Update Filemanager 9.14

2019-01-11 09:54:40 +01:00 · 2019-01-11 09:54:40 +01:00 · 1a57893154
commit 1a57893154
parent fa395d1845
22 changed files with 10249 additions and 820 deletions
--- a/core/vendor/filemanager/UploadHandler.php
+++ b/core/vendor/filemanager/UploadHandler.php
@ -380,6 +380,10 @@ class UploadHandler
 			$file->error = $this->get_error_message('accept_file_types');
 			return false;
 		}
 		if (preg_match($this->options['image_file_types'], $file->name) && function_exists('exif_imagetype') && !@exif_imagetype($uploaded_file)) {
 			$file->error = $this->get_error_message('accept_file_types');
 			return false;
 		}
 		if ($uploaded_file && is_uploaded_file($uploaded_file)) {
 			$file_size = $this->get_file_size($uploaded_file);
 		} else {
@ -519,7 +523,7 @@ class UploadHandler
 		// Remove path information and dots around the filename, to prevent uploading
 		// into different directories or replacing hidden system files.
 		// Also remove control characters and spaces (\x00..\x20) around the filename:
-		$name = trim($this->basename(stripslashes($name)), ".\x00..\x20");
+		$name = trim($this->basename(stripslashes($name)), "\x00..\x20");
 		// Use a timestamp for empty filenames:
 		if (!$name) {
 			$name = str_replace('.', '-', microtime(true));
@ -1330,6 +1334,11 @@ class UploadHandler
 				'',
 				$content_disposition_header
 			)) : null;
 		// TODO check
 		// if (isset($content_disposition_header) && !empty($content_disposition_header) ) {
 		//	 $file_name = str_replace('attachment; filename=&#34;', '', $content_disposition_header);
 		//   $file_name = str_replace('&#34;', '', $file_name);
 		// }
 		// Parse the Content-Range header, which has the following form:
 		// Content-Range: bytes 0-524287/2000000
 		$content_range_header = $this->get_server_var('HTTP_CONTENT_RANGE');
--- a/core/vendor/filemanager/ajax_calls.php
+++ b/core/vendor/filemanager/ajax_calls.php
@ -1,8 +1,6 @@
 <?php
 $config = include 'config/config.php';
 //TODO switch to array
 extract($config, EXTR_OVERWRITE);
 require_once 'include/utils.php';
@ -25,6 +23,21 @@ if (isset($_SESSION['RF']['language']) && file_exists('lang/' . basename($_SESSI
 	response(trans('Lang_Not_Found').AddErrorLocation())->send();
 	exit;
 }
 //check $_GET['file']
 if(isset($_GET['file']) && !checkRelativePath($_GET['file'])) {
    response(trans('wrong path').AddErrorLocation())->send();
    exit;
 }
 //check $_POST['file']
 if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) {
    response(trans('wrong path').AddErrorLocation())->send();
    exit;
 }
 $ftp = ftp_con($config);
 if(isset($_GET['action']))
@ -52,7 +65,7 @@ if(isset($_GET['action']))
 		case 'filter':
 			if (isset($_GET['type']))
 			{
-				if (isset($remember_text_filter) && $remember_text_filter)
+				if (isset($config['remember_text_filter']) && $config['remember_text_filter'])
 				{
 					$_SESSION['RF']["filter"] = $_GET['type'];
 				}
@ -73,24 +86,10 @@ if(isset($_GET['action']))
 				$_SESSION['RF']["descending"] = $_GET['descending'];
 			}
 			break;
 		case 'image_size': // not used
 			$pos = strpos($_POST['path'], $upload_dir);
 			if ($pos !== false)
 			{
 				$info = getimagesize(substr_replace($_POST['path'], $current_path, $pos, strlen($upload_dir)));
 				response($info)->send();
 				exit;
 			}
 			break;
 		case 'save_img':
 			$info = pathinfo($_POST['name']);
-			if (
+			if ((strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0)
 				strpos($_POST['path'], '/') === 0
 				|| strpos($_POST['path'], '../') !== false
 				|| strpos($_POST['path'], '..\\') !== false
 				|| strpos($_POST['path'], './') === 0
 				|| (strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0)
 				|| $_POST['name'] != fix_filename($_POST['name'], $config)
 				|| ! in_array(strtolower($info['extension']), array( 'jpg', 'jpeg', 'png' ))
 			)
@ -106,7 +105,7 @@ if(isset($_GET['action']))
 			}
 			if (!checkresultingsize(strlen($image_data))) {
-				response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+				response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 				exit;
 			}
 			if($ftp){
@ -116,42 +115,36 @@ if(isset($_GET['action']))
 				$temp .=".".substr(strrchr($_POST['url'],'.'),1);
 				file_put_contents($temp,$image_data);
-				$ftp->put($ftp_base_folder.$upload_dir . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
+				$ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
 				create_img($temp,$temp,122,91);
-				$ftp->put($ftp_base_folder.$ftp_thumbs_dir. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
+				$ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
 				unlink($temp);
 			}else{
-				file_put_contents($current_path . $_POST['path'] . $_POST['name'],$image_data);
+				file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'],$image_data);
-				create_img($current_path . $_POST['path'] . $_POST['name'], $thumbs_base_path.$_POST['path'].$_POST['name'], 122, 91);
+				create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
 				// TODO something with this function cause its blowing my mind
 				new_thumbnails_creation(
-					$current_path.$_POST['path'],
+					$config['current_path'].$_POST['path'],
-					$current_path.$_POST['path'].$_POST['name'],
+					$config['current_path'].$_POST['path'].$_POST['name'],
 					$_POST['name'],
-					$current_path,
+					$config['current_path'],
 					$config
 				);
 			}
 			break;
 		case 'extract':
-			if (	strpos($_POST['path'], '/') === 0 
+			if(!$config['extract_files']){
-				|| strpos($_POST['path'], '../') !== false 
+				response(trans('wrong action').AddErrorLocation())->send();
 				|| strpos($_POST['path'], '..\\') !== false 
 				|| strpos($_POST['path'], './') === 0)
 			{
 				response(trans('wrong path'.AddErrorLocation()))->send();
 				exit;
 			}
 			if($ftp){
-				$path = $ftp_base_url.$upload_dir . $_POST['path'];
+				$path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path'];
-				$base_folder = $ftp_base_url.$upload_dir . fix_dirname($_POST['path']) . "/";
+				$base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/";
 			}else{
-				$path = $current_path . $_POST['path'];
+				$path = $config['current_path'] . $_POST['path'];
-				$base_folder = $current_path . fix_dirname($_POST['path']) . "/";
+				$base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/";
 			}
 			$info = pathinfo($path);
@ -184,32 +177,28 @@ if(isset($_GET['action']))
 							$sizeTotalFinal += $aStat['size'];
 						}
 						if (!checkresultingsize($sizeTotalFinal)) {
-							response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+							response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 							exit;
 						}
-						//make all the folders
+						//make all the folders and unzip into the folders
 						for ($i = 0; $i < $zip->numFiles; $i++)
 						{
 							$OnlyFileName = $zip->getNameIndex($i);
 							$FullFileName = $zip->statIndex($i);
 							if(checkRelativePath($FullFileName['name'])){
 								if (substr($FullFileName['name'], -1, 1) == "/")
 								{
 									create_folder($base_folder . $FullFileName['name']);
 								}
 						}
 						//unzip into the folders
 						for ($i = 0; $i < $zip->numFiles; $i++)
 						{
 							$OnlyFileName = $zip->getNameIndex($i);
 							$FullFileName = $zip->statIndex($i);
 								if ( ! (substr($FullFileName['name'], -1, 1) == "/"))
 								{
-								$fileinfo = pathinfo($OnlyFileName);
+									$fileinfo = pathinfo($FullFileName['name']);
-								if (in_array(strtolower($fileinfo['extension']), $ext))
+									if (in_array(strtolower($fileinfo['extension']), $config['ext']))
 									{
-									copy('zip://' . $path . '#' . $OnlyFileName, $base_folder . $FullFileName['name']);
+										copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']);
 									}
 								}
 							}
 						}
@ -234,7 +223,7 @@ if(isset($_GET['action']))
 					$phar = new PharData($path);
 					$phar->decompressFiles();
 					$files = array();
-					check_files_extensions_on_phar($phar, $files, '', $ext);
+					check_files_extensions_on_phar($phar, $files, '', $config);
 					$phar->extractTo($base_folder, $files, true);
 					break;
@ -246,17 +235,23 @@ if(isset($_GET['action']))
 			if($ftp){
 				unlink($path);
-				$ftp->putAll($base_folder, "/".$ftp_base_folder . $upload_dir . fix_dirname($_POST['path']), FTP_BINARY);
+				$ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY);
 				deleteDir($base_folder);
 			}
 			break;
 		case 'media_preview':
 			if(isset($_GET['file'])){
 				$_GET['file'] = sanitize($_GET['file']);
 			}
 			if(isset($_GET['title'])){
 				$_GET['title'] = sanitize($_GET['title']);
 			}
 			if($ftp){
-				$preview_file = $ftp_base_url.$upload_dir . $_GET['file'];
+				$preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
 			}else{
-				$preview_file = $current_path . $_GET["file"];
+				$preview_file = $config['current_path'] . $_GET["file"];
 			}
 			$info = pathinfo($preview_file);
 			ob_start();
@ -308,7 +303,7 @@ if(isset($_GET['action']))
 				</div>
 				</div>
 			</div>
-			<?php if(in_array(strtolower($info['extension']), $ext_music)): ?>
+			<?php if(in_array(strtolower($info['extension']), $config['ext_music'])): ?>
 				<script type="text/javascript">
 					$(document).ready(function(){
@ -332,7 +327,7 @@ if(isset($_GET['action']))
 					});
 				</script>
-			<?php elseif(in_array(strtolower($info['extension']), $ext_video)):	?>
+			<?php elseif(in_array(strtolower($info['extension']), $config['ext_video'])):	?>
 				<script type="text/javascript">
 				$(document).ready(function(){
@ -371,15 +366,6 @@ if(isset($_GET['action']))
 				exit;
 			}
 			if (strpos($_POST['path'],'../') !== FALSE
 				|| strpos($_POST['path'],'./') !== FALSE 
 				|| strpos($_POST['path'],'..\\') !== FALSE
 				|| strpos($_POST['path'],'.\\') !== FALSE )
 			{
 				response(trans('wrong path'.AddErrorLocation()))->send();
 				exit;
 			}
 			if (trim($_POST['path']) == '')
 			{
 				response(trans('no path').AddErrorLocation())->send();
@ -387,12 +373,12 @@ if(isset($_GET['action']))
 			}
 			$msg_sub_action = ($_POST['sub_action'] == 'copy' ? trans('Copy') : trans('Cut'));
-			$path = $current_path . $_POST['path'];
+			$path = $config['current_path'] . $_POST['path'];
 			if (is_dir($path))
 			{
 				// can't copy/cut dirs
-				if ($copy_cut_dirs === false)
+				if ($config['copy_cut_dirs'] === false)
 				{
 					response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')).AddErrorLocation())->send();
 					exit;
@ -400,30 +386,30 @@ if(isset($_GET['action']))
 				list($sizeFolderToCopy,$fileNum,$foldersCount) = folder_info($path,false);
 				// size over limit
-				if ($copy_cut_max_size !== false && is_int($copy_cut_max_size)) {
+				if ($config['copy_cut_max_size'] !== false && is_int($config['copy_cut_max_size'])) {
-					if (($copy_cut_max_size * 1024 * 1024) < $sizeFolderToCopy) {
+					if (($config['copy_cut_max_size'] * 1024 * 1024) < $sizeFolderToCopy) {
-						response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $copy_cut_max_size).AddErrorLocation())->send();
+						response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']).AddErrorLocation())->send();
 						exit;
 					}
 				}
 				// file count over limit
-				if ($copy_cut_max_count !== false && is_int($copy_cut_max_count))
+				if ($config['copy_cut_max_count'] !== false && is_int($config['copy_cut_max_count']))
 				{
-					if ($copy_cut_max_count < $fileNum)
+					if ($config['copy_cut_max_count'] < $fileNum)
 					{
-						response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $copy_cut_max_count).AddErrorLocation())->send();
+						response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']).AddErrorLocation())->send();
 						exit;
 					}
 				}
 				if (!checkresultingsize($sizeFolderToCopy)) {
-					response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+					response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 					exit;
 				}
 			} else {
 				// can't copy/cut files
-				if ($copy_cut_files === false)
+				if ($config['copy_cut_files'] === false)
 				{
 					response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')).AddErrorLocation())->send();
 					exit;
@ -439,10 +425,10 @@ if(isset($_GET['action']))
 			break;
 		case 'chmod':
 			if($ftp){
-				$path = $ftp_base_url . $upload_dir . $_POST['path'];
+				$path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path'];
 				if (
-					($_POST['folder']==1 && $chmod_dirs === false)
+					($_POST['folder']==1 && $config['chmod_dirs'] === false)
-					|| ($_POST['folder']==0 && $chmod_files === false)
+					|| ($_POST['folder']==0 && $config['chmod_files'] === false)
 					|| (is_function_callable("chmod") === false) )
 				{
 					response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
@ -450,10 +436,10 @@ if(isset($_GET['action']))
 				}
 				$info = $_POST['permissions'];
 			}else{
-				$path = $current_path . $_POST['path'];
+				$path = $config['current_path'] . $_POST['path'];
 				if (
-					(is_dir($path) && $chmod_dirs === false)
+					(is_dir($path) && $config['chmod_dirs'] === false)
-					|| (is_file($path) && $chmod_files === false)
+					|| (is_file($path) && $config['chmod_files'] === false)
 					|| (is_function_callable("chmod") === false) )
 				{
 					response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
@ -586,9 +572,9 @@ if(isset($_GET['action']))
 			break;
 		case 'cad_preview':
 			if($ftp){
-				$selected_file = $ftp_base_url.$upload_dir . $_GET['file'];
+				$selected_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
 			}else{
-				$selected_file = $current_path . $_GET['file'];
+				$selected_file = $config['current_path'] . $_GET['file'];
 				if ( ! file_exists($selected_file))
 				{
@ -599,7 +585,7 @@ if(isset($_GET['action']))
 			if($ftp){
 				$url_file = $selected_file;
 			}else{
-				$url_file = $base_url . $upload_dir . str_replace($current_path, '', $_GET["file"]);
+				$url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]);
 			}
 			$cad_url = urlencode($url_file);
@ -618,9 +604,9 @@ if(isset($_GET['action']))
 			}
 			if($ftp){
-				$selected_file = ($sub_action == 'preview' ? $ftp_base_url.$upload_dir . $_GET['file'] : $ftp_base_url.$upload_dir . $_POST['path']);
+				$selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']);
 			}else{
-				$selected_file = ($sub_action == 'preview' ? $current_path . $_GET['file'] : $current_path . $_POST['path']);
+				$selected_file = ($sub_action == 'preview' ? $config['current_path'] . $_GET['file'] : $config['current_path'] . $_POST['path']);
 				if ( ! file_exists($selected_file))
 				{
@ -633,11 +619,11 @@ if(isset($_GET['action']))
 			if ($preview_mode == 'text')
 			{
-				$is_allowed = ($sub_action == 'preview' ? $preview_text_files : $edit_text_files);
+				$is_allowed = ($sub_action == 'preview' ? $config['preview_text_files'] : $config['edit_text_files']);
-				$allowed_file_exts = ($sub_action == 'preview' ? $previewable_text_file_exts : $editable_text_file_exts);
+				$allowed_file_exts = ($sub_action == 'preview' ? $config['previewable_text_file_exts'] : $config['editable_text_file_exts']);
 			}elseif($preview_mode == 'google') {
-				$is_allowed = $googledoc_enabled;
+				$is_allowed = $config['googledoc_enabled'];
-				$allowed_file_exts = $googledoc_file_exts;
+				$allowed_file_exts = $config['googledoc_file_exts'];
 			}
 			if ( ! isset($allowed_file_exts) || ! is_array($allowed_file_exts))
@ -645,6 +631,9 @@ if(isset($_GET['action']))
 				$allowed_file_exts = array();
 			}
 			if(!isset($info['extension'])){
 				$info['extension']='';
 			}
 			if ( ! in_array($info['extension'], $allowed_file_exts)
 				|| ! isset($is_allowed)
 				|| $is_allowed === false
@ -663,31 +652,31 @@ if(isset($_GET['action']))
 					$data = htmlspecialchars(htmlspecialchars_decode($data));
 					$ret = '';
 					if ( ! in_array($info['extension'],$previewable_text_file_exts_no_prettify))
 					{
 					$ret .= '<script src="https://rawgit.com/google/code-prettify/master/loader/run_prettify.js?autoload=true&skin=sunburst"></script>';
 					$ret .= '<?prettify lang='.$info['extension'].' linenums=true?><pre class="prettyprint"><code class="language-'.$info['extension'].'">'.$data.'</code></pre>';
 					} else {
 						$ret .= '<pre class="no-prettify">'.$data.'</pre>';
 					}
 				}
 				elseif ($preview_mode == 'google') {
 					if($ftp){
 						$url_file = $selected_file;
 					}else{
-						$url_file = $base_url . $upload_dir . str_replace($current_path, '', $_GET["file"]);
+						$url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]);
 					}
 					$googledoc_url = urlencode($url_file);
-					$googledoc_html = "<iframe src=\"https://docs.google.com/viewer?url=" . $url_file . "&embedded=true\" class=\"google-iframe\"></iframe>";
+					$ret = "<iframe src=\"https://docs.google.com/viewer?url=" . $url_file . "&embedded=true\" class=\"google-iframe\"></iframe>";
 					$ret = $googledoc_html;
 				}
 			}else{
 				$data = stripslashes(htmlspecialchars(file_get_contents($selected_file)));
 				if(in_array($info['extension'],array('html','html'))){
 					$ret = '<script src="https://cdn.ckeditor.com/ckeditor5/11.1.1/classic/ckeditor.js"></script><textarea id="textfile_edit_area" style="width:100%;height:300px;">'.$data.'</textarea><script>setTimeout(function(){ ClassicEditor
 				.create( document.querySelector( "#textfile_edit_area" ),{ }).then( newEditor => { window.editor = newEditor; } );  }, 500);</script>';
 				}else{
 					$ret = '<textarea id="textfile_edit_area" style="width:100%;height:300px;">'.$data.'</textarea>';
 				}
 			}
 			response($ret)->send();
 			exit;
@ -700,4 +689,3 @@ if(isset($_GET['action']))
 	response(trans('no action passed').AddErrorLocation())->send();
 	exit;
 }
 ?>
--- a/core/vendor/filemanager/config/config.php
+++ b/core/vendor/filemanager/config/config.php
@ -1,5 +1,5 @@
 <?php
-$version = "9.13.1";
+$version = "9.13.4";
 if (session_id() == '') session_start();
 mb_internal_encoding('UTF-8');
@ -149,14 +149,14 @@ $config = array(
 	|--------------------------------------------------------------------------
 	| The user can delete multiple files, select all files , deselect all files
 	*/
-	'multiple_selection' => false,
+	'multiple_selection' => true,
 	/*
 	|
 	| The user can have a select button that pass a json to external input or pass the first file selected to editor
 	| If you use responsivefilemanager tinymce extension can copy into editor multiple object like images, videos, audios, links in the same time
 	|
 	 */
-	'multiple_selection_action_button' => false,
+	'multiple_selection_action_button' => true,
 	/*
 	|--------------------------------------------------------------------------
@ -330,23 +330,28 @@ $config = array(
 	'rename_files'                            => true,
 	'rename_folders'                          => true,
 	'duplicate_files'                         => true,
 	'extract_files'                           => true,
 	'copy_cut_files'                          => true, // for copy/cut files
 	'copy_cut_dirs'                           => true, // for copy/cut directories
 	'chmod_files'                             => true, // change file permissions
 	'chmod_dirs'                              => true, // change folder permissions
 	'preview_text_files'                      => true, // eg.: txt, log etc.
