send();
exit;
}
$languages = include 'lang/languages.php';
if (isset($_SESSION['RF']['language']) && file_exists('lang/' . basename($_SESSION['RF']['language']) . '.php')) {
if (array_key_exists($_SESSION['RF']['language'], $languages)) {
include 'lang/' . basename($_SESSION['RF']['language']) . '.php';
} else {
response(trans('Lang_Not_Found').AddErrorLocation())->send();
exit;
}
} else {
response(trans('Lang_Not_Found').AddErrorLocation())->send();
exit;
}
//check $_GET['file']
if (isset($_GET['file']) && !checkRelativePath($_GET['file'])) {
response(trans('wrong path').AddErrorLocation())->send();
exit;
}
//check $_POST['file']
if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) {
response(trans('wrong path').AddErrorLocation())->send();
exit;
}
$ftp = ftp_con($config);
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'new_file_form':
echo trans('Filename') . ':
';
break;
case 'view':
if (isset($_GET['type'])) {
$_SESSION['RF']["view_type"] = $_GET['type'];
} else {
response(trans('view type number missing').AddErrorLocation())->send();
exit;
}
break;
case 'filter':
if (isset($_GET['type'])) {
if (isset($config['remember_text_filter']) && $config['remember_text_filter']) {
$_SESSION['RF']["filter"] = $_GET['type'];
}
} else {
response(trans('view type number missing').AddErrorLocation())->send();
exit;
}
break;
case 'sort':
if (isset($_GET['sort_by'])) {
$_SESSION['RF']["sort_by"] = $_GET['sort_by'];
}
if (isset($_GET['descending']))
{
$_SESSION['RF']["descending"] = $_GET['descending'];
}
break;
case 'save_img':
break;
$info = pathinfo($_POST['name']);
$image_data = $_POST['url'];
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
$image_data = substr($image_data, strpos($image_data, ',') + 1);
$type = strtolower($type[1]); // jpg, png, gif
$image_data = base64_decode($image_data);
if ($image_data === false) {
response(trans('TUI_Decode_Failed').AddErrorLocation())->send();
exit;
}
} else {
response(trans('').AddErrorLocation())->send();
exit;
}
if ($image_data === false) {
response(trans('').AddErrorLocation())->send();
exit;
}
if (!checkresultingsize(strlen($image_data))) {
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
exit;
}
if ($ftp) {
$temp = tempnam('/tmp', 'RF');
unlink($temp);
$temp .=".".substr(strrchr($_POST['url'], '.'), 1);
file_put_contents($temp, $image_data);
$ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
create_img($temp, $temp, 122, 91);
$ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
unlink($temp);
} else {
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
// TODO something with this function cause its blowing my mind
new_thumbnails_creation(
$config['current_path'].$_POST['path'],
$config['current_path'].$_POST['path'].$_POST['name'],
$_POST['name'],
$config['current_path'],
$config
);
}
break;
case 'extract':
if (!$config['extract_files']) {
response(trans('wrong action').AddErrorLocation())->send();
}
if ($ftp) {
$path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path'];
$base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/";
} else {
$path = $config['current_path'] . $_POST['path'];
$base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/";
}
$info = pathinfo($path);
if ($ftp) {
$tempDir = tempdir();
$temp = tempnam($tempDir, 'RF');
unlink($temp);
$temp .= "." . $info['extension'];
$handle = fopen($temp, "w");
fwrite($handle, file_get_contents($path));
fclose($handle);
$path = $temp;
$base_folder = $tempDir . "/";
}
$info = pathinfo($path);
switch ($info['extension']) {
case "zip":
$zip = new ZipArchive;
if ($zip->open($path) === true) {
//get total size
$sizeTotalFinal = 0;
for ($i = 0; $i < $zip->numFiles; $i++) {
$aStat = $zip->statIndex($i);
$sizeTotalFinal += $aStat['size'];
}
if (!checkresultingsize($sizeTotalFinal)) {
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
exit;
}
//make all the folders and unzip into the folders
