ftp_base_url'].$upload_dir.$rfm_subfolder.$subdir.$file; + $file_path = $config['ftp_base_url'].$config['upload_dir'].$rfm_subfolder.$subdir.$file; } $is_img=false; @@ -1061,14 +1100,14 @@ $files=$sorted; $show_original_mini=false; $mini_src=""; $src_thumb=""; - if(in_array($file_array['extension'], $ext_img)){ + if(in_array($file_array['extension'], $config['ext_img'])){ $src = $file_path; $is_img=true; $img_width = $img_height = ""; if($ftp){ - $mini_src = $src_thumb = $config['ftp_base_url'].$ftp_thumbs_dir.$subdir. $file; - $creation_thumb_path = "/".$config['ftp_base_folder'].$ftp_thumbs_dir.$subdir. $file; + $mini_src = $src_thumb = $config['ftp_base_url'].$config['ftp_thumbs_dir'].$subdir. $file; + $creation_thumb_path = "/".$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$subdir. $file; }else{ $creation_thumb_path = $mini_src = $src_thumb = $thumbs_path.$subdir. $file; @@ -1086,7 +1125,7 @@ $files=$sorted; } if($img_width<45 && $img_height<38){ - $mini_src=$current_path.$rfm_subfolder.$subdir.$file; + $mini_src=$config['current_path'].$rfm_subfolder.$subdir.$file; $show_original_mini=true; } } @@ -1096,10 +1135,10 @@ $files=$sorted; $no_thumb=false; if($src_thumb==""){ $no_thumb=true; - if(file_exists('img/'.$icon_theme.'/'.$file_array['extension'].".jpg")){ - $src_thumb ='img/'.$icon_theme.'/'.$file_array['extension'].".jpg"; + if(file_exists('img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg")){ + $src_thumb ='img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg"; }else{ - $src_thumb = "img/".$icon_theme."/default.jpg"; + $src_thumb = "img/".$config['icon_theme']."/default.jpg"; } $is_icon_thumb=true; } @@ -1108,15 +1147,15 @@ $files=$sorted; } $class_ext=0; - if (in_array($file_array['extension'], $ext_video)) { + if (in_array($file_array['extension'], $config['ext_video'])) { $class_ext = 4; $is_video=true; - }elseif (in_array($file_array['extension'], $ext_img)) { + }elseif (in_array($file_array['extension'], $config['ext_img'])) { $class_ext = 2; - }elseif (in_array($file_array['extension'], $ext_music)) { + }elseif (in_array($file_array['extension'], $config['ext_music'])) { $class_ext = 5; $is_audio=true; - }elseif (in_array($file_array['extension'], $ext_misc)) { + }elseif (in_array($file_array['extension'], $config['ext_misc'])) { $class_ext = 3; }else{ $class_ext = 1; @@ -1133,7 +1172,8 @@ $files=$sorted; $file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename']; $file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete']; } - ?>
      "> + ?> +
      ">
      @@ -1156,7 +1196,7 @@ $files=$sorted;
      -
      ">
      +
      ">
      " data-src=""> @@ -1167,7 +1207,7 @@ $files=$sorted;
      -

      "> +

      ">

      @@ -1183,30 +1223,31 @@ $files=$sorted; - + > + - + " title="" data-url="ajax_calls.php?action=media_preview&title=&file=" href="javascript:void('');" > - + - + - + - " title="" data-folder="0" data-permissions="" data-path=""> - + " title="" data-folder="0" data-permissions=""> + - " title="" data-confirm="" data-path=""> - + " title="" data-confirm=""> + @@ -1222,6 +1263,7 @@ $files=$sorted;
    +