 	'edit_text_files'                         => true, // eg.: txt, log etc.
-	'create_text_files'                       => true, // only create files with exts. defined in $editable_text_file_exts
+	'create_text_files'                       => true, // only create files with exts. defined in $config['editable_text_file_exts']
 	'download_files'			  => true, // allow download files or just preview
 	// you can preview these type of files if $preview_text_files is true
-	'previewable_text_file_exts'              => array( "bsh", "c","css", "cc", "cpp", "cs", "csh", "cyc", "cv", "htm", "html", "java", "js", "m", "mxml", "perl", "pl", "pm", "py", "rb", "sh", "xhtml", "xml","xsl" ),
+	'previewable_text_file_exts'              => array( "bsh", "c","css", "cc", "cpp", "cs", "csh", "cyc", "cv", "htm", "html", "java", "js", "m", "mxml", "perl", "pl", "pm", "py", "rb", "sh", "xhtml", "xml","xsl",'txt', 'log','' ),
 	'previewable_text_file_exts_no_prettify'  => array( 'txt', 'log' ),
 	// you can edit these type of files if $edit_text_files is true (only text based files)
-	// you can create these type of files if $create_text_files is true (only text based files)
+	// you can create these type of files if $config['create_text_files'] is true (only text based files)
 	// if you want you can add html,css etc.
 	// but for security reasons it's NOT RECOMMENDED!
-	'editable_text_file_exts'                 => array( 'txt', 'log', 'xml', 'html', 'css', 'htm', 'js' ),
+	'editable_text_file_exts'                 => array( 'txt', 'log', 'xml', 'html', 'css', 'htm', 'js','' ),
 	'jplayer_exts'                            => array("mp4","flv","webmv","webma","webm","m4a","m4v","ogv","oga","mp3","midi","mid","ogg","wav"),
 	'cad_exts'                                => array('dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'svg'),
 	// Preview with Google Documents
 	'googledoc_enabled'                       => true,
@ -364,7 +369,7 @@ $config = array(
 	//Allowed extensions (lowercase insert)
 	//**********************
 	'ext_img'                                 => array( 'jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff','svg', 'ico' ), //Images
-	'ext_file'                                => array( 'doc', 'docx', 'rtf', 'pdf', 'xls', 'xlsx', 'txt', 'csv', 'html', 'xhtml', 'psd', 'sql', 'log', 'fla', 'xml', 'ade', 'adp', 'mdb', 'accdb', 'ppt', 'pptx', 'odt', 'ots', 'ott', 'odb', 'odg', 'otp', 'otg', 'odf', 'ods', 'odp', 'css', 'ai', 'kmz','dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'tiff'), //Files
+	'ext_file'                                => array( 'doc', 'docx', 'rtf', 'pdf', 'xls', 'xlsx', 'txt', 'csv', 'html', 'xhtml', 'psd', 'sql', 'log', 'fla', 'xml', 'ade', 'adp', 'mdb', 'accdb', 'ppt', 'pptx', 'odt', 'ots', 'ott', 'odb', 'odg', 'otp', 'otg', 'odf', 'ods', 'odp', 'css', 'ai', 'kmz','dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'tiff',''), //Files
 	'ext_video'                               => array( 'mov', 'mpeg', 'm4v', 'mp4', 'avi', 'mpg', 'wma', "flv", "webm" ), //Video
 	'ext_music'                               => array( 'mp3', 'mpga', 'm4a', 'ac3', 'aiff', 'mid', 'ogg', 'wav' ), //Audio
 	'ext_misc'                                => array( 'zip', 'rar', 'gz', 'tar', 'iso', 'dmg' ), //Archives
@ -374,7 +379,21 @@ $config = array(
 	//  If you insert an extensions blacklist array the filemanager don't check any extensions but simply block the extensions in the list
 	//  otherwise check Allowed extensions configuration
 	//*********************
-	'ext_blacklist'							  => false, //['jpg'],
+	'ext_blacklist'							  => false,//['exe','bat','jpg'],
 	//Empty filename permits like .htaccess, .env, ...
 	'empty_filename'                          => false,
 	/*
 	|--------------------------------------------------------------------------
 	| accept files without extension
 	|--------------------------------------------------------------------------
 	|
 	| If you want to accept files without extension, remember to add '' extension on allowed extension
 	|
 	*/
 	'files_without_extension'	              => false,
 	/******************
 	* AVIARY config
@ -480,4 +499,3 @@ return array_merge(
 		),
 	)
 );
 ?>
--- a/core/vendor/filemanager/css/rtl-style.css
+++ b/core/vendor/filemanager/css/rtl-style.css
--- a/core/vendor/filemanager/dialog.php
+++ b/core/vendor/filemanager/dialog.php
@ -4,17 +4,14 @@ $time = time();
 $config = include 'config/config.php';
 //TODO switch to array
 extract($config, EXTR_OVERWRITE);
 if (USE_ACCESS_KEYS == TRUE){
-	if (!isset($_GET['akey'], $access_keys) || empty($access_keys)){
+	if (!isset($_GET['akey'], $config['access_keys']) || empty($config['access_keys'])){
 		die('Access Denied!');
 	}
 	$_GET['akey'] = strip_tags(preg_replace( "/[^a-zA-Z0-9\._-]/", '', $_GET['akey']));
-	if (!in_array($_GET['akey'], $access_keys)){
+	if (!in_array($_GET['akey'], $config['access_keys'])){
 		die('Access Denied!');
 	}
 }
@ -24,19 +21,22 @@ $_SESSION['RF']["verify"] = "RESPONSIVEfilemanager";
 if(isset($_POST['submit'])){
 	include 'upload.php';
 }else{
 	$config['default_language'] = $config['default_language'];
 	$available_languages = include 'lang/languages.php';
-$lang = $config['default_language'];
+	list($preferred_language) = array_values(array_filter(array(
-$languages = include 'lang/languages.php';
+		isset($_GET['lang']) ? $_GET['lang'] : null,
-if (isset($_GET['lang']))
+		isset($_SESSION['RF']['language']) ? $_SESSION['RF']['language'] : null,
 		$config['default_language']
 	)));
 	if(array_key_exists($preferred_language, $available_languages))
 	{
-	$lang = strip_tags($_GET['lang']);
+		$_SESSION['RF']['language'] = $preferred_language;
 	if(array_key_exists($lang,$languages)){
 		$_SESSION['RF']['language'] = $lang;
 	}
-}elseif(isset($_SESSION['RF']['language']) && $_SESSION['RF']['language'])
+	else
-	$lang = strip_tags($_SESSION['RF']['language']);
+	{
-	if(array_key_exists($lang,$languages)){
+		$_SESSION['RF']['language'] = $config['default_language'];
 		$_SESSION['RF']['language'] = $lang;
 	}
 }
 include 'include/utils.php';
@ -47,10 +47,8 @@ if (isset($_GET['fldr']) && !empty($_GET['fldr'])) {
 }elseif(isset($_SESSION['RF']['fldr']) && !empty($_SESSION['RF']['fldr'])){
 	$subdir_path = rawurldecode(trim(strip_tags($_SESSION['RF']['fldr']),"/"));
 }
-if (strpos($subdir_path,'../') === FALSE
+
-	&& strpos($subdir_path,'./') === FALSE
+if ( checkRelativePath($subdir_path))
 	&& strpos($subdir_path,'..\\') === FALSE
 	&& strpos($subdir_path,'.\\') === FALSE)
 {
 	$subdir = strip_tags($subdir_path) ."/";
 	$_SESSION['RF']['fldr'] = $subdir_path;
@ -70,11 +68,11 @@ setcookie('last_position',$subdir,time() + (86400 * 7));
 if ($subdir == "/") { $subdir = ""; }
 // If hidden folders are specified
-if(count($hidden_folders)){
+if(count($config['hidden_folders'])){
 	// If hidden folder appears in the path specified in URL parameter "fldr"
 	$dirs = explode('/', $subdir);
 	foreach($dirs as $dir){
-		if($dir !== '' && in_array($dir, $hidden_folders)){
+		if($dir !== '' && in_array($dir, $config['hidden_folders'])){
 			// Ignore the path
 			$subdir = "";
 			break;
@ -82,8 +80,8 @@ if(count($hidden_folders)){
 	}
 }
-if ($show_total_size) {
+if ($config['show_total_size']) {
-	list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($current_path,false);
+	list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($config['current_path'],false);
 }
 /***
 *SUB-DIR CODE
@ -94,9 +92,10 @@ if (!isset($_SESSION['RF']["subfolder"]))
 }
 $rfm_subfolder = '';
-if (!empty($_SESSION['RF']["subfolder"]) && strpos($_SESSION['RF']["subfolder"],'../') === FALSE && strpos($_SESSION['RF']["subfolder"],'..\\') === FALSE
+if (!empty($_SESSION['RF']["subfolder"]) 
-&& strpos($_SESSION['RF']["subfolder"],'./') === FALSE && strpos($_SESSION['RF']["subfolder"],"/") !== 0
+	&& strpos($_SESSION['RF']["subfolder"],"/") !== 0
-&& strpos($_SESSION['RF']["subfolder"],'.') === FALSE)
+	&& strpos($_SESSION['RF']["subfolder"],'.') === FALSE
 )
 {
 	$rfm_subfolder = $_SESSION['RF']['subfolder'];
 }
@ -105,23 +104,23 @@ if ($rfm_subfolder != "" && $rfm_subfolder[strlen($rfm_subfolder)-1] != "/") { $
 $ftp=ftp_con($config);
-if (($ftp && !$ftp->isDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir)) || (!$ftp && !file_exists($current_path.$rfm_subfolder.$subdir)))
+if (($ftp && !$ftp->isDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir)) || (!$ftp && !file_exists($config['current_path'].$rfm_subfolder.$subdir)))
 {
 	$subdir = '';
 	$rfm_subfolder = "";
 }
-$cur_dir		= $upload_dir.$rfm_subfolder.$subdir;
+$cur_dir		= $config['upload_dir'].$rfm_subfolder.$subdir;
-$cur_path		= $current_path.$rfm_subfolder.$subdir;
+$cur_path		= $config['current_path'].$rfm_subfolder.$subdir;
-$thumbs_path	= $thumbs_base_path.$rfm_subfolder;
+$thumbs_path	= $config['thumbs_base_path'].$rfm_subfolder;
 $parent			= $rfm_subfolder.$subdir;
 if($ftp){
-	$cur_dir = $ftp_base_folder.$cur_dir;
+	$cur_dir = $config['ftp_base_folder'].$cur_dir;
 	$cur_path = str_replace(array('/..','..'),'',$cur_dir);
-	$thumbs_path = str_replace(array('/..','..'),'',$ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder);
+	$thumbs_path = str_replace(array('/..','..'),'',$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder);
-	$parent = $ftp_base_folder.$parent;
+	$parent = $config['ftp_base_folder'].$parent;
 }
 if(!$ftp){
@ -132,11 +131,10 @@ if(!$ftp){
 		$i++;
 		if ($parent=="./") $parent="";
-		if (file_exists($current_path.$parent."config.php"))
+		if (file_exists($config['current_path'].$parent."config.php"))
 		{
-			$configTemp = include $current_path.$parent.'config.php';
+			$configTemp = include $config['current_path'].$parent.'config.php';
 			$config = array_merge($config,$configTemp);
 			extract($config, EXTR_OVERWRITE);
 			$cycle = FALSE;
 		}
@ -192,7 +190,7 @@ $crossdomain=!!$crossdomain;
 //view type
 if(!isset($_SESSION['RF']["view_type"]))
 {
-	$view = $default_view;
+	$view = $config['default_view'];
 	$_SESSION['RF']["view_type"] = $view;
 }
@ -253,7 +251,7 @@ if (isset($_GET['extensions'])){
 	$ext_tmp = array();
 	foreach($extensions as $extension){
 		$extension = fix_strtolower($extension);
-		if(in_array( $extension, $config['ext'])){
+		if(check_file_extension( $extension, $config)){
 			$ext_tmp[]=$extension;
 		}
 	}
@ -311,7 +309,7 @@ $get_params['fldr'] ='';
 $get_params = http_build_query($get_params);
 ?>
 <!DOCTYPE html>
-<html xmlns="https://www.w3.org/1999/xhtml">
+<html>
 	<head>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" >
 		<meta name="viewport" content="width=device-width, initial-scale=1.0">
@ -325,7 +323,7 @@ $get_params = http_build_query($get_params);
 		<!-- CSS adjustments for browsers with JavaScript disabled -->
 		<noscript><link rel="stylesheet" href="css/jquery.fileupload-noscript.css"></noscript>
 		<noscript><link rel="stylesheet" href="css/jquery.fileupload-ui-noscript.css"></noscript>
-		<link href="js/jPlayer/skin/blue.monday/jplayer.blue.monday.css" rel="stylesheet" type="text/css">
+		<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.2.0/skin/blue.monday/jplayer.blue.monday.min.css" />
 		<link href="css/style.css?v=<?php echo $version; ?>" rel="stylesheet" type="text/css" />
 	<!--[if lt IE 8]><style>
 	.img-container span, .img-container-mini span {
@ -337,11 +335,11 @@ $get_params = http_build_query($get_params);
 	<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
 	<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js" type="text/javascript"></script>
 	<script src="js/plugins.js?v=<?php echo $version; ?>"></script>
-	<script src="js/jPlayer/jquery.jplayer/jquery.jplayer.js"></script>
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.9.2/jplayer/jquery.jplayer.min.js"></script>
 	<script src="js/modernizr.custom.js"></script>
 	<?php
-	if ($aviary_active){
+	if ($config['aviary_active']){
 	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) { ?>
 		<script src="https://dme0ih8comzn4.cloudfront.net/imaging/v3/editor.js"></script>
 	<?php }else{ ?>
@ -354,12 +352,12 @@ $get_params = http_build_query($get_params);
 	<![endif]-->
 	<script>
-		var ext_img=new Array('<?php echo implode("','", $ext_img)?>');
+		var ext_img=new Array('<?php echo implode("','", $config['ext_img'])?>');
-		var image_editor=<?php echo $aviary_active?"true":"false";?>;
+		var image_editor=<?php echo $config['aviary_active']?"true":"false";?>;
 		if (image_editor) {
 		var featherEditor = new Aviary.Feather({
 		<?php
-			foreach ($aviary_defaults_config as $aopt_key => $aopt_val) {
+			foreach ($config['aviary_defaults_config'] as $aopt_key => $aopt_val) {
 				echo $aopt_key.": ".json_encode($aopt_val).",";
 			} ?>
 			onReady: function() {
@ -430,7 +428,7 @@ $get_params = http_build_query($get_params);
 	<input type="hidden" id="field_id" value="<?php echo $field_id;?>" />
 	<input type="hidden" id="multiple" value="<?php echo $multiple;?>" />
 	<input type="hidden" id="type_param" value="<?php echo $type_param;?>" />
-	<input type="hidden" id="upload_dir" value="<?php echo $upload_dir;?>" />
+	<input type="hidden" id="upload_dir" value="<?php echo $config['upload_dir'];?>" />
 	<input type="hidden" id="cur_dir" value="<?php echo $cur_dir;?>" />
 	<input type="hidden" id="cur_dir_thumb" value="<?php echo $thumbs_path.$subdir;?>" />
 	<input type="hidden" id="insert_folder_name" value="<?php echo trans('Insert_Folder_Name');?>" />
@ -440,21 +438,21 @@ $get_params = http_build_query($get_params);
 	<input type="hidden" id="cancel" value="<?php echo trans('Cancel');?>" />
 	<input type="hidden" id="rename" value="<?php echo trans('Rename');?>" />
 	<input type="hidden" id="lang_duplicate" value="<?php echo trans('Duplicate');?>" />
-	<input type="hidden" id="duplicate" value="<?php if($duplicate_files) echo 1; else echo 0;?>" />
+	<input type="hidden" id="duplicate" value="<?php if($config['duplicate_files']) echo 1; else echo 0;?>" />
-	<input type="hidden" id="base_url" value="<?php echo $base_url?>"/>
+	<input type="hidden" id="base_url" value="<?php echo $config['base_url']?>"/>
-	<input type="hidden" id="ftp_base_url" value="<?php echo $ftp_base_url?>"/>
+	<input type="hidden" id="ftp_base_url" value="<?php echo $config['ftp_base_url']?>"/>
 	<input type="hidden" id="fldr_value" value="<?php echo $subdir;?>"/>
 	<input type="hidden" id="sub_folder" value="<?php echo $rfm_subfolder;?>"/>
 	<input type="hidden" id="return_relative_url" value="<?php echo $return_relative_url == true ? 1 : 0;?>"/>
-	<input type="hidden" id="file_number_limit_js" value="<?php echo $file_number_limit_js;?>" />
+	<input type="hidden" id="file_number_limit_js" value="<?php echo $config['file_number_limit_js'];?>" />
 	<input type="hidden" id="sort_by" value="<?php echo $sort_by;?>" />
 	<input type="hidden" id="descending" value="<?php echo $descending?1:0;?>" />
-	<input type="hidden" id="current_url" value="<?php echo str_replace(array('&filter='.$filter,'&sort_by='.$sort_by,'&descending='.intval($descending)),array(''),$base_url.$_SERVER['REQUEST_URI']);?>" />
