CreateNewItem
Original: “Neue Datei erstellen”
Corrected: “Neues Element erstellen”
UploadingFiles
Original: “Datei hochladen”
Corrected: “Dateien hochladen”
Invalid file or folder name
Original: “Ungältiger Datei- oder Ordnername”
Corrected: “Ungültiger Datei- oder Ordnername”
Operations with archives are not available
Original: “Archiv-Funktionen nicht verfägbar”
Corrected: “Archiv-Funktionen nicht verfügbar”
running envirement: Android 4.4+PHP 7.4.3+ KSWEB
http://192.168.1.2/tinyfilemanager.php, afer login,the main page could not be showed entirely,it just shows half of navigation bar.
that's becuase of
there are two same lines of codes which cause the problem. they are
$owner = posix_getpwuid(fileowner($path . '/' . $f));
when the funciton fileowner($path . '/' . $f) return 0 and run the function posix_getpwuid(....), it trig an error.
please check the codes in line 2156--2168 and 2221--2233
suggest replace these two parts with followed codes:
$owner = array('name' => '?');
$group = array('name' => '?');
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
try{
$owner_id = fileowner($path . '/' . $f);
if($owner_id != 0) {
$owner_info = posix_getpwuid($owner_id);
if ($owner_info) {
$owner = $owner_info;
}
}
$group_id = filegroup($path . '/' . $f);
$group_info = posix_getgrgid($group_id);
if ($group_info) {
$group = $group_info;
}
} catch(Exception $e){
error_log("exception:" . $e->getMessage());
}
}
* Added Additional Delete Link in File Viewer View
I found myself clicking into specific files to see them larger, then wanting to delete them, only to find I had to go back to another screen to delete them.
* Changed Reference to Invalid Variable
* Update tinyfilemanager.php
Now it will show the filename as browser tab title so that user can easily identify which file is opened on which tab.
* Update tinyfilemanager.php
remove lines 3722 and 3734 and add this directly in 3733 as per the suggestion of @ner00
* Update tinyfilemanager.php
extra trailing space removed
micro-optimization: when doing large file copies, this will reduce the number of feof() calls. for example, if copying 100MB, this will save approximately 25,599 feof() calls (255 feof() calls for every MB) - also feofs() may do an actual syscall, and syscalls are relatively expensive/time-consuming.
highlightjs_style variable is being used before config.php gets parsed, so preview style is always vs. This PR fixes that by moving config.php parsing to be before external resource calls.
When logged in it takes to the website's main URL. For example, if I have tfm in www.example.com/tfm/index.php (index.php is tfm) then after logging in it redirects to www.example.com and then have to press back on the browser then it takes to www.example.com/tfm/index.php
* Fixes naming for confirmDailog id, otherwise dialog won't work
* Removes destroying form as browser complains that it can't process request from disconnected form
They were needed before because they changed example config.php so make it workable.
Now we don't have it and running sed against main file just removes a lot of code
and forces data path for directory
* fix bug
if $calc_folder is enabled and there are insufficient permissions for one of the subfolders, then "PHP Fatal error: Uncaught RuntimeException: SplFileInfo::getSize()"
* lng() update
added lng() and delete unesed
* update russia translate
Function added for IP filtering when the filemanager is hosted behind a web proxy.
I've added a function for this to the file, not sure how else to implement it since everything is one file.
Added a global readonly variable that will force readonly mode both when
not using the auth system and for all users if the auth system is being
used.
Co-authored-by: Prasath Mani <prasathmani@users.noreply.github.com>
Its a little html fix- its about 1787 line- the class value it not closed.
```
<button type="button" class="btn btn-sm btn-outline-primary name="Save"
```
changed to:
```
<button type="button" class="btn btn-sm btn-outline-primary" name="Save"
```
When you have a file without content, for example when you cleared you were unable to save it because of an incorrect if-statement. This is the fix for that problem.
fm_get_file_mimes() was causing errors for unknown extensions as it was causing an error as array element was not defined and return value was never checked. According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types and several other resources, application/octet-stream is the default value for all other cases. An unknown file type should use this type. I put a check in there to use that by default so a valid value is always returned.
It might be useful to replace this function with the built-in PHP function mime_content_type() but that adds some additional dependencies as it does not always work out of the box with PHP.
