mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-10 01:56:30 +02:00
Code Issues Releases Wiki Activity

spread the isFilenameValid function

Browse Source
This commit is contained in:
Marco Dickert
2017-07-24 16:59:00 +02:00
parent 60b46079fa
commit ef9b5c940a
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main.php
View File

@@ -377,7 +377,8 @@ f00bar;
}
if( $dn == "" ) {
echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") );
} elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
} elseif( ! $this->isFilenameValid( $dn ) )
echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
else {
$this->chDirIfNecessary( $w );
if( @mkdir( $dn ) ) {
@@ -502,7 +503,7 @@ f00bar;
private function renameFile( array $d ) {
if( $this->config['rename'] != 1 ) {
echo json_encode( array( "status" => "ERROR", "message" => "No permission to rename files" ) );
} elseif( $d['filename'] == ".." ) {
} elseif( ! $this->isFilenameValid( $d['filename'] ) ) {
echo json_encode( array( "status" => "ERROR", "message" => "No valid file name given" ) );
} else {
$this->chDirIfNecessary( $d['dir'] );
@@ -649,8 +650,8 @@ f00bar;
$this->chDirIfNecessary( $d['dir'] );
if( ! file_exists( $d['filename'] ) )
echo json_encode( array( "status" => "ERROR", "message" => "Directory not found" ) );
elseif ( ! $this->allowedFileName( $d['filename'] ) )
echo json_encode( array( "status" => "ERROR", "message" => "Filename not allowed" ) );
elseif ( ! $this->isFilenameValid( $d['filename'] ) )
echo json_encode( array( "status" => "ERROR", "message" => "Filename not valid" ) );
else {
unset( $zip );
$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
@@ -685,8 +686,8 @@ f00bar;
$this->chDirIfNecessary( $d['dir'] );
$ch = curl_init( );
if( $ch ) {
if( $this->allowedFileName( $filename ) == false )
echo json_encode( array( "status" => "ERROR", "message" => "This filename is not allowed due to the config." ) );
if( $this->isFilenameValid( $filename ) == false )
echo json_encode( array( "status" => "ERROR", "message" => "This filename is not valid." ) );
elseif( filter_var( $d['url'], FILTER_VALIDATE_URL ) === false )
echo json_encode( array( "status" => "ERROR", "message" => "The passed URL is not valid" ) );
else {
@@ -989,7 +990,7 @@ f00bar;
}
// check if filename is allowed
private function allowedFileName( $f ) {
private function isFilenameValid( $f ) {
if( $this->config['showhtdocs'] != 1 && substr( $f, 0, 3 ) == ".ht" )
return false;
elseif( $this->config['showhiddenfiles'] != 1 && substr( $f, 0, 1 ) == "." )