mirror of
https://github.com/misterunknown/ifm.git
synced 2025-08-14 03:53:59 +02:00
Several fixes:
* Fixes bug with zipnload, when try to download the current directory (filename '.') * Fixes security flaw with zipnload: Don't include hidden or .ht* files if its forbidden in the config * Sane coding style for ifmarchive.php; adjusting the remaining code is TODO Signed-off-by: Marco Dickert <marco@misterunknown.de>
This commit is contained in:
Marco Dickert
117
build/libifm.php
117
build/libifm.php
@@ -3905,13 +3905,13 @@ f00bar;
|
|||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
||||||
elseif (!$this->isPathValid($d['filename']))
|
elseif (!$this->isPathValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
||||||
elseif (!$this->isFilenameValid($d['filename']))
|
elseif ($d['filename'] != "." && !$this->isFilenameValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
||||||
else {
|
else {
|
||||||
unset( $zip );
|
unset( $zip );
|
||||||
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
||||||
try {
|
try {
|
||||||
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
|
IFMArchive::createZip(realpath($d['filename']), $dfile, array($this, 'isFilenameValid'));
|
||||||
if( $d['filename'] == "." ) {
|
if( $d['filename'] == "." ) {
|
||||||
if( getcwd() == $this->getScriptRoot() )
|
if( getcwd() == $this->getScriptRoot() )
|
||||||
$d['filename'] = "root";
|
$d['filename'] = "root";
|
||||||
@@ -4340,7 +4340,7 @@ f00bar;
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check if filename is allowed
|
// check if filename is allowed
|
||||||
private function isFilenameValid( $f ) {
|
public function isFilenameValid( $f ) {
|
||||||
if( ! $this->isFilenameAllowed( $f ) )
|
if( ! $this->isFilenameAllowed( $f ) )
|
||||||
return false;
|
return false;
|
||||||
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
||||||
@@ -4440,44 +4440,53 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Add a folder to an archive
|
* Add a folder to an archive
|
||||||
*/
|
*/
|
||||||
private static function addFolder( &$archive, $folder, $offset=0 ) {
|
private static function addFolder(&$archive, $folder, $offset=0, $exclude_callback=null) {
|
||||||
if( $offset == 0 )
|
if ($offset == 0)
|
||||||
$offset = strlen( dirname( $folder ) ) + 1;
|
$offset = strlen(dirname($folder)) + 1;
|
||||||
$archive->addEmptyDir( substr( $folder, $offset ) );
|
$archive->addEmptyDir(substr($folder, $offset));
|
||||||
$handle = opendir( $folder );
|
$handle = opendir($folder);
|
||||||
while( false !== $f = readdir( $handle ) ) {
|
while (false !== $f = readdir($handle)) {
|
||||||
if( $f != '.' && $f != '..' ) {
|
if ($f != '.' && $f != '..') {
|
||||||
$filePath = $folder . '/' . $f;
|
$filePath = $folder . '/' . $f;
|
||||||
if( file_exists( $filePath ) && is_readable( $filePath ) )
|
if (file_exists($filePath) && is_readable($filePath))
|
||||||
if( is_file( $filePath ) )
|
if (is_file($filePath))
|
||||||
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
if (!is_callable($exclude_callback) || $exclude_callback($f))
|
||||||
elseif( is_dir( $filePath ) )
|
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
||||||
self::addFolder( $archive, $filePath, $offset );
|
elseif (is_dir($filePath))
|
||||||
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder($archive, $filePath, $offset, $exclude_callback);
|
||||||
|
else
|
||||||
|
self::addFolder($archive, $filePath, $offset);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
closedir( $handle );
|
closedir($handle);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a zip file
|
* Create a zip file
|
||||||
*/
|
*/
|
||||||
public static function createZip( $src, $out )
|
public static function createZip($src, $out, $exclude_callback=null) {
|
||||||
{
|
|
||||||
$a = new ZipArchive();
|
$a = new ZipArchive();
|
||||||
$a->open( $out, ZIPARCHIVE::CREATE);
|
$a->open($out, ZIPARCHIVE::CREATE);
|
||||||
|
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
file_put_contents("debug.ifm.log", var_export(is_callable($exclude_callback), true)."\n");
|
||||||
if( is_dir( $s ) )
|
|
||||||
self::addFolder( $a, $s );
|
foreach ($src as $s)
|
||||||