Added in the preferences option to change the light or dark theme,
Now to change the theme will be in the preferences / settings area, along with other settings, and may even have other themes in the future.
Added error checking and message for when file fails to write on the server side. Before this change if a write failed on the server side it would still present the user with a misleading "Saved Successfully" Message.
Eliminates the following PHP warnings when error reporting is turned on:
Notice: A non well formed numeric value encountered in tinyfilemanager.php on line 2443
Notice: A non well formed numeric value encountered in tinyfilemanager.php on line 2444
This happens because PHP floor and round are expecting a (float), not an (int).
* Added optional configuration file loading
* First commit of optional configuration file
This file is OPTIONAL.
If this file is not present in your webserver, tinyfilemanager will works with its internal configuration.
* removed define
define is not a configuration
* Fix the RCE vuln via Upload from URL
This commit attemps to fix the Remote Code Execution
(authenticated) via Upload from URL. Some notes about
the proposed solution:
* A new function (fm_is_file_allowed) has been created to
validate if the filename is allowed. This function gets the
the filename as parameter and returns true if it validates
as allowed. Otherwise returns false (the default).
* It's better to have such validatation(s) in one place
instead of spread all over the code. There are other places in
the application where the filename is validated and they should
all be refactored to call this function. Then we can focus
all needed validations in one place only!
NOTE: This refactoring was not done - the only goal was to fix
this security vulnerability only.
* The fm_is_file_allowed() function validates the filename
based on its extension only. No other validatation(s) have been
implemented in this commit.
* File extensions are assumed to be case-insensitive.
For example, php == PHP == Php == PhP, etc. This is consitent
with some web servers. Without this, the user will have to populate
the $allowed_extensions with all possible allowed combinations.
* Although, there is one drawback to the current solution, which
is that all files must have an extension to be uploaded. This is not
consitent with modern filesystems. Maybe a better solution would be
to automatically append an extension to the filename if no
extension has been found (e.g., .html or .txt which are generally
considered to be harmless). This must be decided by the
application's maintainers.
* Fix the RCE vulns via new/rename file
Sanitize the arguments to stat using escapeshellarg()
Co-authored-by: Jorge Morgado <jorge@morgado.ch>
Setting $hide_Cols=true while having FM_IS_WIN=false will lead to a "Type error" when setting up the dataTable. The desired page is generated, but the Search function does not work, as the dataTable is broken.
With this fix the dataTable is written accordingly, with either FM_IS_WIN or $hide_Cols set or unset.
FastCGI sent in stderr: "PHP message: PHP Warning: Use of undefined constant online_viewer - assumed 'online_viewer' (this will throw an Error in a future version of PHP) in /www/admin/index.php on line 1383
view file is insecure #187
Get files size (recursive) #186
There is no possibility for translation for some hints (title =) #185
View dirSize instead of word "Folder" #184
Document type detection #183
Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180
strings in code #177
Remove tracking #164
* Add Arabic Translation
* add some keywords and handling Fixed keywords [untranslated]
* add new translation words
* improve existing translation words
* Add Simplified Chinese support
And distinguish it from Traditional Chinese.
* Add two fields for translation.
* Add two fields for translation.
* Translated.
Added new Translation JSON file
New languages added - Spanish, German, Thailand and Chinese
Removed languages from tinyfilemanager.php file
Updated IDE languages and themes
- Error report suggestion #77
- Rename allowed based on FM_EXTENSION config
- Tar file support added (create, open and extract tar)
- Upload UI resdesign
- Table header UI Redesign
- Login user name and avatar added
- Broken URL highlight.js #78 and #79
It is a simple, fast and small file manager with single php file. It is also a web code editor. It'll run either online or locally, on Linux, Windows or Mac based platforms. The only requirement is to have PHP 5+ available.
> TinyFileManager is a versatile web-based PHP file manager designed for simplicity and efficiency. This lightweight single-file PHP application can be effortlessly integrated into any server directory, allowing users to store, upload, edit, and manage files and folders directly through their web browser.
With multi-language support and compatibility with PHP 5.5+, TinyFileManager enables the creation of individual user accounts, each with its dedicated directory. The platform also includes built-in functionality for handling text files using the Cloud9 IDE.
