diff --git a/tinyfilemanager.php b/tinyfilemanager.php index c5a3e95..400f383 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -97,7 +97,7 @@ $allowed_upload_extensions = ''; $favicon_path = ''; // Files and folders to excluded from listing -// e.g. array('myfile.html', 'personal-folder', '*.php', ...) +// e.g. array('myfile.html', 'personal-folder', '*.php', '/path/to/folder', ...) $exclude_items = array(); // Online office Docs Viewer @@ -1334,7 +1334,7 @@ $objects = is_readable($path) ? scandir($path) : array(); $folders = array(); $files = array(); $current_path = array_slice(explode("/", $path), -1)[0]; -if (is_array($objects) && fm_is_exclude_items($current_path)) { +if (is_array($objects) && fm_is_exclude_items($current_path, $path)) { foreach ($objects as $file) { if ($file == '.' || $file == '..') { continue; @@ -1343,9 +1343,9 @@ if (is_array($objects) && fm_is_exclude_items($current_path)) { continue; } $new_path = $path . '/' . $file; - if (@is_file($new_path) && fm_is_exclude_items($file)) { + if (@is_file($new_path) && fm_is_exclude_items($file, $new_path)) { $files[] = $file; - } elseif (@is_dir($new_path) && $file != '.' && $file != '..' && fm_is_exclude_items($file)) { + } elseif (@is_dir($new_path) && $file != '.' && $file != '..' && fm_is_exclude_items($file, $new_path)) { $folders[] = $file; } } @@ -1712,7 +1712,7 @@ if (isset($_GET['view'])) { $file = $_GET['view']; $file = fm_clean_path($file, false); $file = str_replace('/', '', $file); - if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file)) { + if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file, $path . '/' . $file)) { fm_set_msg(lng('File not found'), 'error'); $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); @@ -1917,7 +1917,7 @@ if (isset($_GET['edit']) && !FM_READONLY) { $file = $_GET['edit']; $file = fm_clean_path($file, false); $file = str_replace('/', '', $file); - if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file)) { + if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file, $path . '/' . $file)) { fm_set_msg(lng('File not found'), 'error'); $FM_PATH = FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH)); @@ -2664,12 +2664,13 @@ function fm_get_display_path($file_path) /** * Check file is in exclude list - * @param string $file + * @param string $name The name of the file/folder + * @param string $path The full path of the file/folder * @return bool */ -function fm_is_exclude_items($file) +function fm_is_exclude_items($name, $path) { - $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); + $ext = strtolower(pathinfo($name, PATHINFO_EXTENSION)); if (isset($exclude_items) and sizeof($exclude_items)) { unset($exclude_items); } @@ -2678,7 +2679,7 @@ function fm_is_exclude_items($file) if (version_compare(PHP_VERSION, '7.0.0', '<')) { $exclude_items = unserialize($exclude_items); } - if (!in_array($file, $exclude_items) && !in_array("*.$ext", $exclude_items)) { + if (!in_array($name, $exclude_items) && !in_array("*.$ext", $exclude_items) && !in_array($path, $exclude_items)) { return true; } return false;