elseif( is_file( $s ) )
|
if (is_dir($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) + 1 ) );
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder( $a, $s, null, $exclude_callback );
|
||||||
|
else
|
||||||
|
self::addFolder( $a, $s );
|
||||||
|
elseif (is_file($s))
|
||||||
|
if (!is_callable($exclude_callback) || $exclude_callback($s))
|
||||||
|
$a->addFile($s, substr($s, strlen(dirname($s)) + 1));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return $a->close();
|
return $a->close();
|
||||||
} catch ( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4485,13 +4494,13 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Unzip a zip file
|
* Unzip a zip file
|
||||||
*/
|
*/
|
||||||
public static function extractZip( $file, $destination="./" ) {
|
public static function extractZip($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$zip = new ZipArchive;
|
$zip = new ZipArchive;
|
||||||
$res = $zip->open( $file );
|
$res = $zip->open($file);
|
||||||
if( $res === true ) {
|
if ($res === true) {
|
||||||
$zip->extractTo( $destination );
|
$zip->extractTo($destination);
|
||||||
$zip->close();
|
$zip->close();
|
||||||
return true;
|
return true;
|
||||||
} else
|
} else
|
||||||
@@ -4501,32 +4510,32 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Creates a tar archive
|
* Creates a tar archive
|
||||||
*/
|
*/
|
||||||
public static function createTar( $src, $out, $t ) {
|
public static function createTar($src, $out, $t) {
|
||||||
$tmpf = substr( $out, 0, strlen( $out ) - strlen( $t ) ) . "tar";
|
$tmpf = substr($out, 0, strlen($out) - strlen($t)) . "tar";
|
||||||
$a = new PharData( $tmpf );
|
$a = new PharData($tmpf);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
foreach ($src as $s)
|
||||||
if( is_dir( $s ) )
|
if (is_dir($s))
|
||||||
self::addFolder( $a, $s );
|
self::addFolder($a, $s);
|
||||||
elseif( is_file( $s ) )
|
elseif (is_file($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) +1 ) );
|
$a->addFile($s, substr($s, strlen(dirname($s)) +1));
|
||||||
switch( $t ) {
|
switch ($t) {
|
||||||
case "tar.gz":
|
case "tar.gz":
|
||||||
$a->compress( Phar::GZ );
|
$a->compress(Phar::GZ);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
case "tar.bz2":
|
case "tar.bz2":
|
||||||
$a->compress( Phar::BZ2 );
|
$a->compress(Phar::BZ2);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4534,14 +4543,14 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Extracts a tar archive
|
* Extracts a tar archive
|
||||||
*/
|
*/
|
||||||
public static function extractTar( $file, $destination="./" ) {
|
public static function extractTar($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$tar = new PharData( $file );
|
$tar = new PharData($file);
|
||||||
try {
|
try {
|
||||||
$tar->extractTo( $destination, null, true );
|
$tar->extractTo($destination, null, true);
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
117
ifm.php
117
ifm.php
@@ -3905,13 +3905,13 @@ f00bar;
|
|||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
||||||
elseif (!$this->isPathValid($d['filename']))
|
elseif (!$this->isPathValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
||||||
elseif (!$this->isFilenameValid($d['filename']))
|
elseif ($d['filename'] != "." && !$this->isFilenameValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
||||||
else {
|
else {
|
||||||
unset( $zip );
|
unset( $zip );
|
||||||
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
||||||
try {
|
try {
|
||||||
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
|
IFMArchive::createZip(realpath($d['filename']), $dfile, array($this, 'isFilenameValid'));
|
||||||
if( $d['filename'] == "." ) {
|
if( $d['filename'] == "." ) {
|
||||||
if( getcwd() == $this->getScriptRoot() )
|
if( getcwd() == $this->getScriptRoot() )
|
||||||
$d['filename'] = "root";
|
$d['filename'] = "root";
|
||||||
@@ -4340,7 +4340,7 @@ f00bar;
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check if filename is allowed
|
// check if filename is allowed
|
||||||
private function isFilenameValid( $f ) {
|
public function isFilenameValid( $f ) {
|
||||||
if( ! $this->isFilenameAllowed( $f ) )
|