+	<input type="hidden" id="current_url" value="<?php echo str_replace(array('&filter='.$filter,'&sort_by='.$sort_by,'&descending='.intval($descending)),array(''),$config['base_url'].$_SERVER['REQUEST_URI']);?>" />
 	<input type="hidden" id="lang_show_url" value="<?php echo trans('Show_url');?>" />
 	<input type="hidden" id="copy_cut_files_allowed" value="<?php if($config['copy_cut_files']) echo 1; else echo 0;?>" />
 	<input type="hidden" id="copy_cut_dirs_allowed" value="<?php if($config['copy_cut_dirs']) echo 1; else echo 0;?>" />
-	<input type="hidden" id="copy_cut_max_size" value="<?php echo $copy_cut_max_size;?>" />
+	<input type="hidden" id="copy_cut_max_size" value="<?php echo $config['copy_cut_max_size'];?>" />
-	<input type="hidden" id="copy_cut_max_count" value="<?php echo $copy_cut_max_count;?>" />
+	<input type="hidden" id="copy_cut_max_count" value="<?php echo $config['copy_cut_max_count'];?>" />
 	<input type="hidden" id="lang_copy" value="<?php echo trans('Copy');?>" />
 	<input type="hidden" id="lang_cut" value="<?php echo trans('Cut');?>" />
 	<input type="hidden" id="lang_paste" value="<?php echo trans('Paste');?>" />
@ -466,10 +464,10 @@ $get_params = http_build_query($get_params);
 	<input type="hidden" id="clipboard" value="<?php echo ((isset($_SESSION['RF']['clipboard']['path']) && trim($_SESSION['RF']['clipboard']['path']) != null) ? 1 : 0);?>" />
 	<input type="hidden" id="lang_clear_clipboard_confirm" value="<?php echo trans('Clear_Clipboard_Confirm');?>" />
 	<input type="hidden" id="lang_file_permission" value="<?php echo trans('File_Permission');?>" />
-	<input type="hidden" id="chmod_files_allowed" value="<?php if($chmod_files) echo 1; else echo 0;?>" />
+	<input type="hidden" id="chmod_files_allowed" value="<?php if($config['chmod_files']) echo 1; else echo 0;?>" />
-	<input type="hidden" id="chmod_dirs_allowed" value="<?php if($chmod_dirs) echo 1; else echo 0;?>" />
+	<input type="hidden" id="chmod_dirs_allowed" value="<?php if($config['chmod_dirs']) echo 1; else echo 0;?>" />
 	<input type="hidden" id="lang_lang_change" value="<?php echo trans('Lang_Change');?>" />
-	<input type="hidden" id="edit_text_files_allowed" value="<?php if($edit_text_files) echo 1; else echo 0;?>" />
+	<input type="hidden" id="edit_text_files_allowed" value="<?php if($config['edit_text_files']) echo 1; else echo 0;?>" />
 	<input type="hidden" id="lang_edit_file" value="<?php echo trans('Edit_File');?>" />
 	<input type="hidden" id="lang_new_file" value="<?php echo trans('New_File');?>" />
 	<input type="hidden" id="lang_filename" value="<?php echo trans('Filename');?>" />
@ -478,13 +476,14 @@ $get_params = http_build_query($get_params);
 	<input type="hidden" id="lang_error_upload" value="<?php echo trans('Error_Upload');?>" />
 	<input type="hidden" id="lang_select" value="<?php echo trans('Select');?>" />
 	<input type="hidden" id="lang_extract" value="<?php echo trans('Extract');?>" />
-	<input type="hidden" id="transliteration" value="<?php echo $transliteration?"true":"false";?>" />
+	<input type="hidden" id="extract_files" value="<?php if($config['extract_files']) echo 1; else echo 0;?>" />
-	<input type="hidden" id="convert_spaces" value="<?php echo $convert_spaces?"true":"false";?>" />
+	<input type="hidden" id="transliteration" value="<?php echo $config['transliteration']?"true":"false";?>" />
-	<input type="hidden" id="replace_with" value="<?php echo $convert_spaces? $replace_with : "";?>" />
+	<input type="hidden" id="convert_spaces" value="<?php echo $config['convert_spaces']?"true":"false";?>" />
-	<input type="hidden" id="lower_case" value="<?php echo $lower_case?"true":"false";?>" />
+	<input type="hidden" id="replace_with" value="<?php echo $config['convert_spaces']? $config['replace_with'] : "";?>" />
-	<input type="hidden" id="show_folder_size" value="<?php echo $show_folder_size;?>" />
+	<input type="hidden" id="lower_case" value="<?php echo $config['lower_case']?"true":"false";?>" />
-	<input type="hidden" id="add_time_to_img" value="<?php echo $add_time_to_img;?>" />
+	<input type="hidden" id="show_folder_size" value="<?php echo $config['show_folder_size'];?>" />
-<?php if($upload_files){ ?>
+	<input type="hidden" id="add_time_to_img" value="<?php echo $config['add_time_to_img'];?>" />
 <?php if($config['upload_files']){ ?>
 <!-- uploader div start -->
 <div class="uploader">
 	<div class="flex">
@ -496,7 +495,7 @@ $get_params = http_build_query($get_params);
 			<div class="container1">
 			<ul class="nav nav-tabs">
 				<li class="active"><a href="#baseUpload" data-toggle="tab"><?php echo trans('Upload_base');?></a></li>
-				<?php if($url_upload){ ?>
+				<?php if($config['url_upload']){ ?>
 				<li><a href="#urlUpload" data-toggle="tab"><?php echo trans('Upload_url');?></a></li>
 				<?php } ?>
 			</ul>
@ -601,7 +600,7 @@ $get_params = http_build_query($get_params);
 					{% } %}
 					</script>
 				</div>
-				<?php if($url_upload){ ?>
+				<?php if($config['url_upload']){ ?>
 				<div class="tab-pane" id="urlUpload">
 					<br/>
 					<form class="form-horizontal">
@ -634,9 +633,9 @@ $class_ext = '';
 $src = '';
 if($ftp){
 	try{
-		$files = $ftp->scanDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir);
+		$files = $ftp->scanDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir);
-		if (!$ftp->isDir($ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir)){
+		if (!$ftp->isDir($config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir)){
-			create_folder(false,$ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir,$ftp,$config);
+			create_folder(false,$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir,$ftp,$config);
 		}
 	}catch(FtpClient\FtpException $e){
 		echo "Error: ";
@ -645,7 +644,7 @@ if($ftp){
 		die();
 	}
 }else{
-	$files	= scandir($current_path.$rfm_subfolder.$subdir);
+	$files	= scandir($config['current_path'].$rfm_subfolder.$subdir);
 }
 $n_files= count($files);
@ -664,11 +663,14 @@ foreach($files as $k=>$file){
 		if($file['type']=='file'){
 			$current_files_number++;
 			$file_ext = substr(strrchr($file['name'],'.'),1);
 			$is_dir = false;
 		}else{
 			$current_folders_number++;
 			$file_ext=trans('Type_dir');
 			$is_dir = true;
 		}
 		$sorted[$k]=array(
 		   'is_dir'=>$is_dir,
 			'file'=>$file['name'],
 			'file_lcase'=>strtolower($file['name']),
 			'date'=>$date,
@ -680,16 +682,17 @@ foreach($files as $k=>$file){
 		if($file!="." && $file!=".."){
-			if(is_dir($current_path.$rfm_subfolder.$subdir.$file)){
+			if(is_dir($config['current_path'].$rfm_subfolder.$subdir.$file)){
-				$date=filemtime($current_path.$rfm_subfolder.$subdir. $file);
+				$date=filemtime($config['current_path'].$rfm_subfolder.$subdir. $file);
 				$current_folders_number++;
-				if($show_folder_size){
+				if($config['show_folder_size']){
-					list($size,$nfiles,$nfolders) = folder_info($current_path.$rfm_subfolder.$subdir.$file,false);
+					list($size,$nfiles,$nfolders) = folder_info($config['current_path'].$rfm_subfolder.$subdir.$file,false);
 				} else {
 					$size=0;
 				}
 				$file_ext=trans('Type_dir');
 				$sorted[$k]=array(
 					'is_dir'=>true,
 					'file'=>$file,
 					'file_lcase'=>strtolower($file),
 					'date'=>$date,
@ -697,17 +700,18 @@ foreach($files as $k=>$file){
 					'permissions' =>'',
 					'extension'=>fix_strtolower($file_ext)
 				);
-				if($show_folder_size){
+				if($config['show_folder_size']){
 					$sorted[$k]['nfiles'] = $nfiles;
 					$sorted[$k]['nfolders'] = $nfolders;
 				}
 			}else{
 				$current_files_number++;
-				$file_path=$current_path.$rfm_subfolder.$subdir.$file;
+				$file_path=$config['current_path'].$rfm_subfolder.$subdir.$file;
 				$date=filemtime($file_path);
 				$size=filesize($file_path);
 				$file_ext = substr(strrchr($file,'.'),1);
 				$sorted[$k]=array(
 					'is_dir'=>false,
 					'file'=>$file,
 					'file_lcase'=>strtolower($file),
 					'date'=>$date,
@ -720,18 +724,52 @@ foreach($files as $k=>$file){
 	}
 }
 function filenameSort($x, $y) {
-	return $x['file_lcase'] <  $y['file_lcase'];
+	global $descending;
 	if($x['is_dir'] !== $y['is_dir']){
 		return $y['is_dir'];
 	} else {
 		return ($descending)
 			? $x['file_lcase'] < $y['file_lcase']
 			: $x['file_lcase'] >= $y['file_lcase'];
 	}
 }
 function dateSort($x, $y) {
-	return $x['date'] <  $y['date'];
+	global $descending;
 	if($x['is_dir'] !== $y['is_dir']){
 		return $y['is_dir'];
 	} else {
 		return ($descending)
 			? $x['date'] < $y['date']
 			: $x['date'] >= $y['date'];
 	}
 }
 function sizeSort($x, $y) {
-	return $x['size'] <  $y['size'];
+	global $descending;
 	if($x['is_dir'] !== $y['is_dir']){
 		return $y['is_dir'];
 	} else {
 		return ($descending)
 			? $x['size'] < $y['size']
 			: $x['size'] >= $y['size'];
 	}
 }
 function extensionSort($x, $y) {
-	return $x['extension'] <  $y['extension'];
+	global $descending;
 	if($x['is_dir'] !== $y['is_dir']){
 		return $y['is_dir'];
 	} else {
 		return ($descending)
 			? $x['extension'] < $y['extension']
 			: $x['extension'] >= $y['extension'];
 	}
 }
 switch($sort_by){
@ -749,15 +787,12 @@ switch($sort_by){
 		break;
 }
 if(!$descending){
 	$sorted=array_reverse($sorted);
 }
 if($subdir!=""){
 	$sorted = array_merge(array(array('file'=>'..')),$sorted);
 }
 $files=$sorted;
 ?>
 <!-- header div start -->
 <div class="navbar navbar-fixed-top">
@ -773,13 +808,13 @@ $files=$sorted;
 		<div class="filters">
 			<div class="row-fluid">
 			<div class="span4 half">
-				<?php if($upload_files){ ?>
+				<?php if($config['upload_files']){ ?>
 				<button class="tip btn upload-btn" title="<?php echo  trans('Upload_file');?>"><i class="rficon-upload"></i></button>
 				<?php } ?>
-				<?php if($create_text_files){ ?>
+				<?php if($config['create_text_files']){ ?>
 				<button class="tip btn create-file-btn" title="<?php echo  trans('New_File');?>"><i class="icon-plus"></i><i class="icon-file"></i></button>
 				<?php } ?>
-				<?php if($create_folders){ ?>
+				<?php if($config['create_folders']){ ?>
 				<button class="tip btn new-folder" title="<?php echo  trans('New_Folder')?>"><i class="icon-plus"></i><i class="icon-folder-open"></i></button>
 				<?php } ?>
 				<?php if($config['copy_cut_files'] || $config['copy_cut_dirs']){ ?>
@ -807,28 +842,28 @@ $files=$sorted;
 			<div class="span6 entire types">
 				<span><?php echo trans('Filters');?>:</span>
 				<?php if($_GET['type']!=1 && $_GET['type']!=3 && $config['show_filter_buttons']){ ?>
-					<?php if(count($ext_file)>0 or false){ ?>
+					<?php if(count($config['ext_file'])>0 or false){ ?>
 				<input id="select-type-1" name="radio-sort" type="radio" data-item="ff-item-type-1" checked="checked"  class="hide"  />
 				<label id="ff-item-type-1" title="<?php echo trans('Files');?>" for="select-type-1" class="tip btn ff-label-type-1"><i class="icon-file"></i></label>
 					<?php } ?>
-					<?php if(count($ext_img)>0 or false){ ?>
+					<?php if(count($config['ext_img'])>0 or false){ ?>
 				<input id="select-type-2" name="radio-sort" type="radio" data-item="ff-item-type-2" class="hide"  />
 				<label id="ff-item-type-2" title="<?php echo trans('Images');?>" for="select-type-2" class="tip btn ff-label-type-2"><i class="icon-picture"></i></label>
 					<?php } ?>
-					<?php if(count($ext_misc)>0 or false){ ?>
+					<?php if(count($config['ext_misc'])>0 or false){ ?>
 				<input id="select-type-3" name="radio-sort" type="radio" data-item="ff-item-type-3" class="hide"  />
 				<label id="ff-item-type-3" title="<?php echo trans('Archives');?>" for="select-type-3" class="tip btn ff-label-type-3"><i class="icon-inbox"></i></label>
 					<?php } ?>
-					<?php if(count($ext_video)>0 or false){ ?>
+					<?php if(count($config['ext_video'])>0 or false){ ?>
 				<input id="select-type-4" name="radio-sort" type="radio" data-item="ff-item-type-4" class="hide"  />
 				<label id="ff-item-type-4" title="<?php echo trans('Videos');?>" for="select-type-4" class="tip btn ff-label-type-4"><i class="icon-film"></i></label>
 					<?php } ?>
-					<?php if(count($ext_music)>0 or false){ ?>
+					<?php if(count($config['ext_music'])>0 or false){ ?>
 				<input id="select-type-5" name="radio-sort" type="radio" data-item="ff-item-type-5" class="hide"  />
 				<label id="ff-item-type-5" title="<?php echo trans('Music');?>" for="select-type-5" class="tip btn ff-label-type-5"><i class="icon-music"></i></label>
 					<?php } ?>
 				<?php } ?>
-				<input accesskey="f" type="text" class="filter-input <?php echo (($_GET['type']!=1 && $_GET['type']!=3) ? '' : 'filter-input-notype');?>" id="filter-input" name="filter" placeholder="<?php echo fix_strtolower(trans('Text_filter'));?>..." value="<?php echo $filter;?>"/><?php if($n_files>$file_number_limit_js){ ?><label id="filter" class="btn"><i class="icon-play"></i></label><?php } ?>
+				<input accesskey="f" type="text" class="filter-input <?php echo (($_GET['type']!=1 && $_GET['type']!=3) ? '' : 'filter-input-notype');?>" id="filter-input" name="filter" placeholder="<?php echo fix_strtolower(trans('Text_filter'));?>..." value="<?php echo $filter;?>"/><?php if($n_files>$config['file_number_limit_js']){ ?><label id="filter" class="btn"><i class="icon-play"></i></label><?php } ?>
 				<input id="select-type-all" name="radio-sort" type="radio" data-item="ff-item-type-all" class="hide"  />
 				<label id="ff-item-type-all" title="<?php echo trans('All');?>" <?php if($_GET['type']==1 || $_GET['type']==3){ ?>style="visibility: hidden;" <?php } ?> data-item="ff-item-type-all" for="select-type-all" style="margin-rigth:0px;" class="tip btn btn-inverse ff-label-type-all"><i class="icon-remove icon-white"></i></label>
@ -867,7 +902,7 @@ $files=$sorted;
 	?>
 	<li class="pull-right"><a class="btn-small" href="javascript:void('')" id="info"><i class="icon-question-sign"></i></a></li>
-	<?php if($show_language_selection){ ?>
+	<?php if($config['show_language_selection']){ ?>
 	<li class="pull-right"><a class="btn-small" href="javascript:void('')" id="change_lang_btn"><i class="icon-globe"></i></a></li>
 	<?php } ?>
 	<li class="pull-right"><a id="refresh" class="btn-small" href="dialog.php?<?php echo $get_params.$subdir."&".uniqid() ?>"><i class="icon-refresh"></i></a></li>
@ -888,8 +923,8 @@ $files=$sorted;
 		</div>
 	</li>
 	<li><small class="hidden-phone">(<span id="files_number"><?php echo $current_files_number."</span> ".trans('Files')." - <span id='folders_number'>".$current_folders_number."</span> ".trans('Folders');?>)</small></li>
-	<?php if($show_total_size){ ?>
+	<?php if($config['show_total_size']){ ?>
-	<li><small class="hidden-phone"><span title="<?php echo trans('total size').$MaxSizeTotal;?>"><?php echo trans('total size').": ".makeSize($sizeCurrentFolder).(($MaxSizeTotal !== false && is_int($MaxSizeTotal))? '/'.$MaxSizeTotal.' '.trans('MB'):'');?></span></small>
+	<li><small class="hidden-phone"><span title="<?php echo trans('total size').$config['MaxSizeTotal'];?>"><?php echo trans('total size').": ".makeSize($sizeCurrentFolder).(($config['MaxSizeTotal'] !== false && is_int($config['MaxSizeTotal']))? '/'.$config['MaxSizeTotal'].' '.trans('MB'):'');?></span></small>
