mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-17 21:31:29 +02:00
Code Issues Releases Wiki Activity

fixed some bugs which were found during a comprehensive test; ready to merge into master

Browse Source
This commit is contained in:
Marco Dickert
2017-07-07 16:47:44 +02:00
parent 8123af6a68
commit cd42a2c72e
5 changed files with 48 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
build/ifmlib.php
View File

@@ -55,6 +55,7 @@ class IFM {
public $mode = ""; public $mode = "";
public function __construct( $config=array() ) { public function __construct( $config=array() ) {
if( session_status() !== PHP_SESSION_ACTIVE )
session_start(); session_start();
$this->config = array_merge( $this->defaultconfig, $config ); $this->config = array_merge( $this->defaultconfig, $config );
} }
@@ -422,7 +423,7 @@ function IFM( params ) {
icon: "icon icon-pencil", icon: "icon icon-pencil",
title: "edit" title: "edit"
}); });
else if( self.config.extract && item.name.toLowerCase().substr(-4) == ".zip" )
item.button.push({ item.button.push({
action: "extract", action: "extract",
icon: "icon icon-archive", icon: "icon icon-archive",
@@ -1750,6 +1751,10 @@ function IFM( params ) {
// creates a directory // creates a directory
private function createDir($w, $dn) { private function createDir($w, $dn) {
if( $this->config['createDir'] != 1 ) {
echo json_encode( array( "status" => "ERROR", "message" => "No permission to create directories.") );
exit( 1 );
}
if( $dn == "" ) { if( $dn == "" ) {
echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") ); echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") );
} elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) ); } elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
@@ -1764,7 +1769,11 @@ function IFM( params ) {
} }
// save a file // save a file
private function saveFile(array $d) { private function saveFile( $d ) {
if( ( file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['edit'] != 1 ) || ( ! file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['createfile'] != 1 ) ) {
echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit/create this file." ) );
exit( 1 );
}
if( isset( $d['filename'] ) && $d['filename'] != "" ) { if( isset( $d['filename'] ) && $d['filename'] != "" ) {
// if you are not allowed to see .ht-docs you can't save one // if you are not allowed to see .ht-docs you can't save one
if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) { if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) {
@@ -1798,7 +1807,7 @@ function IFM( params ) {
// gets the content of a file // gets the content of a file
// notice: if the content is not JSON encodable it returns an error // notice: if the content is not JSON encodable it returns an error
private function getContent( array $d ) { private function getContent( array $d ) {
if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to edit files" ) ); if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit files." ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
if( file_exists( $d['filename'] ) ) { if( file_exists( $d['filename'] ) ) {
@@ -1836,7 +1845,7 @@ function IFM( params ) {
// deletes a bunch of files or directories // deletes a bunch of files or directories
private function deleteMultipleFiles( array $d ) { private function deleteMultipleFiles( array $d ) {
if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete multiple files" ) ); if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete files" ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
$err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted $err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted
@@ -2486,8 +2495,8 @@ f00bar;
{{linkname}} {{linkname}}
</a> </a>
</td> </td>
{{#config.download}}
<td> <td>
{{#download.allowed}}
<form id="d_{{guid}}"> <form id="d_{{guid}}">
<input type="hidden" name="dir" value="{{download.currentDir}}"> <input type="hidden" name="dir" value="{{download.currentDir}}">
<input type="hidden" name="filename" value="{{download.name}}"> <input type="hidden" name="filename" value="{{download.name}}">
@@ -2496,8 +2505,8 @@ f00bar;
<a tabindex="0" name="start_download" data-guid="{{guid}}"> <a tabindex="0" name="start_download" data-guid="{{guid}}">
<span class="{{download.icon}}"></span> <span class="{{download.icon}}"></span>
</a> </a>
{{/download.allowed}}
</td> </td>
{{/config.download}}
{{#config.showlastmodified}} {{#config.showlastmodified}}
<td>{{lastmodified}}</td> <td>{{lastmodified}}</td>
{{/config.showlastmodified}} {{/config.showlastmodified}}