if( ! $this->isFilenameAllowed( $f ) )
|
||||||
return false;
|
return false;
|
||||||
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
||||||
@@ -4440,44 +4440,53 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Add a folder to an archive
|
* Add a folder to an archive
|
||||||
*/
|
*/
|
||||||
private static function addFolder( &$archive, $folder, $offset=0 ) {
|
private static function addFolder(&$archive, $folder, $offset=0, $exclude_callback=null) {
|
||||||
if( $offset == 0 )
|
if ($offset == 0)
|
||||||
$offset = strlen( dirname( $folder ) ) + 1;
|
$offset = strlen(dirname($folder)) + 1;
|
||||||
$archive->addEmptyDir( substr( $folder, $offset ) );
|
$archive->addEmptyDir(substr($folder, $offset));
|
||||||
$handle = opendir( $folder );
|
$handle = opendir($folder);
|
||||||
while( false !== $f = readdir( $handle ) ) {
|
while (false !== $f = readdir($handle)) {
|
||||||
if( $f != '.' && $f != '..' ) {
|
if ($f != '.' && $f != '..') {
|
||||||
$filePath = $folder . '/' . $f;
|
$filePath = $folder . '/' . $f;
|
||||||
if( file_exists( $filePath ) && is_readable( $filePath ) )
|
if (file_exists($filePath) && is_readable($filePath))
|
||||||
if( is_file( $filePath ) )
|
if (is_file($filePath))
|
||||||
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
if (!is_callable($exclude_callback) || $exclude_callback($f))
|
||||||
elseif( is_dir( $filePath ) )
|
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
||||||
self::addFolder( $archive, $filePath, $offset );
|
elseif (is_dir($filePath))
|
||||||
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder($archive, $filePath, $offset, $exclude_callback);
|
||||||
|
else
|
||||||
|
self::addFolder($archive, $filePath, $offset);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
closedir( $handle );
|
closedir($handle);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a zip file
|
* Create a zip file
|
||||||
*/
|
*/
|
||||||
public static function createZip( $src, $out )
|
public static function createZip($src, $out, $exclude_callback=null) {
|
||||||
{
|
|
||||||
$a = new ZipArchive();
|
$a = new ZipArchive();
|
||||||
$a->open( $out, ZIPARCHIVE::CREATE);
|
$a->open($out, ZIPARCHIVE::CREATE);
|
||||||
|
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
file_put_contents("debug.ifm.log", var_export(is_callable($exclude_callback), true)."\n");
|
||||||
if( is_dir( $s ) )
|
|
||||||
self::addFolder( $a, $s );
|
foreach ($src as $s)
|
||||||
elseif( is_file( $s ) )
|
if (is_dir($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) + 1 ) );
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder( $a, $s, null, $exclude_callback );
|
||||||
|
else
|
||||||
|
self::addFolder( $a, $s );
|
||||||
|
elseif (is_file($s))
|
||||||
|
if (!is_callable($exclude_callback) || $exclude_callback($s))
|
||||||
|
$a->addFile($s, substr($s, strlen(dirname($s)) + 1));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return $a->close();
|
return $a->close();
|
||||||
} catch ( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4485,13 +4494,13 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Unzip a zip file
|
* Unzip a zip file
|
||||||
*/
|
*/
|
||||||
public static function extractZip( $file, $destination="./" ) {
|
public static function extractZip($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$zip = new ZipArchive;
|
$zip = new ZipArchive;
|
||||||
$res = $zip->open( $file );
|
$res = $zip->open($file);
|
||||||
if( $res === true ) {
|
if ($res === true) {
|
||||||
$zip->extractTo( $destination );
|
$zip->extractTo($destination);
|
||||||
$zip->close();
|
$zip->close();
|
||||||
return true;
|
return true;
|
||||||
} else
|
} else
|
||||||
@@ -4501,32 +4510,32 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Creates a tar archive
|
* Creates a tar archive
|
||||||
*/
|
*/
|
||||||
public static function createTar( $src, $out, $t ) {
|
public static function createTar($src, $out, $t) {
|
||||||
$tmpf = substr( $out, 0, strlen( $out ) - strlen( $t ) ) . "tar";
|
$tmpf = substr($out, 0, strlen($out) - strlen($t)) . "tar";
|
||||||
$a = new PharData( $tmpf );
|
$a = new PharData($tmpf);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