for ($i = 0; $i < $zip->numFiles; $i++) {
$FullFileName = $zip->statIndex($i);
if (checkRelativePath($FullFileName['name'])) {
if (substr($FullFileName['name'], -1, 1) == "/") {
create_folder($base_folder . $FullFileName['name']);
}
if (! (substr($FullFileName['name'], -1, 1) == "/")) {
$fileinfo = pathinfo($FullFileName['name']);
if (in_array(strtolower($fileinfo['extension']), $config['ext'])) {
copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']);
}
}
}
}
$zip->close();
} else {
response(trans('Zip_No_Extract').AddErrorLocation())->send();
exit;
}
break;
case "gz":
// No resulting size pre-control available
$p = new PharData($path);
$p->decompress(); // creates files.tar
break;
case "tar":
// No resulting size pre-control available
// unarchive from the tar
$phar = new PharData($path);
$phar->decompressFiles();
$files = array();
check_files_extensions_on_phar($phar, $files, '', $config);
$phar->extractTo($base_folder, $files, true);
break;
default:
response(trans('Zip_Invalid').AddErrorLocation())->send();
exit;
}
if ($ftp) {
unlink($path);
$ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY);
deleteDir($base_folder);
}
break;
case 'media_preview':
if(isset($_GET['file'])){
$_GET['file'] = sanitize($_GET['file']);
}
if(isset($_GET['title'])){
$_GET['title'] = sanitize($_GET['title']);
}
if($ftp){
$preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
}else{
$preview_file = $config['current_path'] . $_GET["file"];
}
$info = pathinfo($preview_file);
ob_start();
?>
Update Required
To play the media you will need to either update your browser to a recent version or update your
Flash plugin.
send();
exit;
break;
case 'copy_cut':
if ($_POST['sub_action'] != 'copy' && $_POST['sub_action'] != 'cut') {
response(trans('wrong sub-action').AddErrorLocation())->send();
exit;
}
if (trim($_POST['path']) == '') {
response(trans('no path').AddErrorLocation())->send();
exit;
}
$msg_sub_action = ($_POST['sub_action'] == 'copy' ? trans('Copy') : trans('Cut'));
$path = $config['current_path'] . $_POST['path'];
if (is_dir($path)) {
// can't copy/cut dirs
if ($config['copy_cut_dirs'] === false) {
response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')).AddErrorLocation())->send();
exit;
}
list($sizeFolderToCopy, $fileNum, $foldersCount) = folder_info($path, false);
// size over limit
if ($config['copy_cut_max_size'] !== false && is_int($config['copy_cut_max_size'])) {
if (($config['copy_cut_max_size'] * 1024 * 1024) < $sizeFolderToCopy) {
response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']).AddErrorLocation())->send();
exit;
}
}
// file count over limit
if ($config['copy_cut_max_count'] !== false && is_int($config['copy_cut_max_count'])) {
if ($config['copy_cut_max_count'] < $fileNum) {
response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']).AddErrorLocation())->send();
exit;
}
}
if (!checkresultingsize($sizeFolderToCopy)) {
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
exit;
}
} else {
// can't copy/cut files
if ($config['copy_cut_files'] === false) {
response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')).AddErrorLocation())->send();
exit;
}
}
$_SESSION['RF']['clipboard']['path'] = $_POST['path'];
$_SESSION['RF']['clipboard_action'] = $_POST['sub_action'];
break;
case 'clear_clipboard':
$_SESSION['RF']['clipboard'] = null;
$_SESSION['RF']['clipboard_action'] = null;
break;
case 'chmod':
if ($ftp) {
$path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path'];
if (
($_POST['folder']==1 && $config['chmod_dirs'] === false)
|| ($_POST['folder']==0 && $config['chmod_files'] === false)
|| (is_function_callable("chmod") === false)) {
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
exit;
}
$info = $_POST['permissions'];
} else {
$path = $config['current_path'] . $_POST['path'];
if (
(is_dir($path) && $config['chmod_dirs'] === false)
|| (is_file($path) && $config['chmod_files'] === false)
