From 6b48a3f22116d1b4c564319930336548de4bd459 Mon Sep 17 00:00:00 2001 From: Prasath Mani Date: Wed, 13 Dec 2017 13:53:51 +0530 Subject: [PATCH] Added Html encode --- tinyfilemanager.php | 64 ++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 30f44f5..265354b 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -236,10 +236,10 @@ if (isset($_GET['del']) && !FM_READONLY) { $is_dir = is_dir($path . '/' . $del); if (fm_rdelete($path . '/' . $del)) { $msg = $is_dir ? 'Folder %s deleted' : 'File %s deleted'; - fm_set_msg(sprintf($msg, $del)); + fm_set_msg(sprintf($msg, fm_enc($del))); } else { $msg = $is_dir ? 'Folder %s not deleted' : 'File %s not deleted'; - fm_set_msg(sprintf($msg, $del), 'error'); + fm_set_msg(sprintf($msg, fm_enc($del)), 'error'); } } else { fm_set_msg('Wrong file or folder name', 'error'); @@ -261,17 +261,17 @@ if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) { if($_GET['type']=="file") { if(!file_exists($path . '/' . $new)) { @fopen($path . '/' . $new, 'w') or die('Cannot open file: '.$new); - fm_set_msg(sprintf('File %s created', $new)); + fm_set_msg(sprintf('File %s created', fm_enc($new))); } else { - fm_set_msg(sprintf('File %s already exists', $new), 'alert'); + fm_set_msg(sprintf('File %s already exists', fm_enc($new)), 'alert'); } } else { if (fm_mkdir($path . '/' . $new, false) === true) { fm_set_msg(sprintf('Folder %s created', $new)); } elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) { - fm_set_msg(sprintf('Folder %s already exists', $new), 'alert'); + fm_set_msg(sprintf('Folder %s already exists', fm_enc($new)), 'alert'); } else { - fm_set_msg(sprintf('Folder %s not created', $new), 'error'); + fm_set_msg(sprintf('Folder %s not created', fm_enc($new)), 'error'); } } } else { @@ -306,17 +306,17 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { if ($move) { $rename = fm_rename($from, $dest); if ($rename) { - fm_set_msg(sprintf('Moved from %s to %s', $copy, $msg_from)); + fm_set_msg(sprintf('Moved from %s to %s', fm_enc($copy), fm_enc($msg_from))); } elseif ($rename === null) { fm_set_msg('File or folder with this path already exists', 'alert'); } else { - fm_set_msg(sprintf('Error while moving from %s to %s', $copy, $msg_from), 'error'); + fm_set_msg(sprintf('Error while moving from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } else { if (fm_rcopy($from, $dest)) { - fm_set_msg(sprintf('Copyied from %s to %s', $copy, $msg_from)); + fm_set_msg(sprintf('Copyied from %s to %s', fm_enc($copy), fm_enc($msg_from))); } else { - fm_set_msg(sprintf('Error while copying from %s to %s', $copy, $msg_from), 'error'); + fm_set_msg(sprintf('Error while copying from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } } else { @@ -404,9 +404,9 @@ if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) { // rename if ($old != '' && $new != '') { if (fm_rename($path . '/' . $old, $path . '/' . $new)) { - fm_set_msg(sprintf('Renamed from %s to %s', $old, $new)); + fm_set_msg(sprintf('Renamed from %s to %s', fm_enc($old), fm_enc($new))); } else { - fm_set_msg(sprintf('Error while renaming from %s to %s', $old, $new), 'error'); + fm_set_msg(sprintf('Error while renaming from %s to %s', fm_enc($old), fm_enc($new)), 'error'); } } else { fm_set_msg('Names not set', 'error'); @@ -468,7 +468,7 @@ if (isset($_POST['upl']) && !FM_READONLY) { } if ($errors == 0 && $uploads > 0) { - fm_set_msg(sprintf('All files uploaded to %s', $path)); + fm_set_msg(sprintf('All files uploaded to %s', fm_enc($path))); } elseif ($errors == 0 && $uploads == 0) { fm_set_msg('Nothing uploaded', 'alert'); } else { @@ -535,7 +535,7 @@ if (isset($_POST['group'], $_POST['zip']) && !FM_READONLY) { $res = $zipper->create($zipname, $files); if ($res) { - fm_set_msg(sprintf('Archive %s created', $zipname)); + fm_set_msg(sprintf('Archive %s created', fm_enc($zipname))); } else { fm_set_msg('Archive not created', 'error'); } @@ -692,7 +692,7 @@ if (isset($_GET['upload']) && !FM_READONLY) { ?>

Uploading files

-

Destination folder:

+

Destination folder:

@@ -735,7 +735,7 @@ if (isset($_POST['copy']) && !FM_READONLY) { } ?>

Files: , ', $copy_files) ?>

-

Source folder:
+

Source folder:
/

@@ -766,8 +766,8 @@ if (isset($_GET['copy']) && !isset($_GET['finish']) && !FM_READONLY) {

Copying

- Source path:
- Destination folder: + Source path:
+ Destination folder:

Copy   @@ -845,9 +845,9 @@ if (isset($_GET['view'])) { ?>

-

""

+

""

- Full path:
+ Full path:
File size: = 1000): ?> ()
MIME-type:

Download   - Open   + Open   '; foreach ($filenames as $fn) { if ($fn['folder']) { - echo '' . $fn['name'] . '
'; + echo '' . fm_enc($fn['name']) . '
'; } else { echo $fn['name'] . ' (' . fm_get_filesize($fn['filesize']) . ')
'; } @@ -930,14 +930,14 @@ if (isset($_GET['view'])) { } elseif ($is_image) { // Image content if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico'))) { - echo '

'; + echo '

'; } } elseif ($is_audio) { // Audio content - echo '

'; + echo '

'; } elseif ($is_video) { // Video content - echo '
'; + echo '
'; } elseif ($is_text) { if (FM_USE_HIGHLIGHTJS) { // highlight @@ -1020,10 +1020,10 @@ if (isset($_GET['edit'])) { Advanced Editor - + Plain Editor - +
@@ -1172,7 +1172,7 @@ foreach ($folders as $f) { - + -
' . readlink($path . '/' . $f) . '' : '') ?>
+
' . readlink($path . '/' . $f) . '' : '') ?>
- + @@ -1210,7 +1210,7 @@ foreach ($files as $f) { - + " . fm_convert_win($exploded[$i]) . ""; + $array[] = "" . fm_enc(fm_convert_win($exploded[$i])) . ""; } $root_url .= $sep . implode($sep, $array); }