21
ifm.php
View File

@@ -55,6 +55,7 @@ class IFM {
public $mode = ""; public $mode = "";
public function __construct( $config=array() ) { public function __construct( $config=array() ) {
if( session_status() !== PHP_SESSION_ACTIVE )
session_start(); session_start();
$this->config = array_merge( $this->defaultconfig, $config ); $this->config = array_merge( $this->defaultconfig, $config );
} }
@@ -422,7 +423,7 @@ function IFM( params ) {
icon: "icon icon-pencil", icon: "icon icon-pencil",
title: "edit" title: "edit"
}); });
else if( self.config.extract && item.name.toLowerCase().substr(-4) == ".zip" )
item.button.push({ item.button.push({
action: "extract", action: "extract",
icon: "icon icon-archive", icon: "icon icon-archive",
@@ -1750,6 +1751,10 @@ function IFM( params ) {
// creates a directory // creates a directory
private function createDir($w, $dn) { private function createDir($w, $dn) {
if( $this->config['createDir'] != 1 ) {
echo json_encode( array( "status" => "ERROR", "message" => "No permission to create directories.") );
exit( 1 );
}
if( $dn == "" ) { if( $dn == "" ) {
echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") ); echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") );
} elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) ); } elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
@@ -1764,7 +1769,11 @@ function IFM( params ) {
} }
// save a file // save a file
private function saveFile(array $d) { private function saveFile( $d ) {
if( ( file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['edit'] != 1 ) || ( ! file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['createfile'] != 1 ) ) {
echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit/create this file." ) );
exit( 1 );
}
if( isset( $d['filename'] ) && $d['filename'] != "" ) { if( isset( $d['filename'] ) && $d['filename'] != "" ) {
// if you are not allowed to see .ht-docs you can't save one // if you are not allowed to see .ht-docs you can't save one
if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) { if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) {
@@ -1798,7 +1807,7 @@ function IFM( params ) {
// gets the content of a file // gets the content of a file
// notice: if the content is not JSON encodable it returns an error // notice: if the content is not JSON encodable it returns an error
private function getContent( array $d ) { private function getContent( array $d ) {
if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to edit files" ) ); if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit files." ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
if( file_exists( $d['filename'] ) ) { if( file_exists( $d['filename'] ) ) {
@@ -1836,7 +1845,7 @@ function IFM( params ) {
// deletes a bunch of files or directories // deletes a bunch of files or directories
private function deleteMultipleFiles( array $d ) { private function deleteMultipleFiles( array $d ) {
if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete multiple files" ) ); if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete files" ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
$err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted $err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted
@@ -2486,8 +2495,8 @@ f00bar;
{{linkname}} {{linkname}}
</a> </a>
</td> </td>
{{#config.download}}
<td> <td>
{{#download.allowed}}
<form id="d_{{guid}}"> <form id="d_{{guid}}">
<input type="hidden" name="dir" value="{{download.currentDir}}"> <input type="hidden" name="dir" value="{{download.currentDir}}">
<input type="hidden" name="filename" value="{{download.name}}"> <input type="hidden" name="filename" value="{{download.name}}">
@@ -2496,8 +2505,8 @@ f00bar;
<a tabindex="0" name="start_download" data-guid="{{guid}}"> <a tabindex="0" name="start_download" data-guid="{{guid}}">
<span class="{{download.icon}}"></span> <span class="{{download.icon}}"></span>
</a> </a>
{{/download.allowed}}
</td> </td>
{{/config.download}}
{{#config.showlastmodified}} {{#config.showlastmodified}}
<td>{{lastmodified}}</td> <td>{{lastmodified}}</td>
{{/config.showlastmodified}} {{/config.showlastmodified}}

2
src/ifm.js
View File

@@ -111,7 +111,7 @@ function IFM( params ) {
icon: "icon icon-pencil", icon: "icon icon-pencil",
title: "edit" title: "edit"
}); });
else if( self.config.extract && item.name.toLowerCase().substr(-4) == ".zip" )
item.button.push({ item.button.push({
action: "extract", action: "extract",
icon: "icon icon-archive", icon: "icon icon-archive",