 	</li>
 	<?php } ?>
 	</ul>
@ -897,15 +932,15 @@ $files=$sorted;
 	<!-- breadcrumb div end -->
 	<div class="row-fluid ff-container">
 	<div class="span12">
-		<?php if( ($ftp && !$ftp->isDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir))  || (!$ftp && @opendir($current_path.$rfm_subfolder.$subdir)===FALSE)){ ?>
+		<?php if( ($ftp && !$ftp->isDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir))  || (!$ftp && @opendir($config['current_path'].$rfm_subfolder.$subdir)===FALSE)){ ?>
 		<br/>
 		<div class="alert alert-error">There is an error! The upload folder there isn't. Check your config.php file. </div>
 		<?php }else{ ?>
 		<h4 id="help"><?php echo trans('Swipe_help');?></h4>
-		<?php if(isset($folder_message)){ ?>
+		<?php if(isset($config['folder_message'])){ ?>
-		<div class="alert alert-block"><?php echo $folder_message;?></div>
+		<div class="alert alert-block"><?php echo $config['folder_message'];?></div>
 		<?php } ?>
-		<?php if($show_sorting_bar){ ?>
+		<?php if($config['show_sorting_bar']){ ?>
 		<!-- sorter -->
 		<div class="sorter-container <?php echo "list-view".$view;?>">
 		<div class="file-name"><a class="sorter sort-name <?php if($sort_by=="name"){ echo ($descending)?"descending":"ascending"; } ?>" href="javascript:void('')" data-sort="name"><?php echo trans('Filename');?></a></div>
@ -921,18 +956,17 @@ $files=$sorted;
 		<!--ul class="thumbnails ff-items"-->
 		<ul class="grid cs-style-2 <?php echo "list-view".$view;?>" id="main-item-container">
 		<?php
 		$jplayer_ext=array("mp4","flv","webmv","webma","webm","m4a","m4v","ogv","oga","mp3","midi","mid","ogg","wav");
 		foreach ($files as $file_array) {
 			$file=$file_array['file'];
-			if($file == '.' || ( substr($file, 0, 1) == '.' && isset( $file_array[ 'extension' ] ) && $file_array[ 'extension' ] == fix_strtolower(trans( 'Type_dir' ) )) || (isset($file_array['extension']) && $file_array['extension']!=fix_strtolower(trans('Type_dir'))) || ($file == '..' && $subdir == '') || in_array($file, $hidden_folders) || ($filter!='' && $n_files>$file_number_limit_js && $file!=".." && stripos($file,$filter)===false)){
+			if($file == '.' || ( substr($file, 0, 1) == '.' && isset( $file_array[ 'extension' ] ) && $file_array[ 'extension' ] == fix_strtolower(trans( 'Type_dir' ) )) || (isset($file_array['extension']) && $file_array['extension']!=fix_strtolower(trans('Type_dir'))) || ($file == '..' && $subdir == '') || in_array($file, $config['hidden_folders']) || ($filter!='' && $n_files>$config['file_number_limit_js'] && $file!=".." && stripos($file,$filter)===false)){
 				continue;
 			}
 			$new_name=fix_filename($file,$config);
 			if($ftp && $file!='..' && $file!=$new_name){
 				//rename
-				rename_folder($current_path.$subdir.$file,$new_name,$ftp,$config);
+				rename_folder($config['current_path'].$subdir.$file,$new_name,$ftp,$config);
 				$file=$new_name;
 			}
 			//add in thumbs folder if not exist
@ -961,7 +995,7 @@ $files=$sorted;
 				$file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename'];
 				$file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete'];
 				}
-				?><figure data-name="<?php echo $file ?>" class="<?php if($file=="..") echo "back-";?>directory" data-type="<?php if($file!=".."){ echo "dir"; } ?>">
+				?><figure data-name="<?php echo $file ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file;?>" class="<?php if($file=="..") echo "back-";?>directory" data-type="<?php if($file!=".."){ echo "dir"; } ?>">
 				<?php if($file==".."){ ?>
 					<input type="hidden" class="path" value="<?php echo str_replace('.','',dirname($rfm_subfolder.$subdir));?>"/>
 					<input type="hidden" class="path_thumb" value="<?php echo dirname($thumbs_path.$subdir)."/";?>"/>
@ -969,13 +1003,13 @@ $files=$sorted;
 				<a class="folder-link" href="dialog.php?<?php echo $get_params.rawurlencode($src)."&".($callback?'callback='.$callback."&":'').uniqid() ?>">
 					<div class="img-precontainer">
 							<div class="img-container directory"><span></span>
-							<img class="directory-img" data-src="img/<?php echo $icon_theme;?>/folder<?php if($file==".."){ echo "_back"; }?>.png" />
+							<img class="directory-img" data-src="img/<?php echo $config['icon_theme'];?>/folder<?php if($file==".."){ echo "_back"; }?>.png" />
 							</div>
 					</div>
 					<div class="img-precontainer-mini directory">
 							<div class="img-container-mini">
 							<span></span>
-							<img class="directory-img" data-src="img/<?php echo $icon_theme;?>/folder<?php if($file==".."){ echo "_back"; }?>.png" />
+							<img class="directory-img" data-src="img/<?php echo $config['icon_theme'];?>/folder<?php if($file==".."){ echo "_back"; }?>.png" />
 							</div>
 					</div>
 			<?php if($file==".."){ ?>
@ -987,24 +1021,24 @@ $files=$sorted;
 			<?php }else{ ?>
 					</a>
 					<div class="box">
-					<h4 class="<?php if($ellipsis_title_after_first_row){ echo "ellipsis"; } ?>"><a class="folder-link" data-file="<?php echo $file ?>" href="dialog.php?<?php echo $get_params.rawurlencode($src)."&".uniqid() ?>"><?php echo $file;?></a></h4>
+					<h4 class="<?php if($config['ellipsis_title_after_first_row']){ echo "ellipsis"; } ?>"><a class="folder-link" data-file="<?php echo $file ?>" href="dialog.php?<?php echo $get_params.rawurlencode($src)."&".uniqid() ?>"><?php echo $file;?></a></h4>
 					</div>
 					<input type="hidden" class="name" value="<?php echo $file_array['file_lcase'];?>"/>
 					<input type="hidden" class="date" value="<?php echo $file_array['date'];?>"/>
 					<input type="hidden" class="size" value="<?php echo $file_array['size'];?>"/>
 					<input type="hidden" class="extension" value="<?php echo fix_strtolower(trans('Type_dir'));?>"/>
 					<div class="file-date"><?php echo date(trans('Date_type'),$file_array['date']);?></div>
-					<?php if($show_folder_size){ ?>
+					<?php if($config['show_folder_size']){ ?>
 						<div class="file-size"><?php echo makeSize($file_array['size']);?></div>
 						<input type="hidden" class="nfiles" value="<?php echo $file_array['nfiles'];?>"/>
 						<input type="hidden" class="nfolders" value="<?php echo $file_array['nfolders'];?>"/>
 					<?php } ?>
 					<div class='file-extension'><?php echo fix_strtolower(trans('Type_dir'));?></div>
 					<figcaption>
-						<a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_folders && !$file_prevent_rename) echo "rename-folder";?>" title="<?php echo trans('Rename')?>" data-folder="1" data-permissions="<?php echo $file_array['permissions']; ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file;?>">
+						<a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($config['rename_folders'] && !$file_prevent_rename) echo "rename-folder";?>" title="<?php echo trans('Rename')?>" data-folder="1" data-permissions="<?php echo $file_array['permissions']; ?>">
-						<i class="icon-pencil <?php if(!$rename_folders || $file_prevent_rename) echo 'icon-white';?>"></i></a>
+						<i class="icon-pencil <?php if(!$config['rename_folders'] || $file_prevent_rename) echo 'icon-white';?>"></i></a>
-						<a href="javascript:void('')" class="tip-left erase-button <?php if($delete_folders && !$file_prevent_delete) echo "delete-folder";?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_Folder_del');?>" data-path="<?php echo $rfm_subfolder.$subdir.$file;?>" >
+						<a href="javascript:void('')" class="tip-left erase-button <?php if($config['delete_folders'] && !$file_prevent_delete) echo "delete-folder";?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_Folder_del');?>" >
-						<i class="icon-trash <?php if(!$delete_folders || $file_prevent_delete) echo 'icon-white';?>"></i>
+						<i class="icon-trash <?php if(!$config['delete_folders'] || $file_prevent_delete) echo 'icon-white';?>"></i>
 						</a>
 					</figcaption>
 			<?php } ?>
@ -1018,40 +1052,45 @@ $files=$sorted;
 			foreach ($files as $nu=>$file_array) {
 				$file=$file_array['file'];
-				if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || (!$config['ext_blacklist'] && !in_array(fix_strtolower($file_array['extension']), $ext)) || ($config['ext_blacklist'] && in_array(fix_strtolower($file_array['extension']), $config['ext_blacklist'])) || ($filter!='' && $n_files>$file_number_limit_js && stripos($file,$filter)===false))
+				if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || !check_extension($file_array['extension'],$config) || ($filter!='' && $n_files>$config['file_number_limit_js'] && stripos($file,$filter)===false))
 					continue;
-				foreach ( $hidden_files as $hidden_file ) {
+				foreach ( $config['hidden_files'] as $hidden_file ) {
 					if ( fnmatch($hidden_file, $file, FNM_PATHNAME) ) {
 						continue 2;
 					}
 				}
 				$filename=substr($file, 0, '-' . (strlen($file_array['extension']) + 1));
 				if(strlen($file_array['extension'])===0){
 					$filename = $file;
 				}
 				if(!$ftp){
-					$file_path=$current_path.$rfm_subfolder.$subdir.$file;
+					$file_path=$config['current_path'].$rfm_subfolder.$subdir.$file;
 					//check if file have illegal caracter
 					if($file!=fix_filename($file,$config)){
 						$file1=fix_filename($file,$config);
-						$file_path1=($current_path.$rfm_subfolder.$subdir.$file1);
+						$file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1);
 						if(file_exists($file_path1)){
 							$i = 1;
 							$info=pathinfo($file1);
-							while(file_exists($current_path.$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) {
+							while(file_exists($config['current_path'].$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) {
 								$i++;
 							}
 							$file1=$info['filename'].".[".$i."].".$info['extension'];
-							$file_path1=($current_path.$rfm_subfolder.$subdir.$file1);
+							$file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1);
 						}
 						$filename=substr($file1, 0, '-' . (strlen($file_array['extension']) + 1));
 						if(strlen($file_array['extension'])===0){
 							$filename = $file1;
 						}
 						rename_file($file_path,fix_filename($filename,$config),$ftp,$config);
 						$file=$file1;
 						$file_array['extension']=fix_filename($file_array['extension'],$config);
 						$file_path=$file_path1;
 					}
 				}else{
-					$file_path = $config['ftp_base_url'].$upload_dir.$rfm_subfolder.$subdir.$file;
+					$file_path = $config['ftp_base_url'].$config['upload_dir'].$rfm_subfolder.$subdir.$file;
 				}
 				$is_img=false;
@ -1061,14 +1100,14 @@ $files=$sorted;
 				$show_original_mini=false;
 				$mini_src="";
 				$src_thumb="";
-				if(in_array($file_array['extension'], $ext_img)){
+				if(in_array($file_array['extension'], $config['ext_img'])){
 					$src = $file_path;
 					$is_img=true;
 					$img_width = $img_height = "";
 					if($ftp){
-						$mini_src = $src_thumb = $config['ftp_base_url'].$ftp_thumbs_dir.$subdir. $file;
+						$mini_src = $src_thumb = $config['ftp_base_url'].$config['ftp_thumbs_dir'].$subdir. $file;
-						$creation_thumb_path = "/".$config['ftp_base_folder'].$ftp_thumbs_dir.$subdir. $file;
+						$creation_thumb_path = "/".$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$subdir. $file;
 					}else{
 						$creation_thumb_path = $mini_src = $src_thumb = $thumbs_path.$subdir. $file;
@ -1086,7 +1125,7 @@ $files=$sorted;
 						}
 						if($img_width<45 && $img_height<38){
-							$mini_src=$current_path.$rfm_subfolder.$subdir.$file;
+							$mini_src=$config['current_path'].$rfm_subfolder.$subdir.$file;
 							$show_original_mini=true;
 						}
 					}
@ -1096,10 +1135,10 @@ $files=$sorted;
 				$no_thumb=false;
 				if($src_thumb==""){
 					$no_thumb=true;
-					if(file_exists('img/'.$icon_theme.'/'.$file_array['extension'].".jpg")){
+					if(file_exists('img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg")){
-						$src_thumb ='img/'.$icon_theme.'/'.$file_array['extension'].".jpg";
+						$src_thumb ='img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg";
 					}else{
-						$src_thumb = "img/".$icon_theme."/default.jpg";
+						$src_thumb = "img/".$config['icon_theme']."/default.jpg";
 					}
 					$is_icon_thumb=true;
 				}
@ -1108,15 +1147,15 @@ $files=$sorted;
 				}
 				$class_ext=0;
-				if (in_array($file_array['extension'], $ext_video)) {
+				if (in_array($file_array['extension'], $config['ext_video'])) {
 					$class_ext = 4;
 					$is_video=true;
-				}elseif (in_array($file_array['extension'], $ext_img)) {
+				}elseif (in_array($file_array['extension'], $config['ext_img'])) {
 					$class_ext = 2;
-				}elseif (in_array($file_array['extension'], $ext_music)) {
+				}elseif (in_array($file_array['extension'], $config['ext_music'])) {
 					$class_ext = 5;
 					$is_audio=true;
-				}elseif (in_array($file_array['extension'], $ext_misc)) {
+				}elseif (in_array($file_array['extension'], $config['ext_misc'])) {
 					$class_ext = 3;
 				}else{
 					$class_ext = 1;
@ -1133,7 +1172,8 @@ $files=$sorted;
 			$file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename'];
 			$file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete'];
 			}
-			?>		<figure data-name="<?php echo $file ?>" data-type="<?php if($is_img){ echo "img"; }else{ echo "file"; } ?>">
+			?>		
 			<figure data-name="<?php echo $file ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file;?>" data-type="<?php if($is_img){ echo "img"; }else{ echo "file"; } ?>">
 				<a href="javascript:void('')" class="link" data-file="<?php echo $file;?>" data-function="<?php echo $apply;?>">
 				<div class="img-precontainer">
 					<?php if($is_icon_thumb){ ?><div class="filetype"><?php echo $file_array['extension'] ?></div><?php } ?>
@ -1156,7 +1196,7 @@ $files=$sorted;
 						</label>
 					</div>
 					<?php } ?>
-					<div class="filetype <?php echo $file_array['extension'] ?> <?php if(in_array($file_array['extension'], $editable_text_file_exts)) echo 'edit-text-file-allowed' ?> <?php if(!$is_icon_thumb){ echo "hide"; }?>"><?php echo $file_array['extension'] ?></div>
+					<div class="filetype <?php echo $file_array['extension'] ?> <?php if(in_array($file_array['extension'], $config['editable_text_file_exts'])) echo 'edit-text-file-allowed' ?> <?php if(!$is_icon_thumb){ echo "hide"; }?>"><?php echo $file_array['extension'] ?></div>
 					<div class="img-container-mini">
 					<?php if($mini_src!=""){ ?>
 					<img class="<?php echo $show_original_mini ? "original" : "" ?><?php echo $is_icon_thumb_mini ? " icon" : "" ?>" data-src="<?php echo $mini_src;?>">
@ -1167,7 +1207,7 @@ $files=$sorted;
 				<div class="cover"></div>
 				<?php } ?>
 				<div class="box">
-				<h4 class="<?php if($ellipsis_title_after_first_row){ echo "ellipsis"; } ?>">
+				<h4 class="<?php if($config['ellipsis_title_after_first_row']){ echo "ellipsis"; } ?>">
 				<?php echo $filename;?></h4>
 				</div></a>
 				<input type="hidden" class="date" value="<?php echo $file_array['date'];?>"/>
@ -1183,30 +1223,31 @@ $files=$sorted;
