Bring offline branch up to speed with master (#1037)

* publish additional docker tags (#975)

* Update Romanian translations (#981)

* Update tinyfilemanager.php

* Prevent logout issue after page was cached (#1004)

Logout may not work otherwise, browser reloads cached page from disk instead of sending GET request ?logout=1 to server.

* tell git to always commit .php in unix-newlines (#1017)

so hopefully we don't get a repeat of https://github.com/prasathmani/tinyfilemanager/pull/994#issuecomment-1502035505

* Check if posix_getpwuid/posix_getgrgid calls were successful (#1023)

* use stream_copy_to_stream (#1014)

* use stream_copy_to_stream

it's simpler, and should be faster.
For example, stream_copy_to_stream can use sendfile ( https://man7.org/linux/man-pages/man2/sendfile.2.html ) on operating systems supporting it, which is faster and use less RAM than fread()+fwrite() (because it avoids copying data to/from userland, doing the copy entirely in-kernel~)

* fix loop early return, and workaround bug

* use feof

ref https://github.com/prasathmani/tinyfilemanager/issues/1016#issuecomment-1502081506

* added bengali translation (#1018)

* Fix upload of existing files (#1026)

* Fix typo. (#1028)

* login (Redirecting to Main domain of website instead of tfm.php) fix (#1031)

When logged in it takes to the website's main URL. For example, if I have tfm in www.example.com/tfm/index.php (index.php is tfm) then after logging in it redirects to www.example.com and then have to press back on the browser then it takes to www.example.com/tfm/index.php

* Add configurable path display modes for better privacy and clarity (#1034)

* Resize preview image and implement zoom in/out (#1036)

* Resize preview image and implement zoom in/out

* Remove redundant class name

---------

Co-authored-by: ssams <6338356+ssams@users.noreply.github.com>
Co-authored-by: Sergiu Bivol <sergiu@cip.md>
Co-authored-by: Prasath Mani <prasathmani@users.noreply.github.com>
Co-authored-by: divinity76 <divinity76@gmail.com>
Co-authored-by: Micha Ober <github@ober-mail.de>
Co-authored-by: Joy Biswas <74253956+joybiswas007@users.noreply.github.com>
Co-authored-by: Micha Ober <git@ober-mail.de>
Co-authored-by: Caleb Mazalevskis <maikuolan@gmail.com>
Co-authored-by: xololunatic <97784387+xololunatic@users.noreply.github.com>
Co-authored-by: DannyDaemonic <DannyDaemonic@gmail.com>

Dockerfile

@@ -12,7 +12,7 @@ FROM php:7.4-cli-alpine
 # if run in China
 # RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
 
-RUN apk add --no-cache \
+RUN apk add \
     libzip-dev \
     oniguruma-dev
 

README.md

@@ -9,8 +9,6 @@
 
 > TinyFileManager is web based PHP file manager and it is a simple, fast and small size in single-file PHP file that can be dropped into any folder on your server, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows the creation of multiple users and each user can have its own directory and a build-in support for managing text files with cloud9 IDE and it supports syntax highlighting for over 150+ languages and over 35+ themes.
 
-**Caution!** _Avoid utilizing this script as a standard file manager in public spaces. It is imperative to remove this script from the server after completing any tasks._
-
 ## Demo
 
 [Demo](https://tinyfilemanager.github.io/demo/)

SECURITY.md

@@ -4,7 +4,7 @@
 
 The team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
 
-To report a security issue, email ccpprogrammers[at]gmail[dot]com and include the word "SECURITY" in the subject line.
+To report a security issue, email ccpprogrammers[at]gmail.com and include the word "SECURITY" in the subject line.
 