foreach ($src as $s)
|
||||||
if( is_dir( $s ) )
|
if (is_dir($s))
|
||||||
self::addFolder( $a, $s );
|
self::addFolder($a, $s);
|
||||||
elseif( is_file( $s ) )
|
elseif (is_file($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) +1 ) );
|
$a->addFile($s, substr($s, strlen(dirname($s)) +1));
|
||||||
switch( $t ) {
|
switch ($t) {
|
||||||
case "tar.gz":
|
case "tar.gz":
|
||||||
$a->compress( Phar::GZ );
|
$a->compress(Phar::GZ);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
case "tar.bz2":
|
case "tar.bz2":
|
||||||
$a->compress( Phar::BZ2 );
|
$a->compress(Phar::BZ2);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4534,14 +4543,14 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Extracts a tar archive
|
* Extracts a tar archive
|
||||||
*/
|
*/
|
||||||
public static function extractTar( $file, $destination="./" ) {
|
public static function extractTar($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$tar = new PharData( $file );
|
$tar = new PharData($file);
|
||||||
try {
|
try {
|
||||||
$tar->extractTo( $destination, null, true );
|
$tar->extractTo($destination, null, true);
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,44 +23,53 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Add a folder to an archive
|
* Add a folder to an archive
|
||||||
*/
|
*/
|
||||||
private static function addFolder( &$archive, $folder, $offset=0 ) {
|
private static function addFolder(&$archive, $folder, $offset=0, $exclude_callback=null) {
|
||||||
if( $offset == 0 )
|
if ($offset == 0)
|
||||||
$offset = strlen( dirname( $folder ) ) + 1;
|
$offset = strlen(dirname($folder)) + 1;
|
||||||
$archive->addEmptyDir( substr( $folder, $offset ) );
|
$archive->addEmptyDir(substr($folder, $offset));
|
||||||
$handle = opendir( $folder );
|
$handle = opendir($folder);
|
||||||
while( false !== $f = readdir( $handle ) ) {
|
while (false !== $f = readdir($handle)) {
|
||||||
if( $f != '.' && $f != '..' ) {
|
if ($f != '.' && $f != '..') {
|
||||||
$filePath = $folder . '/' . $f;
|
$filePath = $folder . '/' . $f;
|
||||||
if( file_exists( $filePath ) && is_readable( $filePath ) )
|
if (file_exists($filePath) && is_readable($filePath))
|
||||||
if( is_file( $filePath ) )
|
if (is_file($filePath))
|
||||||
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
if (!is_callable($exclude_callback) || $exclude_callback($f))
|
||||||
elseif( is_dir( $filePath ) )
|
$archive->addFile( $filePath, substr( $filePath, $offset ) );
|
||||||
self::addFolder( $archive, $filePath, $offset );
|
elseif (is_dir($filePath))
|
||||||
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder($archive, $filePath, $offset, $exclude_callback);
|
||||||
|
else
|
||||||
|
self::addFolder($archive, $filePath, $offset);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
closedir( $handle );
|
closedir($handle);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a zip file
|
* Create a zip file
|
||||||
*/
|
*/
|
||||||
public static function createZip( $src, $out )
|
public static function createZip($src, $out, $exclude_callback=null) {
|
||||||
{
|
|
||||||
$a = new ZipArchive();
|
$a = new ZipArchive();
|
||||||
$a->open( $out, ZIPARCHIVE::CREATE);
|
$a->open($out, ZIPARCHIVE::CREATE);
|
||||||
|
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
file_put_contents("debug.ifm.log", var_export(is_callable($exclude_callback), true)."\n");
|
||||||
if( is_dir( $s ) )
|
|
||||||
self::addFolder( $a, $s );
|
foreach ($src as $s)
|
||||||
elseif( is_file( $s ) )
|
if (is_dir($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) + 1 ) );
|
if (is_callable($exclude_callback))
|
||||||
|
self::addFolder( $a, $s, null, $exclude_callback );
|
||||||
|
else
|
||||||
|
self::addFolder( $a, $s );
|
||||||
|
elseif (is_file($s))
|
||||||
|
if (!is_callable($exclude_callback) || $exclude_callback($s))
|
||||||
|
$a->addFile($s, substr($s, strlen(dirname($s)) + 1));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return $a->close();
|
return $a->close();
|
||||||
} catch ( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -68,13 +77,13 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Unzip a zip file
|
* Unzip a zip file