 					<input type="hidden" name="path" value="<?php echo $rfm_subfolder.$subdir?>"/>
 					<input type="hidden" class="name_download" name="name" value="<?php echo $file?>"/>
-					<a title="<?php echo trans('Download')?>" class="tip-right" href="javascript:void('')" onclick="$('#form<?php echo $nu;?>').submit();"><i class="icon-download"></i></a>
+					<a title="<?php echo trans('Download')?>" class="tip-right" href="javascript:void('')" <?php if($config['download_files']) echo "onclick=\"$('#form".$nu."').submit();\"" ?>><i class="icon-download <?php if(!$config['download_files']) echo 'icon-white'; ?>"></i></a>
 					<?php if($is_img && $src_thumb!=""){ ?>
 					<a class="tip-right preview" title="<?php echo trans('Preview')?>" data-url="<?php echo $src;?>" data-toggle="lightbox" href="#previewLightbox"><i class=" icon-eye-open"></i></a>
-					<?php }elseif(($is_video || $is_audio) && in_array($file_array['extension'],$jplayer_ext)){ ?>
+					<?php }elseif(($is_video || $is_audio) && in_array($file_array['extension'],$config['jplayer_exts'])){ ?>
 					<a class="tip-right modalAV <?php if($is_audio){ echo "audio"; }else{ echo "video"; } ?>"
 					title="<?php echo trans('Preview')?>" data-url="ajax_calls.php?action=media_preview&title=<?php echo $filename;?>&file=<?php echo $rfm_subfolder.$subdir.$file;?>"
 					href="javascript:void('');" ><i class=" icon-eye-open"></i></a>
-					<?php }elseif(in_array($file_array['extension'],array('dwg', 'dxf', 'hpgl', 'plt', 'spl', 'step', 'stp', 'iges', 'igs', 'sat', 'cgm', 'svg'))){ ?>
+					<?php }elseif(in_array($file_array['extension'],$config['cad_exts'])){ ?>
 					<a class="tip-right file-preview-btn" title="<?php echo trans('Preview')?>" data-url="ajax_calls.php?action=cad_preview&title=<?php echo $filename;?>&file=<?php echo $rfm_subfolder.$subdir.$file;?>"
 					href="javascript:void('');" ><i class=" icon-eye-open"></i></a>
-					<?php }elseif($preview_text_files && in_array($file_array['extension'],$previewable_text_file_exts)){ ?>
+					<?php }elseif($config['preview_text_files'] && in_array($file_array['extension'],$config['previewable_text_file_exts'])){ ?>
 					<a class="tip-right file-preview-btn" title="<?php echo trans('Preview')?>" data-url="ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=<?php echo $filename;?>&file=<?php echo $rfm_subfolder.$subdir.$file;?>"
 					href="javascript:void('');" ><i class=" icon-eye-open"></i></a>
-					<?php }elseif($googledoc_enabled && in_array($file_array['extension'],$googledoc_file_exts)){ ?>
+					<?php }elseif($config['googledoc_enabled'] && in_array($file_array['extension'],$config['googledoc_file_exts'])){ ?>
 					<a class="tip-right file-preview-btn" title="<?php echo trans('Preview')?>" data-url="ajax_calls.php?action=get_file&sub_action=preview&preview_mode=google&title=<?php echo $filename;?>&file=<?php echo $rfm_subfolder.$subdir.$file;?>"
 					href="docs.google.com;" ><i class=" icon-eye-open"></i></a>
 					<?php }else{ ?>
 					<a class="preview disabled"><i class="icon-eye-open icon-white"></i></a>
 					<?php } ?>
-					<a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_files && !$file_prevent_rename) echo "rename-file";?>" title="<?php echo trans('Rename')?>" data-folder="0" data-permissions="<?php echo $file_array['permissions']; ?>" data-path="<?php echo $rfm_subfolder.$subdir .$file;?>">
+					<a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($config['rename_files'] && !$file_prevent_rename) echo "rename-file";?>" title="<?php echo trans('Rename')?>" data-folder="0" data-permissions="<?php echo $file_array['permissions']; ?>">
-					<i class="icon-pencil <?php if(!$rename_files || $file_prevent_rename) echo 'icon-white';?>"></i></a>
+					<i class="icon-pencil <?php if(!$config['rename_files'] || $file_prevent_rename) echo 'icon-white';?>"></i></a>
-					<a href="javascript:void('')" class="tip-left erase-button <?php if($delete_files && !$file_prevent_delete) echo "delete-file";?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_del');?>" data-path="<?php echo $rfm_subfolder.$subdir.$file;?>">
+					<a href="javascript:void('')" class="tip-left erase-button <?php if($config['delete_files'] && !$file_prevent_delete) echo "delete-file";?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_del');?>">
-					<i class="icon-trash <?php if(!$delete_files || $file_prevent_delete) echo 'icon-white';?>"></i>
+					<i class="icon-trash <?php if(!$config['delete_files'] || $file_prevent_delete) echo 'icon-white';?>"></i>
 					</a>
 					</form>
 				</figcaption>
@ -1222,6 +1263,7 @@ $files=$sorted;
 	</div>
 	</div>
 </div>
 <script>
 	var files_prevent_duplicate = new Array();
 	<?php
--- a/core/vendor/filemanager/execute.php
+++ b/core/vendor/filemanager/execute.php
@ -1,7 +1,5 @@
 <?php
 $config = include 'config/config.php';
 //TODO switch to array
 extract($config, EXTR_OVERWRITE);
 include 'include/utils.php';
@ -11,13 +9,9 @@ if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
 	exit;
 }
-if (strpos($_POST['path'],'/')===0
+if (!checkRelativePath($_POST['path']))
 	|| strpos($_POST['path'],'../')!==FALSE
 	|| strpos($_POST['path'],'./')===0
 	|| strpos($_POST['path'],'..\\')!==FALSE
 	|| strpos($_POST['path'],'.\\')===0)
 {
-	response(trans('wrong path'.AddErrorLocation()))->send();
+	response(trans('wrong path').AddErrorLocation())->send();
 	exit;
 }
@ -39,7 +33,7 @@ else
 $ftp = ftp_con($config);
-$base = $current_path;
+$base = $config['current_path'];
 $path = $base.$_POST['path'];
 $cycle = TRUE;
 $max_cycles = 50;
@ -81,6 +75,11 @@ function returnPaths($_path,$_name,$config){
 if(isset($_POST['paths'])){
 	$paths = $paths_thumb = $names = array();
 	foreach ($_POST['paths'] as $key => $path) {
 		if (!checkRelativePath($path))
 		{
 			response(trans('wrong path').AddErrorLocation())->send();
 			exit;
 		}
 		$name = null;
 		if(isset($_POST['names'][$key])){
 			$name = $_POST['names'][$key];
@ -101,10 +100,7 @@ if(isset($_POST['paths'])){
 $info = pathinfo($path);
 if (isset($info['extension']) && !(isset($_GET['action']) && $_GET['action']=='delete_folder') && 
-	(
+	!check_extension($info['extension'],$config)
 		(!$config['ext_blacklist'] && !in_array(strtolower($info['extension']), $ext)) || 
 		($config['ext_blacklist'] && in_array(fix_strtolower($file_array['extension']),$config['ext_blacklist']))
 	)
 	&& $_GET['action'] != 'create_file' )
 {
 	response(trans('wrong extension').AddErrorLocation())->send();
@ -127,7 +123,7 @@ if (isset($_GET['action']))
 			break;
 		case 'delete_folder':
-			if ($delete_folders){
+			if ($config['delete_folders']){
 				if($ftp){
 					deleteDir($path,$ftp,$config);
@ -135,19 +131,19 @@ if (isset($_GET['action']))
 				}else{
 					if (is_dir($path_thumb))
 					{
-						deleteDir($path_thumb);
+						deleteDir($path_thumb,NULL,$config);
 					}
 					if (is_dir($path))
 					{
-						deleteDir($path);
+						deleteDir($path,NULL,$config);
-						if ($fixed_image_creation)
+						if ($config['fixed_image_creation'])
 						{
-							foreach($fixed_path_from_filemanager as $k=>$paths){
+							foreach($config['fixed_path_from_filemanager'] as $k=>$paths){
 								if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
-								$base_dir=$paths.substr_replace($path, '', 0, strlen($current_path));
+								$base_dir=$paths.substr_replace($path, '', 0, strlen($config['current_path']));
-								if (is_dir($base_dir)) deleteDir($base_dir);
+								if (is_dir($base_dir)) deleteDir($base_dir,NULL,$config);
 							}
 						}
 					}
@ -155,7 +151,7 @@ if (isset($_GET['action']))
 			}
 			break;
 		case 'create_folder':
-			if ($create_folders)
+			if ($config['create_folders'])
 			{
 				$name = fix_filename($_POST['name'],$config);
@ -168,9 +164,9 @@ if (isset($_GET['action']))
 			}
 			break;
 		case 'rename_folder':
-			if ($rename_folders){
+			if ($config['rename_folders']){
                if(!is_dir($path)) {
-                    response(trans('wrong path'))->send();
+                    response(trans('wrong path').AddErrorLocation())->send();
                    exit;
                }
 				$name=fix_filename($name,$config);
@ -183,11 +179,11 @@ if (isset($_GET['action']))
 						exit;
 					}
 					rename_folder($path_thumb,$name,$ftp,$config);
-					if (!$ftp && $fixed_image_creation){
+					if (!$ftp && $config['fixed_image_creation']){
-						foreach($fixed_path_from_filemanager as $k=>$paths){
+						foreach($config['fixed_path_from_filemanager'] as $k=>$paths){
 							if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
-							$base_dir=$paths.substr_replace($path, '', 0, strlen($current_path));
+							$base_dir=$paths.substr_replace($path, '', 0, strlen($config['current_path']));
 							rename_folder($base_dir,$name,$ftp,$config);
 						}
 					}
@ -198,18 +194,18 @@ if (isset($_GET['action']))
 			}
 			break;
 		case 'create_file':
-			if ($create_text_files === FALSE) {
+			if ($config['create_text_files'] === FALSE) {
 				response(sprintf(trans('File_Open_Edit_Not_Allowed'), strtolower(trans('Edit'))).AddErrorLocation())->send();
 				exit;
 			}
-			if (!isset($editable_text_file_exts) || !is_array($editable_text_file_exts)){
+			if (!isset($config['editable_text_file_exts']) || !is_array($config['editable_text_file_exts'])){
-				$editable_text_file_exts = array();
+				$config['editable_text_file_exts'] = array();
 			}
 			// check if user supplied extension
 			if (strpos($name, '.') === FALSE){
-				response(trans('No_Extension').' '.sprintf(trans('Valid_Extensions'), implode(', ', $editable_text_file_exts)).AddErrorLocation())->send();
+				response(trans('No_Extension').' '.sprintf(trans('Valid_Extensions'), implode(', ', $config['editable_text_file_exts'])).AddErrorLocation())->send();
 				exit;
 			}
@ -224,8 +220,8 @@ if (isset($_GET['action']))
 			// check extension
 			$parts = explode('.', $name);
-			if (!in_array(end($parts), $editable_text_file_exts)) {
+			if (!in_array(end($parts), $config['editable_text_file_exts'])) {
-				response(trans('Error_extension').' '.sprintf(trans('Valid_Extensions'), implode(', ', $editable_text_file_exts)), 400)->send();
+				response(trans('Error_extension').' '.sprintf(trans('Valid_Extensions'), implode(', ', $config['editable_text_file_exts'])).AddErrorLocation(), 400)->send();
 				exit;
 			}
@ -239,7 +235,7 @@ if (isset($_GET['action']))
 				response(trans('File_Save_OK'))->send();
 			}else{
 				if (!checkresultingsize(strlen($content))) {
-					response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+					response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 					exit;
 				}
 				// file already exists
@ -262,7 +258,7 @@ if (isset($_GET['action']))
 			break;
 		case 'rename_file':
-			if ($rename_files){
+			if ($config['rename_files']){
 				$name=fix_filename($name,$config);
 				if (!empty($name))
 				{
@ -274,18 +270,18 @@ if (isset($_GET['action']))
 					rename_file($path_thumb,$name,$ftp,$config);
-					if ($fixed_image_creation)
+					if ($config['fixed_image_creation'])
 					{
 						$info=pathinfo($path);
-						foreach($fixed_path_from_filemanager as $k=>$paths)
+						foreach($config['fixed_path_from_filemanager'] as $k=>$paths)
 						{
 							if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.="/";
-							$base_dir = $paths.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
+							$base_dir = $paths.substr_replace($info['dirname']."/", '', 0, strlen($config['current_path']));
-							if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']))
+							if (file_exists($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension']))
 							{
-								rename_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension'],$fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k],$ftp,$config);
+								rename_file($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension'],$config['fixed_image_creation_name_to_prepend'][$k].$name.$config['fixed_image_creation_to_append'][$k],$ftp,$config);
 							}
 						}
 					}
@ -296,13 +292,13 @@ if (isset($_GET['action']))
 			}
 			break;
 		case 'duplicate_file':
-			if ($duplicate_files)
+			if ($config['duplicate_files'])
 			{
 				$name=fix_filename($name,$config);
 				if (!empty($name))
 				{
 					if (!$ftp && !checkresultingsize(filesize($path))) {
-						response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+						response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 						exit;
 					}
 					if (!duplicate_file($path,$name,$ftp,$config))
@ -313,18 +309,18 @@ if (isset($_GET['action']))
 					duplicate_file($path_thumb,$name,$ftp,$config);
-					if (!$ftp && $fixed_image_creation)
+					if (!$ftp && $config['fixed_image_creation'])
 					{
 						$info=pathinfo($path);
-						foreach($fixed_path_from_filemanager as $k=>$paths)
+						foreach($config['fixed_path_from_filemanager'] as $k=>$paths)
 						{
 							if ($paths!="" && $paths[strlen($paths)-1] != "/") $paths.= "/";
-							$base_dir=$paths.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
+							$base_dir=$paths.substr_replace($info['dirname']."/", '', 0, strlen($config['current_path']));
-							if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension']))
+							if (file_exists($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension']))
 							{
-								duplicate_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].".".$info['extension'],$fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k]);
+								duplicate_file($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension'],$config['fixed_image_creation_name_to_prepend'][$k].$name.$config['fixed_image_creation_to_append'][$k]);
 							}
 						}
 					}
@ -358,8 +354,8 @@ if (isset($_GET['action']))
 				$data['path_thumb'] = DIRECTORY_SEPARATOR.$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$data['path'];
 				$data['path'] = DIRECTORY_SEPARATOR.$config['ftp_base_folder'].$config['upload_dir'].$data['path'];
 			}else{
-				$data['path_thumb'] = $thumbs_base_path.$data['path'];
+				$data['path_thumb'] = $config['thumbs_base_path'].$data['path'];
-				$data['path'] = $current_path.$data['path'];
+				$data['path'] = $config['current_path'].$data['path'];
 			}
 			$pinfo = pathinfo($data['path']);
@ -418,7 +414,7 @@ if (isset($_GET['action']))
 				{
 					list($sizeFolderToCopy,$fileNum,$foldersCount) = folder_info($path,false);
 					if (!checkresultingsize($sizeFolderToCopy)) {
-						response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+						response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 						exit;
 					}
 					rcopy($data['path'], $path);
@ -444,7 +440,7 @@ if (isset($_GET['action']))
 			$mode = $_POST['new_mode'];
 			$rec_option = $_POST['is_recursive'];
 			$valid_options = array('none', 'files', 'folders', 'both');
-			$chmod_perm = ($_POST['folder'] ? $chmod_dirs : $chmod_files);
+			$chmod_perm = ($_POST['folder'] ? $config['chmod_dirs'] : $config['chmod_files']);
 			// check perm
 			if ($chmod_perm === FALSE) {