 The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.
 

assets/css/vs.min.css

@@ -0,0 +1 @@
+pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}.hljs{background:#fff;color:#000}.hljs-comment,.hljs-quote,.hljs-variable{color:green}.hljs-built_in,.hljs-keyword,.hljs-name,.hljs-selector-tag,.hljs-tag{color:#00f}.hljs-addition,.hljs-attribute,.hljs-literal,.hljs-section,.hljs-string,.hljs-template-tag,.hljs-template-variable,.hljs-title,.hljs-type{color:#a31515}.hljs-deletion,.hljs-meta,.hljs-selector-attr,.hljs-selector-pseudo{color:#2b91af}.hljs-doctag{color:grey}.hljs-attr{color:red}.hljs-bullet,.hljs-link,.hljs-symbol{color:#00b0e8}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}

tinyfilemanager.php

@@ -5,6 +5,7 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":
 /**
  * H3K | Tiny File Manager V2.5.3
  * @author CCP Programmers
+ * @email ccpprogrammers@gmail.com
  * @github https://github.com/prasathmani/tinyfilemanager
  * @link https://tinyfilemanager.github.io
  */
@@ -100,7 +101,7 @@ $favicon_path = '';
 $exclude_items = array();
 
 // Online office Docs Viewer
-// Available rules are 'google', 'microsoft' or false
+// Availabe rules are 'google', 'microsoft' or false
 // Google => View documents using Google Docs Viewer
 // Microsoft => View documents using Microsoft Web Apps Viewer
 // false => disable online doc viewer
@@ -141,6 +142,20 @@ $ip_blacklist = array(
     '::'            // non-routable meta ipv6
 );
 
+// External CDN resources that can be used in the HTML (replace for GDPR compliance)
+$external = array(
+    'css-bootstrap' => '<link href="assets/css/bootstrap.min.css" rel="stylesheet">',
+    'css-dropzone' => '<link href="assets/css/dropzone.min.css" rel="stylesheet">',
+    'css-font-awesome' => '<link rel="stylesheet" href="assets/css/font-awesome.min.css" crossorigin="anonymous">',
+    'css-highlightjs' => '<link rel="stylesheet" href="assets/css/' . $highlightjs_style . '.min.css">',
+    'js-ace' => '<script src="assets/js/ace.js"></script>',
+    'js-bootstrap' => '<script src="assets/js/bootstrap.bundle.min.js"></script>',
+    'js-dropzone' => '<script src="assets/js/dropzone.min.js"></script>',
+    'js-jquery' => '<script src="assets/js/jquery-3.6.1.min.js"></script>',
+    'js-jquery-datatables' => '<script src="assets/js/datatables.min.js"></script>',
+    'js-highlightjs' => '<script src="assets/js/highlight.min.js"></script>',
+);
+
 // if User has the external config file, try to use it to override the default config above [config.php]
 // sample config - https://tinyfilemanager.github.io/config-sample.txt
 $config_file = __DIR__.'/config.php';
@@ -148,22 +163,6 @@ if (is_readable($config_file)) {
     @include($config_file);
 }
 
-// External CDN resources that can be used in the HTML (replace for GDPR compliance)
-$external = array(
-    'css-bootstrap' => '<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi" crossorigin="anonymous">',
-    'css-dropzone' => '<link href="https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.3/min/dropzone.min.css" rel="stylesheet">',
-    'css-font-awesome' => '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" crossorigin="anonymous">',
-    'css-highlightjs' => '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.6.0/styles/' . $highlightjs_style . '.min.css">',
-    'js-ace' => '<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.13.1/ace.js"></script>',
-    'js-bootstrap' => '<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3" crossorigin="anonymous"></script>',
-    'js-dropzone' => '<script src="https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.3/min/dropzone.min.js"></script>',
-    'js-jquery' => '<script src="https://code.jquery.com/jquery-3.6.1.min.js" integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script>',
-    'js-jquery-datatables' => '<script src="https://cdn.datatables.net/1.13.1/js/jquery.dataTables.min.js" crossorigin="anonymous" defer></script>',
-    'js-highlightjs' => '<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.6.0/highlight.min.js"></script>',
-    'pre-jsdelivr' => '<link rel="preconnect" href="https://cdn.jsdelivr.net" crossorigin/><link rel="dns-prefetch" href="https://cdn.jsdelivr.net"/>',
-    'pre-cloudflare' => '<link rel="preconnect" href="https://cdnjs.cloudflare.com" crossorigin/><link rel="dns-prefetch" href="https://cdnjs.cloudflare.com"/>'
-);
-
 // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL ---
 