|
||||||
*/
|
*/
|
||||||
public static function extractZip( $file, $destination="./" ) {
|
public static function extractZip($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$zip = new ZipArchive;
|
$zip = new ZipArchive;
|
||||||
$res = $zip->open( $file );
|
$res = $zip->open($file);
|
||||||
if( $res === true ) {
|
if ($res === true) {
|
||||||
$zip->extractTo( $destination );
|
$zip->extractTo($destination);
|
||||||
$zip->close();
|
$zip->close();
|
||||||
return true;
|
return true;
|
||||||
} else
|
} else
|
||||||
@@ -84,32 +93,32 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Creates a tar archive
|
* Creates a tar archive
|
||||||
*/
|
*/
|
||||||
public static function createTar( $src, $out, $t ) {
|
public static function createTar($src, $out, $t) {
|
||||||
$tmpf = substr( $out, 0, strlen( $out ) - strlen( $t ) ) . "tar";
|
$tmpf = substr($out, 0, strlen($out) - strlen($t)) . "tar";
|
||||||
$a = new PharData( $tmpf );
|
$a = new PharData($tmpf);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if( ! is_array( $src ) )
|
if (!is_array($src))
|
||||||
$src = array( $src );
|
$src = array($src);
|
||||||
|
|
||||||
foreach( $src as $s )
|
foreach ($src as $s)
|
||||||
if( is_dir( $s ) )
|
if (is_dir($s))
|
||||||
self::addFolder( $a, $s );
|
self::addFolder($a, $s);
|
||||||
elseif( is_file( $s ) )
|
elseif (is_file($s))
|
||||||
$a->addFile( $s, substr( $s, strlen( dirname( $s ) ) +1 ) );
|
$a->addFile($s, substr($s, strlen(dirname($s)) +1));
|
||||||
switch( $t ) {
|
switch ($t) {
|
||||||
case "tar.gz":
|
case "tar.gz":
|
||||||
$a->compress( Phar::GZ );
|
$a->compress(Phar::GZ);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
case "tar.bz2":
|
case "tar.bz2":
|
||||||
$a->compress( Phar::BZ2 );
|
$a->compress(Phar::BZ2);
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
@unlink( $tmpf );
|
@unlink($tmpf);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -117,14 +126,14 @@ class IFMArchive {
|
|||||||
/**
|
/**
|
||||||
* Extracts a tar archive
|
* Extracts a tar archive
|
||||||
*/
|
*/
|
||||||
public static function extractTar( $file, $destination="./" ) {
|
public static function extractTar($file, $destination="./") {
|
||||||
if( ! file_exists( $file ) )
|
if (!file_exists($file))
|
||||||
return false;
|
return false;
|
||||||
$tar = new PharData( $file );
|
$tar = new PharData($file);
|
||||||
try {
|
try {
|
||||||
$tar->extractTo( $destination, null, true );
|
$tar->extractTo($destination, null, true);
|
||||||
return true;
|
return true;
|
||||||
} catch( Exception $e ) {
|
} catch (Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -829,13 +829,13 @@ f00bar;
|
|||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['folder_not_found'] ) );
|
||||||
elseif (!$this->isPathValid($d['filename']))
|
elseif (!$this->isPathValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_dir'] ) );
|
||||||
elseif (!$this->isFilenameValid($d['filename']))
|
elseif ($d['filename'] != "." && !$this->isFilenameValid($d['filename']))
|
||||||
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
|
||||||
else {
|
else {
|
||||||
unset( $zip );
|
unset( $zip );
|
||||||
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
|
||||||
try {
|
try {
|
||||||
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
|
IFMArchive::createZip(realpath($d['filename']), $dfile, array($this, 'isFilenameValid'));
|
||||||
if( $d['filename'] == "." ) {
|
if( $d['filename'] == "." ) {
|
||||||
if( getcwd() == $this->getScriptRoot() )
|
if( getcwd() == $this->getScriptRoot() )
|
||||||
$d['filename'] = "root";
|
$d['filename'] = "root";
|
||||||
@@ -1264,7 +1264,7 @@ f00bar;
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check if filename is allowed
|
// check if filename is allowed
|
||||||
private function isFilenameValid( $f ) {
|
public function isFilenameValid( $f ) {
|
||||||
if( ! $this->isFilenameAllowed( $f ) )
|
if( ! $this->isFilenameAllowed( $f ) )
|
||||||
return false;
|
return false;
|
||||||
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
if( strtoupper( substr( PHP_OS, 0, 3 ) ) == "WIN" ) {
|
||||||
|
|||||||
Reference in New Issue
Block a user