Featuring syntax highlighting for over 150 languages and more than 35 themes, TinyFileManager offers a comprehensive solution for file management in an online environment.
<sub>**Caution!** _Avoid utilizing this script as a standard file manager in public spaces. It is imperative to remove this script from the server after completing any tasks._</sub>
## Demo
[Demo](https://tinyfilemanager.github.io/demo/)
## Documentation
Tinyfilemanager is highly documented on the [wiki pages](https://github.com/prasathmani/tinyfilemanager/wiki).
-[Zip extension](http://php.net/manual/en/book.zip.php) for zip and unzip actions.
- Fileinfo, iconv and mbstring extensions are strongly recommended.
-Fileinfo, iconv, zip, tar and mbstring extensions are strongly recommended.
## How to use
Download ZIP with latest version from master branch.
Copy tinyfilemanager.php to your website folder and open it with web browser (e.g. http://yoursite/any_path/tinyfilemanager.php).
Just copy the tinyfilemanager.php to your webspace - thats all :)
You can also change the file name from "tinyfilemanager.php" to something else, you know what i meant for.
Default username/password: admin/admin and user/12345.
Default username/password: **admin/admin@123** and **user/12345**.
Warning: Please set your own username and password in $auth_users before use.
:warning: Warning: Please set your own username and password in `$auth_users` before use. password is encrypted with <code>password_hash()</code>. to generate new password hash [here](https://tinyfilemanager.github.io/docs/pwd.html)
To enable/disable authentication set $use_auth to true or false.
To enable/disable authentication set `$use_auth` to true or false.
### Supported constants:
:information_source: Add your own configuration file [config.php](https://tinyfilemanager.github.io/config-sample.txt) in the same folder to use as additional configuration file.
-`FM_ROOT_PATH` - default is `$_SERVER['DOCUMENT_ROOT']`
-`FM_ROOT_URL` - default is `'http(s)://site.domain/'`
-`FM_SELF_URL` - default is `'http(s)://site.domain/' . $_SERVER['PHP_SELF']`
-`FM_ICONV_INPUT_ENC` - default is `'CP1251'`
-`FM_USE_HIGHLIGHTJS` - default is `true`
-`FM_HIGHLIGHTJS_STYLE` - default is `'vs'`
-`FM_DATETIME_FORMAT` - default is `'d.m.y H:i'`
-`FM_EXTENSION` - default is `""` //upload files extensions
-`FM_TREEVIEW` - default is `false`
:information_source: To work offline without CDN resources, use [offline](https://github.com/prasathmani/tinyfilemanager/tree/offline) branch
### :loudspeaker: Features
### :loudspeaker: Features
<ul>
<li>:cd: Open Source, light and extremely simple</li>
<li>:information_source: Basic features likes Create, Delete, Modify, View, Download, Copy and Move files </li>
<li>:arrow_double_up: Ajax Upload, Ability to drag & drop, multiple files upload and file extensions filter </li>
<li>:file_folder: Ability to create folders and files</li>
<li>:gift: Ability to compress, extract files</li>
<li>:sunglasses: Support user permissions - based on session and each user root folder mapping</li>
<li>:floppy_disk: Copy direct file URL</li>
<li>:pencil2: Edit text formats file using advanced editor</li>
<li>:zap: Backup files</li>
<li>:mag_right: Search - Advanced Ajax based seach</li>
<li>:file_folder: Exclude folders from listing</li>
<li>:bangbang: lots more...</li>
</ul>
- :cd: **Open Source:** Lightweight, minimalist, and extremely simple to set up.
- :iphone: **Mobile Friendly:** Optimized for touch devices and mobile viewing.
The team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, email ccpprogrammers[at]gmail[dot]com and include the word "SECURITY" in the subject line.
The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.
Report security bugs in third-party modules to the person or team maintaining the module.
## Disclosure Policy
When the security team receives a security bug report, they will assign it to a
primary handler. This person will coordinate the fix and release process,
involving the following steps:
* Confirm the problem and determine the affected versions.
* Audit code to find any potential similar problems.
* Prepare fixes for all releases still under maintenance. These fixes will be
released as fast as possible to npm.
## Comments on this Policy
If you have suggestions on how this process could be improved please submit a
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