 // max upload file size
@@ -244,11 +243,7 @@ if (defined('FM_EMBED')) {
 
 //Generating CSRF Token
 if (empty($_SESSION['token'])) {
-    if (function_exists('random_bytes')) {
-        $_SESSION['token'] = bin2hex(random_bytes(32));
-    } else {
-    	$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32));
-    }
+    $_SESSION['token'] = bin2hex(random_bytes(32));
 }
 
 if (empty($auth_users)) {
@@ -607,7 +602,7 @@ if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_
         $use_curl = false;
         $temp_file = tempnam(sys_get_temp_dir(), "upload-");
         $fileinfo = new stdClass();
-        $fileinfo->name = trim(urldecode(basename($url)), ".\x00..\x20");
+        $fileinfo->name = trim(basename($url), ".\x00..\x20");
 
         $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
         $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
@@ -779,7 +774,7 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) {
                $loop_count++;
             }
             if (fm_rcopy($from, $fn_duplicate, False)) {
-                fm_set_msg(sprintf('Copied from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($fn_duplicate)));
+                fm_set_msg(sprintf('Copyied from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($fn_duplicate)));
             } else {
                 fm_set_msg(sprintf('Error while copying from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($fn_duplicate)), 'error');
             }
@@ -957,7 +952,7 @@ if (!empty($_FILES) && !FM_READONLY) {
 
     $targetPath = $path . $ds;
     if ( is_writable($targetPath) ) {
-        $fullPath = $path . '/' . $fullPathInput;
+        $fullPath = $path . '/' . basename($fullPathInput);
         $folder = substr($fullPath, 0, strrpos($fullPath, "/"));
 
         if (!is_dir($folder)) {
@@ -974,15 +969,7 @@ if (!empty($_FILES) && !FM_READONLY) {
                     if ($in) {
                         if (PHP_VERSION_ID < 80009) {
                             // workaround https://bugs.php.net/bug.php?id=81145
-                            do {
-                                for (;;) {
-                                    $buff = fread($in, 4096);
-                                    if ($buff === false || $buff === '') {
-                                        break;
-                                    }
-                                    fwrite($out, $buff);
-                                }
-                            } while (!feof($in));
+                            while (!feof($in)) { fwrite($out, fread($in, 4096)); }
                         } else {
                             stream_copy_to_stream($in, $out);
                         }
@@ -1397,14 +1384,10 @@ if (isset($_GET['upload']) && !FM_READONLY) {
                         toast('Error: Server Timeout');
                     });
                 }).on("success", function (res) {
-                    try {
-                        let _response = JSON.parse(res.xhr.response);
+                    let _response = JSON.parse(res.xhr.response);
 