@ -499,13 +495,13 @@ if (isset($_GET['action']))
 				}
 				// not writable or edit not allowed
-				if (!is_writable($path) || $edit_text_files === FALSE) {
+				if (!is_writable($path) || $config['edit_text_files'] === FALSE) {
 					response(sprintf(trans('File_Open_Edit_Not_Allowed'), strtolower(trans('Edit'))).AddErrorLocation())->send();
 					exit;
 				}
 				if (!checkresultingsize(strlen($content))) {
-					response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send();
+					response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send();
 					exit;
 				}
 				if (@file_put_contents($path, $content) === FALSE) {
@ -523,4 +519,3 @@ if (isset($_GET['action']))
 			exit;
 	}
 }
 ?>
--- a/core/vendor/filemanager/force_download.php
+++ b/core/vendor/filemanager/force_download.php
@ -2,90 +2,75 @@
 $config = include 'config/config.php';
 //TODO switch to array
 extract($config, EXTR_OVERWRITE);
 include 'include/utils.php';
 include 'include/mime_type_lib.php';
 $ftp = ftp_con($config);
-if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
+if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
 {
    response(trans('forbiden') . AddErrorLocation(), 403)->send();
    exit;
 }
 include 'include/mime_type_lib.php';
-
+if (!checkRelativePath($_POST['path']) ||
 if (
    strpos($_POST['path'], '/') === 0
-    || strpos($_POST['path'], '../') !== false
+) {
-    || strpos($_POST['path'], './') === 0
+    response(trans('wrong path').AddErrorLocation(), 400)->send();
    || strpos($_POST['path'], '..\\') !== false
    || strpos($_POST['path'], '.\\') === 0
 )
 {
 	response(trans('wrong path'.AddErrorLocation()), 400)->send();
    exit;
 }
-if (strpos($_POST['name'], '/') !== false)
+if (strpos($_POST['name'], '/') !== false) {
-{
+    response(trans('wrong path').AddErrorLocation(), 400)->send();
 	response(trans('wrong path'.AddErrorLocation()), 400)->send();
    exit;
 }
 if ($ftp) {
-    $path = $ftp_base_url . $upload_dir . $_POST['path'];
+    $path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path'];
 } else {
-    $path = $current_path . $_POST['path'];
+    $path = $config['current_path'] . $_POST['path'];
 }
 $name = $_POST['name'];
 $info = pathinfo($name);
-if ( ! in_array(fix_strtolower($info['extension']), $ext))
+if (!check_extension($info['extension'], $config)) {
-{
+    response(trans('wrong extension').AddErrorLocation(), 400)->send();
 	response(trans('wrong extension'.AddErrorLocation()), 400)->send();
    exit;
 }
 $file_name  = $info['basename'];
 $file_ext   = $info['extension'];
 $file_path  = $path . $name;
 // make sure the file exists
 if ($ftp) {
    $file_url = 'http://www.myremoteserver.com/file.exe';
    header('Content-Type: application/octet-stream');
    header("Content-Transfer-Encoding: Binary");
    header("Content-disposition: attachment; filename=\"" . $file_name . "\"");
    readfile($file_path);
-}elseif (is_file($file_path) && is_readable($file_path))
+} elseif (is_file($file_path) && is_readable($file_path)) {
-{
+    if (!file_exists($path . $name)) {
-    if ( ! file_exists($path . $name))
+        response(trans('File_Not_Found') . AddErrorLocation(), 404)->send();
    {
        response(trans('File_Not_Found'.AddErrorLocation()), 404)->send();
        exit;
    }
    $size = filesize($file_path);
    $file_name = rawurldecode($file_name);
    if (function_exists('mime_content_type')) {
        $mime_type = mime_content_type($file_path);
    } elseif (function_exists('finfo_open')) {
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $mime_type = finfo_file($finfo, $file_path);
    } else {
        include 'include/mime_type_lib.php';
        $mime_type = get_file_mime_type($file_path);
    }
    @ob_end_clean();
    if (ini_get('zlib.output_compression')) {
        ini_set('zlib.output_compression', 'Off');
@ -95,8 +80,7 @@ if($ftp){
    header("Content-Transfer-Encoding: binary");
    header('Accept-Ranges: bytes');
-    if(isset($_SERVER['HTTP_RANGE']))
+    if (isset($_SERVER['HTTP_RANGE'])) {
    {
        list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2);
        list($range) = explode(",", $range, 2);
        list($range, $range_end) = explode("-", $range);
@ -118,18 +102,17 @@ if($ftp){
    $chunksize = 1 * (1024 * 1024);
    $bytes_send = 0;
-    if ($file = fopen($file_path, 'r'))
+    if ($file = fopen($file_path, 'r')) {
-    {
+        if (isset($_SERVER['HTTP_RANGE'])) {
        if(isset($_SERVER['HTTP_RANGE']))
            fseek($file, $range);
        }
        while (!feof($file) &&
            (!connection_aborted()) &&
            ($bytes_send < $new_length)
-        )
+        ) {
        {
            $buffer = fread($file, $chunksize);
-            echo($buffer);
+            echo $buffer;
            flush();
            $bytes_send += strlen($buffer);
        }
@ -139,13 +122,9 @@ if($ftp){
    }
    die();
-
+} else {
 }
 else
 {
    // file does not exist
    header("HTTP/1.0 404 Not Found");
 	exit;
 }
 exit;
--- a/core/vendor/filemanager/include/mime_type_lib.php
+++ b/core/vendor/filemanager/include/mime_type_lib.php
@ -9,6 +9,7 @@ $mime_types = array(
 	"application/x-bcpio" => "bcpio",
 	"application/octet-stream" => "so",
 	"image/bmp" => "bmp",
 	"application/x-rar" => "rar",
 	"application/x-bzip2" => "bz2",
 	"application/x-netcdf" => "nc",
 	"application/x-kchart" => "chrt",
--- a/core/vendor/filemanager/include/utils.php
+++ b/core/vendor/filemanager/include/utils.php
@ -1,6 +1,6 @@
 <?php
-if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
+if (!isset($_SESSION['RF']) || $_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
 {
 	die('forbiden');
 }
@ -48,7 +48,7 @@ if ( ! function_exists('trans'))
 		|| ! is_readable('lang/' . basename($_SESSION['RF']['language']) . '.php')
 	)
 	{
-		$lang = $default_language;
+		$lang = $config['default_language'];
 		if (isset($_GET['lang']) && $_GET['lang'] != 'undefined' && $_GET['lang'] != '')
 		{
@ -56,7 +56,7 @@ if ( ! function_exists('trans'))
 			$lang = trim($lang);
 		}
-		if ($lang != $default_language)
+		if ($lang != $config['default_language'])
 		{
 			$path_parts = pathinfo($lang);
 			$lang = $path_parts['basename'];
@ -94,14 +94,63 @@ if ( ! function_exists('trans'))
 	}
 }
 function checkRelativePathPartial($path){
 	if (strpos($path, '../') !== false
        || strpos($path, './') !== false
        || strpos($path, '/..') !== false
        || strpos($path, '..\\') !== false
        || strpos($path, '\\..') !== false
        || strpos($path, '.\\') !== false
        || $path === ".."
    ){
 		return false;
    }
    return true;
 }
 /**
 * Check relative path
 *
 * @param  string  $path
 *
 * @return boolean is it correct?
 */
 function checkRelativePath($path){
 	$path_correct = checkRelativePathPartial($path);
 	if($path_correct){
 		$path_decoded = rawurldecode($path);
 		$path_correct = checkRelativePathPartial($path_decoded);
 	}
    return $path_correct;
 }
 /**
 * Check if the given path is an upload dir based on config
 *
 * @param  string  $path
 * @param  array $config
 *
 * @return boolean is it an upload dir?
 */
 function isUploadDir($path, $config){
 	$upload_dir = $config['current_path'];
 	$thumbs_dir = $config['thumbs_base_path'];
 	if (realpath($path) === realpath($upload_dir) || realpath($path) === realpath($thumbs_dir))
 	{
 		return true;
 	}
 	return false;
 }
 /**
 * Delete file
 *
 * @param  string  $path
 * @param  string $path_thumb
-* @param  string $config
+* @param  array $config
 *
-* @return  nothing
+* @return null
 */
 function deleteFile($path,$path_thumb,$config){
 	if ($config['delete_files']){
@ -141,7 +190,7 @@ function deleteFile($path,$path_thumb,$config){
 			{
 				if ($path!="" && $path[strlen($path)-1] != "/") $path.="/";
-				$base_dir=$path.substr_replace($info['dirname']."/", '', 0, strlen($current_path));
+				$base_dir=$path.substr_replace($info['dirname']."/", '', 0, strlen($config['current_path']));
 				if (file_exists($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension']))
 				{
 					unlink($base_dir.$config['fixed_image_creation_name_to_prepend'][$k].$info['filename'].$config['fixed_image_creation_to_append'][$k].".".$info['extension']);
@ -171,7 +220,7 @@ function deleteDir($dir,$ftp = null, $config = null)
 		}
 	}else{
-		if ( ! file_exists($dir))
+		if ( ! file_exists($dir) || isUploadDir($dir, $config))
 		{
 			return false;
 		}
@ -219,7 +268,7 @@ function duplicate_file( $old_path, $name, $ftp = null, $config = null )
 			return null;
 		}
 	}else{
-		if (file_exists($old_path))
+		if (file_exists($old_path) && is_file($old_path))
 		{
 			if (file_exists($new_path) && $old_path == $new_path)
 			{
@ -253,7 +302,7 @@ function rename_file($old_path, $name, $ftp = null, $config = null)
 			return false;
 		}
 	}else{
-		if (file_exists($old_path))
+		if (file_exists($old_path) && is_file($old_path))
 		{
 			$new_path = $info['dirname'] . "/" . $name . "." . $info['extension'];
 			if (file_exists($new_path) && $old_path == $new_path)
@ -302,13 +351,12 @@ function rename_folder($old_path, $name, $ftp = null, $config = null)
 			return $ftp->rename("/".$old_path, "/".$new_path);
 		}
 	}else{
-		if (file_exists($old_path))
+		if (file_exists($old_path) && is_dir($old_path) && !isUploadDir($old_path, $config))
 		{
 			if (file_exists($new_path) && $old_path == $new_path)
 			{
 				return false;
 			}
 			return rename($old_path, $new_path);
 		}
 	}
@ -420,7 +468,7 @@ function makeSize($size)
 */
 function folder_info($path,$count_hidden=true)
 {
-	global $hidden_folders,$hidden_files;
+	global $config;
 	$total_size = 0;
 	$files = scandir($path);
 	$cleanPath = rtrim($path, '/') . '/';
@ -430,7 +478,7 @@ function folder_info($path,$count_hidden=true)
 	{
 		if ($t != "." && $t != "..")
 		{
-			if ($count_hidden or !(in_array($t,$hidden_folders) or in_array($t,$hidden_files)))
+			if ($count_hidden or !(in_array($t,$config['hidden_folders']) or in_array($t,$config['hidden_files'])))
 			{
 				$currentFile = $cleanPath . $t;
 				if (is_dir($currentFile))
@ -460,7 +508,7 @@ function folder_info($path,$count_hidden=true)
 */
 function filescount($path,$count_hidden=true)
 {
-	global $hidden_folders,$hidden_files;
+	global $config;
 	$total_count = 0;
 	$files = scandir($path);
 	$cleanPath = rtrim($path, '/') . '/';
@ -469,7 +517,7 @@ function filescount($path,$count_hidden=true)
 	{
 		if ($t != "." && $t != "..")
 		{
-			if ($count_hidden or !(in_array($t,$hidden_folders) or in_array($t,$hidden_files)))
+			if ($count_hidden or !(in_array($t,$config['hidden_folders']) or in_array($t,$config['hidden_files'])))
 			{
 				$currentFile = $cleanPath . $t;
 				if (is_dir($currentFile))
@ -496,11 +544,12 @@ function filescount($path,$count_hidden=true)
 */
 function checkresultingsize($sizeAdded)
 {
-	global $MaxSizeTotal,$current_path;
+    global $config;
-	if ($MaxSizeTotal !== false && is_int($MaxSizeTotal)) {
+
-		list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($current_path,false);
+	if ($config['MaxSizeTotal'] !== false && is_int($config['MaxSizeTotal'])) {
 		list($sizeCurrentFolder,$fileCurrentNum,$foldersCurrentCount) = folder_info($config['current_path'],false);
 		// overall size over limit
-		if (($MaxSizeTotal * 1024 * 1024) < ($sizeCurrentFolder + $sizeAdded)) {
+		if (($config['MaxSizeTotal'] * 1024 * 1024) < ($sizeCurrentFolder + $sizeAdded)) {
 			return false;
 		}
 	}
@ -519,21 +568,21 @@ function create_folder($path = null, $path_thumbs = null,$ftp = null,$config = n
 		$ftp->mkdir($path);
 		$ftp->mkdir($path_thumbs);
 	}else{
-		if(file_exists($path)){
+		if(file_exists($path) || file_exists($path_thumbs)){
 			return false;
 		}
 		$oldumask = umask(0);
-		if ($path && !file_exists($path))
+		$permission = 0755;
 		{
 			$permission = $config['folderPermission'];
 		if(isset($config['folderPermission'])){
 			$permission = $config['folderPermission'];
 		}
 		if ($path && !file_exists($path))
 		{
 			mkdir($path, $permission, true);
 		} // or even 01777 so you get the sticky bit set
-		if ($path_thumbs && ! file_exists($path_thumbs))
+		if ($path_thumbs)
 		{
-			mkdir($path_thumbs, $config['folderPermission'], true) or die("$path_thumbs cannot be found");
+			mkdir($path_thumbs, $permission, true) or die("$path_thumbs cannot be found");
 		} // or even 01777 so you get the sticky bit set
 		umask($oldumask);
 		return true;
@ -566,6 +615,34 @@ function check_files_extensions_on_path($path, $ext)
 	}
 }
 /**
 * Check file extension 
 *
 * @param  string  $extension
 * @param  array   $config
 */
 function check_file_extension($extension,$config){
 	$check = false;
 	if (!$config['ext_blacklist']) {
 		if(in_array(mb_strtolower($extension), $conf['ext'])){
 			$check = true;
 		}
    } else {
    	if(!in_array(mb_strtolower($extension), $conf['ext_blacklist'])){
 			$check = true;
 		}
    }
 	if($config['files_without_extension'] && $extension == ''){
 		$check = true;
 	}
 	return $check;
 }
 /**
 * Get file extension present in PHAR file
 *
@ -574,13 +651,13 @@ function check_files_extensions_on_path($path, $ext)
 * @param  string  $basepath
 * @param  string  $ext
 */
-function check_files_extensions_on_phar($phar, &$files, $basepath, $ext)
+function check_files_extensions_on_phar($phar, &$files, $basepath, $config)
 {
 	foreach ($phar as $file)
 	{
 		if ($file->isFile())
 		{
-			if (in_array(mb_strtolower($file->getExtension()), $ext))
+			if (check_file_extension($file->getExtension()))
 			{
 				$files[] = $basepath . $file->getFileName();
 			}
@ -590,7 +667,7 @@ function check_files_extensions_on_phar($phar, &$files, $basepath, $ext)
 			if ($file->isDir())
 			{
 				$iterator = new DirectoryIterator($file);
-				check_files_extensions_on_phar($iterator, $files, $basepath . $file->getFileName() . '/', $ext);
+				check_files_extensions_on_phar($iterator, $files, $basepath . $file->getFileName() . '/', $config);
 			}
 		}
 	}
@ -608,6 +685,38 @@ function fix_get_params($str)
 	return strip_tags(preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str));
 }
 /**
 * Check extension
 *
 * @param  string  $extension
 * @param  array   $config
 *
 * @return bool
 */
 function check_extension($extension,$config){
 	$extension = fix_strtolower($extension);
 	if((!$config['ext_blacklist'] && !in_array($extension, $config['ext'])) || ($config['ext_blacklist'] && in_array($extension, $config['ext_blacklist']))){
 		return false;
 	}
 	return true;
 }
 /**
 * Sanitize filename
 *
 * @param  string  $str
 *
 * @return string
 */
 function sanitize($str)
 {
 	return strip_tags(htmlspecialchars($str));
 }
 /**
 * Cleanup filename
 *
@ -621,6 +730,7 @@ function fix_get_params($str)
 */
 function fix_filename($str, $config, $is_folder = false)
 {
 	$str = sanitize($str);
 	if ($config['convert_spaces'])
 	{
 		$str = str_replace(' ', $config['replace_with'], $str);
@ -650,7 +760,7 @@ function fix_filename($str, $config, $is_folder = false)
 	// Empty or incorrectly transliterated filename.