15
src/main.php
View File

@@ -55,6 +55,7 @@ class IFM {
public $mode = ""; public $mode = "";
public function __construct( $config=array() ) { public function __construct( $config=array() ) {
if( session_status() !== PHP_SESSION_ACTIVE )
session_start(); session_start();
$this->config = array_merge( $this->defaultconfig, $config ); $this->config = array_merge( $this->defaultconfig, $config );
} }
@@ -306,6 +307,10 @@ class IFM {
// creates a directory // creates a directory
private function createDir($w, $dn) { private function createDir($w, $dn) {
if( $this->config['createDir'] != 1 ) {
echo json_encode( array( "status" => "ERROR", "message" => "No permission to create directories.") );
exit( 1 );
}
if( $dn == "" ) { if( $dn == "" ) {
echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") ); echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") );
} elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) ); } elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
@@ -320,7 +325,11 @@ class IFM {
} }
// save a file // save a file
private function saveFile(array $d) { private function saveFile( $d ) {
if( ( file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['edit'] != 1 ) || ( ! file_exists( $this->pathCombine( $d['dir'], $d['filename'] ) ) && $this->config['createfile'] != 1 ) ) {
echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit/create this file." ) );
exit( 1 );
}
if( isset( $d['filename'] ) && $d['filename'] != "" ) { if( isset( $d['filename'] ) && $d['filename'] != "" ) {
// if you are not allowed to see .ht-docs you can't save one // if you are not allowed to see .ht-docs you can't save one
if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) { if( $this->config['showhtdocs'] != 1 && substr( $d['filename'], 0, 3 ) == ".ht" ) {
@@ -354,7 +363,7 @@ class IFM {
// gets the content of a file // gets the content of a file
// notice: if the content is not JSON encodable it returns an error // notice: if the content is not JSON encodable it returns an error
private function getContent( array $d ) { private function getContent( array $d ) {
if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to edit files" ) ); if( $this->config['edit'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "You are not allowed to edit files." ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
if( file_exists( $d['filename'] ) ) { if( file_exists( $d['filename'] ) ) {
@@ -392,7 +401,7 @@ class IFM {
// deletes a bunch of files or directories // deletes a bunch of files or directories
private function deleteMultipleFiles( array $d ) { private function deleteMultipleFiles( array $d ) {
if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete multiple files" ) ); if( $this->config['delete'] != 1 ) echo json_encode( array( "status" => "ERROR", "message" => "No permission to delete files" ) );
else { else {
$this->chDirIfNecessary( $d['dir'] ); $this->chDirIfNecessary( $d['dir'] );
$err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted $err = array(); $errFLAG = -1; // -1 -> no files deleted; 0 -> at least some files deleted; 1 -> all files deleted

4
src/templates/filetable.html
View File

@@ -7,8 +7,8 @@
{{linkname}} {{linkname}}
</a> </a>
</td> </td>
{{#config.download}}
<td> <td>
{{#download.allowed}}
<form id="d_{{guid}}"> <form id="d_{{guid}}">
<input type="hidden" name="dir" value="{{download.currentDir}}"> <input type="hidden" name="dir" value="{{download.currentDir}}">
<input type="hidden" name="filename" value="{{download.name}}"> <input type="hidden" name="filename" value="{{download.name}}">
@@ -17,8 +17,8 @@
<a tabindex="0" name="start_download" data-guid="{{guid}}"> <a tabindex="0" name="start_download" data-guid="{{guid}}">
<span class="{{download.icon}}"></span> <span class="{{download.icon}}"></span>
</a> </a>
{{/download.allowed}}
</td> </td>
{{/config.download}}
{{#config.showlastmodified}} {{#config.showlastmodified}}
<td>{{lastmodified}}</td> <td>{{lastmodified}}</td>
{{/config.showlastmodified}} {{/config.showlastmodified}}