|| (is_function_callable("chmod") === false)) {
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
exit;
}
$perms = fileperms($path) & 0777;
$info = '-';
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x') :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x') :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x') :
(($perms & 0x0200) ? 'T' : '-'));
}
$ret = '';
response($ret)->send();
exit;
break;
case 'get_lang':
if (! file_exists('lang/languages.php')) {
response(trans('Lang_Not_Found').AddErrorLocation())->send();
exit;
}
$languages = include 'lang/languages.php';
if (! isset($languages) || ! is_array($languages)) {
response(trans('Lang_Not_Found').AddErrorLocation())->send();
exit;
}
$curr = $_SESSION['RF']['language'];
$ret = '';
response($ret)->send();
exit;
break;
case 'change_lang':
$choosen_lang = (!empty($_POST['choosen_lang']))? $_POST['choosen_lang']:"en_EN";
if (array_key_exists($choosen_lang, $languages)) {
if (! file_exists('lang/' . $choosen_lang . '.php')) {
response(trans('Lang_Not_Found').AddErrorLocation())->send();
exit;
} else {
$_SESSION['RF']['language'] = $choosen_lang;
}
}
break;
case 'cad_preview':
if ($ftp) {
$selected_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'];
} else {
$selected_file = $config['current_path'] . $_GET['file'];
if (! file_exists($selected_file)) {
response(trans('File_Not_Found').AddErrorLocation())->send();
exit;
}
}
if ($ftp) {
$url_file = $selected_file;
} else {
$url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]);
}
$cad_url = urlencode($url_file);
$cad_html = "";
$ret = $cad_html;
response($ret)->send();
break;
case 'get_file': // preview or edit
$sub_action = $_GET['sub_action'];
$preview_mode = $_GET["preview_mode"];
if ($sub_action != 'preview' && $sub_action != 'edit') {
response(trans('wrong action').AddErrorLocation())->send();
exit;
}
if ($ftp) {
$selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']);
} else {
$selected_file = ($sub_action == 'preview' ? $config['current_path'] . $_GET['file'] : $config['current_path'] . $_POST['path']);
if (! file_exists($selected_file)) {
response(trans('File_Not_Found').AddErrorLocation())->send();
exit;
}
}
$info = pathinfo($selected_file);
if ($preview_mode == 'text') {
$is_allowed = ($sub_action == 'preview' ? $config['preview_text_files'] : $config['edit_text_files']);
$allowed_file_exts = ($sub_action == 'preview' ? $config['previewable_text_file_exts'] : $config['editable_text_file_exts']);
} elseif ($preview_mode == 'google') {
$is_allowed = $config['googledoc_enabled'];
$allowed_file_exts = $config['googledoc_file_exts'];
}
if (! isset($allowed_file_exts) || ! is_array($allowed_file_exts)) {
$allowed_file_exts = array();
}
if (!isset($info['extension'])) {
$info['extension']='';
}
if (! in_array($info['extension'], $allowed_file_exts)
|| ! isset($is_allowed)
|| $is_allowed === false
|| (!$ftp && ! is_readable($selected_file))
) {
response(sprintf(trans('File_Open_Edit_Not_Allowed'), ($sub_action == 'preview' ? strtolower(trans('Open')) : strtolower(trans('Edit')))).AddErrorLocation())->send();
exit;
}
if ($sub_action == 'preview') {
if ($preview_mode == 'text') {
// get and sanities
$data = file_get_contents($selected_file);
$data = htmlspecialchars(htmlspecialchars_decode($data));
$ret = '';
$ret .= '';
$ret .= ''.$data.'
';
} elseif ($preview_mode == 'google') {
if ($ftp) {
$url_file = $selected_file;
} else {
$url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]);
}
$googledoc_url = urlencode($url_file);
$ret = "";
}
}else{
$data = stripslashes(htmlspecialchars(file_get_contents($selected_file)));
if(in_array($info['extension'],array('html','html'))){
$ret = '';
}else{
$ret = '';
}
}
response($ret)->send();
exit;
break;
default:
response(trans('no action passed').AddErrorLocation())->send();
exit;
}
} else {
response(trans('no action passed').AddErrorLocation())->send();
exit;
}