 	// Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code.
 	// So we add that default 'file' name to fix that issue.
-	if (strpos($str, '.') === 0 && $is_folder === false)
+	if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false)
 	{
 		$str = 'file' . $str;
 	}
@ -762,7 +872,12 @@ function image_check_memory_usage($img, $max_breedte, $max_hoogte)
 		$K64 = 65536; // number of bytes in 64K
 		$memory_usage = memory_get_usage();
 		if(ini_get('memory_limit') > 0 ){
-			$memory_limit = abs(intval(str_replace('M', '', ini_get('memory_limit')) * 1024 * 1024));
+			
 			$mem = ini_get('memory_limit');
 			$memory_limit = 0;
 			if (strpos($mem, 'M') !== false) $memory_limit = abs(intval(str_replace(array('M'), '', $mem) * 1024 * 1024));
 			if (strpos($mem, 'G') !== false) $memory_limit = abs(intval(str_replace(array('G'), '', $mem) * 1024 * 1024 * 1024));
 			$image_properties = getimagesize($img);
 			$image_width = $image_properties[0];
 			$image_height = $image_properties[1];
@ -792,10 +907,12 @@ function image_check_memory_usage($img, $max_breedte, $max_hoogte)
 *
 * @return  bool
 */
 if(!function_exists('ends_with')){
 	function ends_with($haystack, $needle)
 	{
 		return $needle === "" || substr($haystack, -strlen($needle)) === $needle;
 	}
 }
 /**
 * TODO REFACTOR THIS!
@ -1226,4 +1343,3 @@ function AddErrorLocation()
 	}
 	return "";
 }
 ?>
--- a/core/vendor/filemanager/js/include.js
+++ b/core/vendor/filemanager/js/include.js
--- a/core/vendor/filemanager/js/jquery.fileupload-image.js
+++ b/core/vendor/filemanager/js/jquery.fileupload-image.js
@ -136,9 +136,9 @@
            // Disable the resize image functionality by default:
            disableImageResize: true,
            // The maximum width of the preview images:
-            previewMaxWidth: 50,
+            previewMaxWidth: 80,
            // The maximum height of the preview images:
-            previewMaxHeight: 50,
+            previewMaxHeight: 80,
            // Defines the preview orientation (1-8) or takes the orientation
            // value from Exif data if set to true:
            previewOrientation: true,
--- a/core/vendor/filemanager/js/jquery.fileupload.js
+++ b/core/vendor/filemanager/js/jquery.fileupload.js
@ -43,7 +43,7 @@
            '|(Kindle/(1\\.0|2\\.[05]|3\\.0))'
    ).test(window.navigator.userAgent) ||
        // Feature detection for all other devices:
-        $('<input type="file">').prop('disabled'));
+        $('<input type="file"/>').prop('disabled'));
    // The FileReader API is not actually used, but works as feature detection,
    // as some Safari versions (5?) support XHR file uploads via the FormData API,
@ -453,7 +453,7 @@
            }
            if (!multipart || options.blob || !this._isInstanceOf('File', file)) {
                options.headers['Content-Disposition'] = 'attachment; filename="' +
-                    encodeURI(file.name) + '"';
+                    encodeURI(file.uploadName || file.name) + '"';
            }
            if (!multipart) {
                options.contentType = file.type || 'application/octet-stream';
@ -489,7 +489,11 @@
                        });
                    }
                    if (options.blob) {
-                        formData.append(paramName, options.blob, file.name);
+                        formData.append(
                            paramName,
                            options.blob,
                            file.uploadName || file.name
                        );
                    } else {
                        $.each(options.files, function (index, file) {
                            // This check allows the tests to run with
@ -1126,7 +1130,7 @@
                dirReader = entry.createReader();
                readEntries();
            } else {
-                // Return an empy list for file system items
+                // Return an empty list for file system items
                // other than files or directories:
                dfd.resolve([]);
            }
--- a/core/vendor/filemanager/js/modernizr.custom.js
+++ b/core/vendor/filemanager/js/modernizr.custom.js
--- a/core/vendor/filemanager/js/plugins.js
+++ b/core/vendor/filemanager/js/plugins.js
--- a/core/vendor/filemanager/lang/cs.php
+++ b/core/vendor/filemanager/lang/cs.php
@ -3,8 +3,8 @@
 return array(
 	'Select' => 'Vybrat',
-	'Deselect_All' => 'Deselect All',
+	'Deselect_All' => 'Zrušit vše',
-	'Select_All' => 'Select All',
+	'Select_All' => 'Vybrat vše',
 	'Erase' => 'Smazat',
 	'Open' => 'Otevřít',
 	'Confirm_del' => 'Opravdu chcete smazat tento soubor?',
@ -41,30 +41,30 @@ return array(
 	'Text_filter' => 'textový filtr',
 	'Swipe_help' => 'Pro zobrazení možností klikněte na název souboru/složky.',
 	'Upload_base' => 'Základní nahrávání',
-	'Upload_base_help' => "Drag & Drop files(modern browsers) or click in upper button to Add the file(s) and click on Start upload. When the upload is complete, click the 'Return to files list' button.",
+	'Upload_base_help' => "Soubory přetáhněte (pouze moderní prohlížeče) nebo klikněte na horní tlačítko 'Přidat soubor(y)' a poté na tlačítko 'Sputit nahrávání'. Až bude nahrávání dokončeno, klikněte na 'Zpět k seznamu souborů'.",
-	'Upload_add_files' => 'Add file(s)',
+	'Upload_add_files' => 'Přidat soubor(y)',
-	'Upload_start' => 'Start upload',
+	'Upload_start' => 'Sputit nahrávání',
 	'Upload_error_messages' =>array(
-		1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
+		1 => 'Nahrávaný soubor má větší velikost, než co povoluje direktiva upload_max_filesize v php.ini',
-		2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
+		2 => 'Nahrávaný soubor má větší velikost, než co povoluje direktiva MAX_FILE_SIZE uvedená v HTML formuláři',
-		3 => 'The uploaded file was only partially uploaded',
+		3 => 'Soubor byl nahrán pouze z části',
-		4 => 'No file was uploaded',
+		4 => 'Nebyl nahrán žádný soubor',
-		6 => 'Missing a temporary folder',
+		6 => 'Chybí dočasná složka',
-		7 => 'Failed to write file to disk',
+		7 => 'Při zapisování souboru na disk došlo k chybě',
-		8 => 'A PHP extension stopped the file upload',
+		8 => 'Nahrávání souborů zastavilo rozšížení PHP',
-		'post_max_size' => 'The uploaded file exceeds the post_max_size directive in php.ini',
+		'post_max_size' => 'Nahrávaný soubor má větší velikost, než co povoluje direktiva post_max_size v php.ini',
-		'max_file_size' => 'File is too big',
+		'max_file_size' => 'Příliš velký soubor',
-		'min_file_size' => 'File is too small',
+		'min_file_size' => 'Příliš malý soubor',
-		'accept_file_types' => 'Filetype not allowed',
+		'accept_file_types' => 'Není povolen tento typ souboru (přípona)',
-		'max_number_of_files' => 'Maximum number of files exceeded',
+		'max_number_of_files' => 'Překročen maximální počet souborů',
-		'max_width' => 'Image exceeds maximum width',
+		'max_width' => 'Obrázek přesahuje maximální šířku',
-		'min_width' => 'Image requires a minimum width',
+		'min_width' => 'Obrázek vyžaduje minimální šířku',
-		'max_height' => 'Image exceeds maximum height',
+		'max_height' => 'Obrázek přesahuje maximální výšku',
-		'min_height' => 'Image requires a minimum height',
+		'min_height' => 'Obrázek vyžaduje minimální výšku',
-		'abort' => 'File upload aborted',
+		'abort' => 'Nahrávání souboru bylo přerušeno',
-		'image_resize' => 'Failed to resize image'
+		'image_resize' => 'Nepodařilo se změnit velikost obrázku'
 	),
-	'Upload_url' => 'From url',
+	'Upload_url' => 'Z url adresy',
 	'Type_dir' => 'složka',
 	'Type' => 'Typ',
 	'Dimension' => 'Rozměr',
--- a/core/vendor/filemanager/lang/de.php
+++ b/core/vendor/filemanager/lang/de.php
@ -3,8 +3,8 @@
 return array(
    'Select' => 'Ausw&auml;hlen',
-	'Deselect_All' => 'Deselect All',
+    'Deselect_All' => 'Alle abw&auml;hlen',
-	'Select_All' => 'Select All',
+    'Select_All' => 'Alle anw&auml;hlen',
    'Erase' => 'L&ouml;schen',
    'Open' => '&Ouml;ffnen',
    'Confirm_del' => 'Sind Sie sicher das Sie die Datei l&ouml;schen wollen?',
--- a/core/vendor/filemanager/lang/hu_HU.php
+++ b/core/vendor/filemanager/lang/hu_HU.php
@ -3,13 +3,13 @@
 return array(
 	'Select' => 'Tallózás',
-	'Deselect_All' => 'Deselect All',
+	'Deselect_All' => 'Kijelölés törlése',
-	'Select_All' => 'Select All',
+	'Select_All' => 'Összes kijelölése',
 	'Erase' => 'Törlés',
 	'Open' => 'Megnyitás',
-	'Confirm_del' => 'Biztos vagy benne, hogy törlöd ezt a fájlt?',
+	'Confirm_del' => 'Biztosan törlöd ezt a fájlt?',
 	'All' => 'Összes',
-	'Files' => 'Fájlok',
+	'Files' => 'fájl',
 	'Images' => 'Képek',
 	'Archives' => 'Tömörített',
 	'Error_Upload' => 'A kiválasztott fájl mérete túl nagy!',
@ -21,7 +21,7 @@ return array(
 	'New_Folder' => 'Új mappa',
 	'Folder_Created' => 'Mappa létrehozva',
 	'Existing_Folder' => 'Mappa már létezik',
-	'Confirm_Folder_del' => 'Biztos, hogy törlöd a könyvtárat és annak tartalmát?',
+	'Confirm_Folder_del' => 'Biztosan törlöd a könyvtárat és annak tartalmát?',
 	'Return_Files_List' => 'Vissza a fájllistához',
 	'Preview' => 'Előnézet',
 	'Download' => 'Letöltés',
@ -40,10 +40,10 @@ return array(
 	'Empty_name' => 'A név nincs megadva',
 	'Text_filter' => 'szűrés',
 	'Swipe_help' => 'Húzd az egered a fájl/mappa nevére, hogy lásd az opciókat.',
-	'Upload_base' => 'Alapértelmezett feltöltő',
+	'Upload_base' => 'Féltöltés a számítógépről',
-	'Upload_base_help' => "Drag & Drop files(modern browsers) or click in upper button to Add the file(s) and click on Start upload. When the upload is complete, click the 'Return to files list' button.",
+	'Upload_base_help' => "Húzza ide a feltölteni kívánt fájlokat, vagy kattintson a 'Fájl(ok) hozzáadása gombra. Ha kiválasztotta a fájlokat kattintson a 'Feltöltés indítása' gomba. Miután elkészült a feltöltés kattintson a fenti 'Vissza a fájllistához' gombra.",
-	'Upload_add_files' => 'Add file(s)',
+	'Upload_add_files' => 'Fájl(ok) hozzáadása',
-	'Upload_start' => 'Start upload',
+	'Upload_start' => 'Feltöltés elindítása',
 	'Upload_error_messages' =>array(
 		1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
 		2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
@ -53,18 +53,18 @@ return array(
 		7 => 'Failed to write file to disk',
 		8 => 'A PHP extension stopped the file upload',
 		'post_max_size' => 'The uploaded file exceeds the post_max_size directive in php.ini',
-		'max_file_size' => 'File is too big',
+		'max_file_size' => 'A fájl mérete túl nagy!',
-		'min_file_size' => 'File is too small',
+		'min_file_size' => 'A fájl mérete túl kicsi!',
 		'accept_file_types' => 'Filetype not allowed',
 		'max_number_of_files' => 'Maximum number of files exceeded',
-		'max_width' => 'Image exceeds maximum width',
+		'max_width' => 'A kép mérete elérte a maximális szélességet!',
-		'min_width' => 'Image requires a minimum width',
+		'min_width' => 'A kép mérete nem éri el a minimális szélességet!',
-		'max_height' => 'Image exceeds maximum height',
+		'max_height' => 'A kép mérete elérte a maximális magasságot!',
-		'min_height' => 'Image requires a minimum height',
+		'min_height' => 'A kép mérete nem éri el a minimális magasságot!',
 		'abort' => 'File upload aborted',
-		'image_resize' => 'Failed to resize image'
+		'image_resize' => 'A kép átméretézése sikertelen!'
 	),
-	'Upload_url' => 'From url',
+	'Upload_url' => 'Feltöltés URL-ről',
 	'Type_dir' => 'Mappa',
 	'Type' => 'Típus',
 	'Dimension' => 'Felbontás',
@ -75,13 +75,13 @@ return array(
 	'Date_type' => 'y-m-d',
 	'OK' => 'OK',
 	'Cancel' => 'Mégse',
-	'Sorting' => 'rendezés',
+	'Sorting' => 'Rendezés',
-	'Show_url' => 'URL mutatása',
+	'Show_url' => 'URL megjelenítése',
-	'Extract' => 'kibontás ide',
+	'Extract' => 'Kibontás ide',
-	'File_info' => 'fájl info',
+	'File_info' => 'Fájl info',
-	'Edit_image' => 'kép szerkesztése',
+	'Edit_image' => 'Kép szerkesztése',
 	'Duplicate' => 'Klónozás',
-	'Folders' => 'Mappák',
+	'Folders' => 'mappa',
 	'Copy' => 'Másolás',
 	'Cut' => 'Kivágás',
 	'Paste' => 'Beillesztés',
@ -90,7 +90,7 @@ return array(
 	'Paste_Confirm' => 'Biztos vagy benne, hogy ebbe a mappába szeretnéd beilleszteni a fájlokat? A létező fájlok/mappák felül lesznek írva.',
 	'Paste_Failed' => 'A beillesztés sikertelen!',
 	'Clear_Clipboard' => 'Vágólap törlése',
-	'Clear_Clipboard_Confirm' => 'Biztos törlöd a vágólap tartalmát?',
+	'Clear_Clipboard_Confirm' => 'Biztosan törlöd a vágólap tartalmát?',
 	'Files_ON_Clipboard' => 'Fájlok találhatóak a vágólapon.',
 	'Copy_Cut_Size_Limit' => 'A kiválasztott fájlok/mappák túl nagyok a %shoz. Limit: %d MB/művelet', // %s = cut or copy
 	'Copy_Cut_Count_Limit' => 'Túl sok fájlt választottál ki a %shoz. Limit: %d fájl/művelet', // %s = cut or copy
--- a/core/vendor/filemanager/lang/languages.php
+++ b/core/vendor/filemanager/lang/languages.php
@ -32,6 +32,7 @@ return array(
 	'sk' => 'Slovenčina',
 	'sl' => 'Slovenski jezik',
 	'sv_SE' => 'Svenska',
    'th_TH' => 'ไทย',
 	'tr_TR' => 'Türkçe',
 	'uk_UA' => 'Yкраїнська мова',
 	'vi' => 'Tiếng Việt',
--- a/core/vendor/filemanager/lang/nl.php
+++ b/core/vendor/filemanager/lang/nl.php
@ -42,30 +42,30 @@ return array(
 	'Text_filter' => 'Zoeken...',
 	'Swipe_help' => 'Swipe over de naam van een bestand of map om opties te zien',
 	'Upload_base' => 'Standaard uploader',
-	'Upload_base_help' => "Drag & Drop files(modern browsers) or click in upper button to Add the file(s) and click on Start upload. When the upload is complete, click the 'Return to files list' button.",
+	'Upload_base_help' => "Drag & Drop bestanden (moderne browsers) of klik op de bovenste knop om het bestand (en) toe te voegen en klik op Begin uploaden. Wanneer het uploaden is voltooid, klikt u op de knop 'Terug naar bestanden'.",
-	'Upload_add_files' => 'Add file(s)',
+	'Upload_add_files' => 'Voeg bestanden toe',
-	'Upload_start' => 'Start upload',
+	'Upload_start' => 'Begin uploaden',
 	'Upload_error_messages' =>array(
-		1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
+        1 => 'Bestandsgrootte is te groot.',
-		2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
+        2 => 'Bestandsgrootte is te groot.',
-		3 => 'The uploaded file was only partially uploaded',
+        3 => 'Bestand is slechts gedeeltelijk geupload.',
-		4 => 'No file was uploaded',
+        4 => 'Het bestand is niet uploaded.',
-		6 => 'Missing a temporary folder',
+        6 => 'Er ontbreekt een folder.',
-		7 => 'Failed to write file to disk',
+        7 => 'Kan bestand niet wegschrijven.',
-		8 => 'A PHP extension stopped the file upload',
+        8 => 'Een extentie heeft het uploaden gestopt.',
-		'post_max_size' => 'The uploaded file exceeds the post_max_size directive in php.ini',
+        'post_max_size' => 'Bestandsgrootte is te groot.',
-		'max_file_size' => 'File is too big',
+        'max_file_size' => 'Bestandsgrootte is te groot.',
-		'min_file_size' => 'File is too small',
+        'min_file_size' => 'Bestandsgrootte is te klein.',
-		'accept_file_types' => 'Filetype not allowed',
+        'accept_file_types' => 'Bestandstype niet ondersteund.',
-		'max_number_of_files' => 'Maximum number of files exceeded',
+        'max_number_of_files' => 'Maximum aantal bestanden bereikt.',
-		'max_width' => 'Image exceeds maximum width',
+        'max_width' => 'Afbeelding te breed.',
-		'min_width' => 'Image requires a minimum width',
+        'min_width' => 'Afbeelding niet breed genoeg.',
-		'max_height' => 'Image exceeds maximum height',
+        'max_height' => 'Afbeelding te hoog.',
-		'min_height' => 'Image requires a minimum height',
+        'min_height' => 'Afbeelding niet hoog genoeg.',
-		'abort' => 'File upload aborted',
+        'abort' => 'Uploaden onderbroken.',
-		'image_resize' => 'Failed to resize image'
+        'image_resize' => 'Resizen is mislukt.'
 	),
-	'Upload_url' => 'From url',
+	'Upload_url' => 'Van url',
 	'Type_dir' => 'map',
 	'Type' => 'Type',
 	'Dimension' => 'Afmetingen',
@ -119,7 +119,7 @@ return array(
 	'File_Save_Error' => "Er is een fout opgetreden tijdens het opslaan van het bestand.",
 	'No_Extension' => 'Je moet een bestands-extensie toevoegen.',
 	'Valid_Extensions' => 'Geldige extensies: %s', // %s = txt,log etc.
-	'Upload_message' => "Drop file here to upload",
+	'Upload_message' => "Sleep hier bestanden om te uploaden",
 	'SERVER ERROR' => "SERVER ERROR",
 	'forbiden' => "Forbiden",
--- a/core/vendor/filemanager/lang/th_TH.php
+++ b/core/vendor/filemanager/lang/th_TH.php
@ -49,9 +49,9 @@ return array(
    'Swipe_help' => 'Swipe the name of file/folder to show options',
    'Upload_base' => 'อัพโหลดแบบธรรมดา',
    'Upload_url' => 'อัพโหลดจาก URL',
-    'Upload_base_help' => "Drag & Drop files(modern browsers) or click in upper button to Add the file(s) and click on Start upload. When the upload is complete, click the 'Return to files list' button.",
+    'Upload_base_help' => "สามารถอัพโหลดไฟล์แบบลากวางได้ หรือคลิกที่ปุ่มด้านบนเพื่อเพิ่มไฟล์และคลิกอัพโหลด เมื่อการอัปโหลดเสร็จสมบูรณ์คลิกปุ่ม \"กลับสู่หน้ารายการ\"",
-    'Upload_add_files' => 'Add file(s)',
+    'Upload_add_files' => 'เลือกไฟล์ (สามารเลือกได้หลายไฟล์)',
-    'Upload_start' => 'Start upload',
+    'Upload_start' => 'อัพโหลด',
    'Upload_error_messages' =>array(
        1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
        2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
@ -72,7 +72,7 @@ return array(
        'abort' => 'File upload aborted',
        'image_resize' => 'Failed to resize image'
    ),
-    'Upload_url' => 'From url',
+    'Upload_url' => 'อัพโหลดจาก url',
    'Type_dir' => 'dir',
    'Type' => 'ชนิด',
    'Dimension' => 'Dimension',
@ -94,10 +94,10 @@ return array(
    'Cut' => 'ตัด',
    'Paste' => 'วาง',
    'CB' => 'CB', // clipboard
-    'Paste_Here' => 'Paste to this directory',
+    'Paste_Here' => 'วางในโพลเดอร์นี้',
    'Paste_Confirm' => 'Are you sure you want to paste to this directory? This will overwrite existing files/folders if encountered any.',
    'Paste_Failed' => 'Failed to paste file(s)',
-    'Clear_Clipboard' => 'Clear clipboard',
+    'Clear_Clipboard' => 'ลบที่ก็อปปี้ไว้',
    'Clear_Clipboard_Confirm' => 'Are you sure you want to clear the clipboard?',
    'Files_ON_Clipboard' => 'There are files on the clipboard.',
    'Copy_Cut_Size_Limit' => 'The selected files/folders are too big to %1$s. Limit: %2$d MB/operation', // %1$s = cut or copy, %2$d = max size
--- a/core/vendor/filemanager/plugin.min.js
+++ b/core/vendor/filemanager/plugin.min.js
@ -1 +1,99 @@
-tinymce.PluginManager.add("filemanager",function(e){function n(t){0===e.settings.external_filemanager_path.toLowerCase().indexOf(t.origin.toLowerCase())&&"responsivefilemanager"===t.data.sender&&(tinymce.activeEditor.windowManager.getParams().setUrl(t.data.url),tinymce.activeEditor.windowManager.close(),window.removeEventListener?window.removeEventListener("message",n,!1):window.detachEvent("onmessage",n))}function t(t,i,a,s){var r=window.innerWidth-30,g=window.innerHeight-60;if(r>1800&&(r=1800),g>1200&&(g=1200),r>600){var d=(r-20)%138;r=r-d+10}urltype=2,"image"==a&&(urltype=1),"media"==a&&(urltype=3);var o="RESPONSIVE FileManager";"undefined"!=typeof e.settings.filemanager_title&&e.settings.filemanager_title&&(o=e.settings.filemanager_title);var l="key";"undefined"!=typeof e.settings.filemanager_access_key&&e.settings.filemanager_access_key&&(l=e.settings.filemanager_access_key);var f="";"undefined"!=typeof e.settings.filemanager_sort_by&&e.settings.filemanager_sort_by&&(f="&sort_by="+e.settings.filemanager_sort_by);var m=0;"undefined"!=typeof e.settings.filemanager_descending&&e.settings.filemanager_descending&&(m=e.settings.filemanager_descending);var c="";"undefined"!=typeof e.settings.filemanager_subfolder&&e.settings.filemanager_subfolder&&(c="&fldr="+e.settings.filemanager_subfolder);var v="";"undefined"!=typeof e.settings.filemanager_crossdomain&&e.settings.filemanager_crossdomain&&(v="&crossdomain=1",window.addEventListener?window.addEventListener("message",n,!1):window.attachEvent("onmessage",n)),tinymce.activeEditor.windowManager.open({title:o,file:e.settings.external_filemanager_path+"dialog.php?type="+urltype+"&descending="+m+f+c+v+"&lang="+e.settings.language+"&akey="+l,width:r,height:g,resizable:!0,maximizable:!0,inline:1},{setUrl:function(n){var i=s.document.getElementById(t);if(i.value=e.convertURL(n),"createEvent"in document){var a=document.createEvent("HTMLEvents");a.initEvent("change",!1,!0),i.dispatchEvent(a)}else i.fireEvent("onchange")}})}return e.settings.file_browser_callback=t,!1});
+/**
 * plugin.js
 *
 * Copyright, Alberto Peripolli
 * Released under Creative Commons Attribution-NonCommercial 3.0 Unported License.
 *
 * Contributing: https://github.com/trippo/ResponsiveFilemanager
 */
 tinymce.PluginManager.add('filemanager', function(editor) {
 	editor.settings.file_browser_callback = filemanager;
 	function filemanager_onMessage(event){
 		if(editor.settings.external_filemanager_path.toLowerCase().indexOf(event.origin.toLowerCase()) === 0){
 			if(event.data.sender === 'responsivefilemanager'){
 				tinymce.activeEditor.windowManager.getParams().setUrl(event.data.url);
 				tinymce.activeEditor.windowManager.close();
 				// Remove event listener for a message from ResponsiveFilemanager
 				if(window.removeEventListener){
 					window.removeEventListener('message', filemanager_onMessage, false);
 				} else {
 					window.detachEvent('onmessage', filemanager_onMessage);
 				}
 			}
 		}
 	}
 	function filemanager (id, value, type, win) {
 		var width = window.innerWidth-30;
 		var height = window.innerHeight-60;
 		if(width > 1800) width=1800;
 		if(height > 1200) height=1200;
 		if(width>600){
 			var width_reduce = (width - 20) % 138;
 			width = width - width_reduce + 10;
 		}
 		// DEFAULT AS FILE
 		urltype=2;
 		if (type=='image') { urltype=1; }
 		if (type=='media') { urltype=3; }
 		var title="RESPONSIVE FileManager";
 		if (typeof editor.settings.filemanager_title !== "undefined" && editor.settings.filemanager_title) {
 			title=editor.settings.filemanager_title;
 		}
 		var akey="key";
 		if (typeof editor.settings.filemanager_access_key !== "undefined" && editor.settings.filemanager_access_key) {
 			akey=editor.settings.filemanager_access_key;
 		}
 		var sort_by="";
 		if (typeof editor.settings.filemanager_sort_by !== "undefined" && editor.settings.filemanager_sort_by) {
 			sort_by="&sort_by="+editor.settings.filemanager_sort_by;
 		}
 		var descending=0;
 		if (typeof editor.settings.filemanager_descending !== "undefined" && editor.settings.filemanager_descending) {
 			descending=editor.settings.filemanager_descending;
 		}
 		var fldr="";
 		if (typeof editor.settings.filemanager_subfolder !== "undefined" && editor.settings.filemanager_subfolder) {
 			fldr="&fldr="+editor.settings.filemanager_subfolder;
 		}
 		var crossdomain="";
 		if (typeof editor.settings.filemanager_crossdomain !== "undefined" && editor.settings.filemanager_crossdomain) {
 			crossdomain="&crossdomain=1";
 			// Add handler for a message from ResponsiveFilemanager
 			if(window.addEventListener){
 				window.addEventListener('message', filemanager_onMessage, false);
 			} else {
 				window.attachEvent('onmessage', filemanager_onMessage);
 			}
 		}
 		tinymce.activeEditor.windowManager.open({
 			title: title,
 			file: editor.settings.external_filemanager_path+'dialog.php?type='+urltype+'&descending='+descending+sort_by+fldr+crossdomain+'&lang='+editor.settings.language+'&akey='+akey,
 			width: width,
 			height: height,
 			resizable: true,
 			maximizable: true,
 			inline: 1
 			}, {
 			setUrl: function (url) {
 				var fieldElm = win.document.getElementById(id);
 				fieldElm.value = editor.convertURL(url);
 				if ("createEvent" in document) {
 					var evt = document.createEvent("HTMLEvents");
 					evt.initEvent("change", false, true);
 					fieldElm.dispatchEvent(evt)
 				} else {
 					fieldElm.fireEvent("onchange")
 				}
 			}
 		});
 	};
 	return false;
 });
--- a/core/vendor/filemanager/upload.php
+++ b/core/vendor/filemanager/upload.php
@ -1,4 +1,5 @@
 <?php
 try {
    if (!isset($config)) {
        $config = include 'config/config.php';
@ -6,24 +7,23 @@ try{
    include 'include/utils.php';
-	if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
+    if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
 	{
        response(trans('forbiden') . AddErrorLocation(), 403)->send();
        exit;
    }
    include 'include/mime_type_lib.php';
    $ftp = ftp_con($config);
    if ($ftp) {
        $source_base = $config['ftp_base_folder'] . $config['upload_dir'];
        $thumb_base = $config['ftp_base_folder'] . $config['ftp_thumbs_dir'];
    } else {
        $source_base = $config['current_path'];
        $thumb_base = $config['thumbs_base_path'];
    }
    if (isset($_POST["fldr"])) {
        $_POST['fldr'] = str_replace('undefined', '', $_POST['fldr']);
        $storeFolder = $source_base . $_POST["fldr"];
@ -34,30 +34,26 @@ try{
    $fldr = rawurldecode(trim(strip_tags($_POST['fldr']), "/") . "/");
-	if (strpos($fldr,'../') !== FALSE
+    if (!checkRelativePath($fldr)) {
-		|| strpos($fldr,'./') !== FALSE
+        response(trans('wrong path').AddErrorLocation())->send();
 		|| strpos($fldr,'..\\') !== FALSE
 		|| strpos($fldr,'.\\') !== FALSE )
 	{
 		response(trans('wrong path'.AddErrorLocation()))->send();
        exit;
    }
    $path = $storeFolder;
-	$cycle = TRUE;
+    $cycle = true;
    $max_cycles = 50;
    $i = 0;
    //GET config
-	while ($cycle && $i < $max_cycles)
+    while ($cycle && $i < $max_cycles) {
 	{
        $i++;
-		if ($path == $config['current_path']) $cycle = FALSE;
+        if ($path == $config['current_path']) {
-		if (file_exists($path."config.php"))
+            $cycle = false;
-		{
+        }
        if (file_exists($path . "config.php")) {
            $configTemp = include $path . 'config.php';
            $config = array_merge($config, $configTemp);
            //TODO switch to array
-			$cycle = FALSE;
+            $cycle = false;
        }
        $path = fix_dirname($path) . '/';
    }
@ -68,13 +64,23 @@ try{
        $messages = trans("Upload_error_messages");
    }
-	if(isset($_POST['url'])){
+    // make sure the length is limited to avoid DOS attacks
    if (isset($_POST['url']) && strlen($_POST['url']) < 2000) {
        $url = $_POST['url'];
        $urlPattern = '/^(https?:\/\/)?([\da-z\.-]+\.[a-z\.]{2,6}|[\d\.]+)([\/?=&#]{1}[\da-z\.-]+)*[\/\?]?$/i';
        if (preg_match($urlPattern, $url)) {
            $temp = tempnam('/tmp', 'RF');
-		$ch = curl_init($_POST['url']);
+
            $ch = curl_init($url);
            $fp = fopen($temp, 'wb');
            curl_setopt($ch, CURLOPT_FILE, $fp);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_exec($ch);
            if (curl_errno($ch)) {
                curl_close($ch);
                throw new Exception('Invalid URL');
            }
            curl_close($ch);
            fclose($fp);
@ -84,7 +90,11 @@ try{
                'size' => array(filesize($temp)),
                'type' => null
            );
        } else {
            throw new Exception('Is not a valid URL.');
        }
    }
    if ($config['mime_extension_rename']) {
        $info = pathinfo($_FILES['files']['name'][0]);
@ -95,7 +105,6 @@ try{
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            $mime_type = finfo_file($finfo, $_FILES['files']['tmp_name'][0]);
        } else {
 			include 'include/mime_type_lib.php';
            $mime_type = get_file_mime_type($_FILES['files']['tmp_name'][0]);
        }
        $extension = get_extension_from_mime($mime_type);
@ -109,13 +118,18 @@ try{
    }
    $_FILES['files']['name'][0] = fix_filename($filename, $config);
    // LowerCase
-	if ($config['lower_case'])
+    if ($config['lower_case']) {
 	{
        $_FILES['files']['name'][0] = fix_strtolower($_FILES['files']['name'][0]);
    }
    if (!checkresultingsize($_FILES['files']['size'][0])) {
-		$upload_handler->response['files'][0]->error = sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation();
+    	if ( !isset($upload_handler->response['files'][0]) ) {
            // Avoid " Warning: Creating default object from empty value ... "
            $upload_handler->response['files'][0] = new stdClass();
        }
        $upload_handler->response['files'][0]->error = sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation();
        echo json_encode($upload_handler->response);
        exit();
    }
@ -134,10 +148,15 @@ try{
    );
    if (!$config['ext_blacklist']) {
        $uploadConfig['accept_file_types'] = '/\.(' . implode('|', $config['ext']) . ')$/i';
-	}else{
+        if($config['files_without_extension']){
-		$uploadConfig['accept_file_types'] = '/\.(?!('.implode('|',$config['ext_blacklist']).')$)/i';
+        	$uploadConfig['accept_file_types'] = '/((\.(' . implode('|', $config['ext']) . ')$)|(^[^.]+$))$/i';
        }
    } else {
        $uploadConfig['accept_file_types'] = '/\.(?!' . implode('|', $config['ext_blacklist']) . '$)/i';
        if($config['files_without_extension']){
        	$uploadConfig['accept_file_types'] = '/((\.(?!' . implode('|', $config['ext_blacklist']) . '$))|(^[^.]+$))/i';
        }
    }
    if ($ftp) {
        if (!is_dir($config['ftp_temp_folder'])) {
@ -150,9 +169,9 @@ try{
    }
    $upload_handler = new UploadHandler($uploadConfig, true, $messages);
 } catch (Exception $e) {
    $return = array();
    if ($_FILES['files']) {
        foreach ($_FILES['files']['name'] as $i => $name) {
            $return[] = array(
                'name' => $name,
@ -161,6 +180,10 @@ try{
                'type' => $_FILES['files']['type'][$i]
            );
        }
        echo json_encode(array("files" => $return));
        return;
    }
    echo json_encode(array("error" =>$e->getMessage()));
 }