-                        if(_response.status == "error") {
-                            toast(_response.info);
-                        }
-                    } catch (e) {
-                        toast("Error: Invalid JSON response");
+                    if(_response.status == "error") {
+                        toast(_response.info);
                     }
                 }).on("error", function(file, response) {
                     toast(response);
@@ -1650,7 +1633,7 @@ if (isset($_GET['view'])) {
     $file = $_GET['view'];
     $file = fm_clean_path($file, false);
     $file = str_replace('/', '', $file);
-    if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file)) {
+    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
         fm_set_msg(lng('File not found'), 'error');
         $FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
     }
@@ -1732,7 +1715,7 @@ if (isset($_GET['view'])) {
                 // Image info
                 if ($is_image) {
                     $image_size = getimagesize($file_path);
-                    echo '<strong>'.lng('Image size').':</strong> ' . (isset($image_size[0]) ? $image_size[0] : '0') . ' x ' . (isset($image_size[1]) ? $image_size[1] : '0') . '<br>';
+                    echo lng('Image sizes').': ' . (isset($image_size[0]) ? $image_size[0] : '0') . ' x ' . (isset($image_size[1]) ? $image_size[1] : '0') . '<br>';
                 }
                 // Text info
                 if ($is_text) {
@@ -1849,7 +1832,7 @@ if (isset($_GET['edit']) && !FM_READONLY) {
     $file = $_GET['edit'];
     $file = fm_clean_path($file, false);
     $file = str_replace('/', '', $file);
-    if ($file == '' || !is_file($path . '/' . $file) || !fm_is_exclude_items($file)) {
+    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
         fm_set_msg(lng('File not found'), 'error');
         $FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
     }
@@ -2252,6 +2235,7 @@ fm_show_footer();
 /**
  * It prints the css/js files into html
  * @param key The key of the external file to print.
+ * @return The value of the key in the  array.
  */
 function print_external($key) {
     global $external;
@@ -2266,7 +2250,7 @@ function print_external($key) {
 }
 
 /**
- * Verify CSRF TOKEN and remove after certified
+ * Verify CSRF TOKEN and remove after cerify
  * @param string $token
  * @return bool
  */
@@ -2854,7 +2838,6 @@ function fm_get_file_icon_class($path)
         case 'map':
         case 'lock':
         case 'dtd':
-        case 'ps1':
             $img = 'fa fa-file-code-o';
             break;
         case 'txt':
@@ -2881,18 +2864,12 @@ function fm_get_file_icon_class($path)
             $img = 'fa fa-css3';
             break;
         case 'bz2':
-        case 'tbz2':
-        case 'tbz':
         case 'zip':
         case 'rar':
         case 'gz':
-        case 'tgz':
         case 'tar':
         case '7z':
         case 'xz':
-        case 'txz':
-        case 'zst':
-        case 'tzst':
             $img = 'fa fa-file-archive-o';
             break;
         case 'php':
@@ -3047,7 +3024,7 @@ function fm_get_text_exts()
         'eml', 'msg', 'csv', 'bat', 'twig', 'tpl', 'md', 'gitignore', 'less', 'sass', 'scss', 'c', 'cpp', 'cs', 'py', 'go', 'zsh', 'swift',
         'map', 'lock', 'dtd', 'svg', 'asp', 'aspx', 'asx', 'asmx', 'ashx', 'jsp', 'jspx', 'cgi', 'dockerfile', 'ruby', 'yml', 'yaml', 'toml',
         'vhost', 'scpt', 'applescript', 'csx', 'cshtml', 'c++', 'coffee', 'cfm', 'rb', 'graphql', 'mustache', 'jinja', 'http', 'handlebars',
-        'java', 'es', 'es6', 'markdown', 'wiki', 'tmp', 'top', 'bot', 'dat', 'bak', 'htpasswd', 'pl', 'ps1'
+        'java', 'es', 'es6', 'markdown', 'wiki', 'tmp', 'top', 'bot', 'dat', 'bak', 'htpasswd', 'pl'
     );
 }
 
@@ -3577,7 +3554,7 @@ function fm_show_nav_path($path)
                 <ul class="navbar-nav justify-content-end <?php echo fm_get_theme();  ?>">
                     <li class="nav-item mr-2">
                         <div class="input-group input-group-sm mr-1" style="margin-top:4px;">
-                            <input type="text" class="form-control" placeholder="<?php echo lng('Search') ?>" aria-label="<?php echo lng('Search') ?>" aria-describedby="search-addon2" id="search-addon">
+                            <input type="text" class="form-control" placeholder="<?php echo lng('Filter') ?>" aria-label="<?php echo lng('Search') ?>" aria-describedby="search-addon2" id="search-addon">
                             <div class="input-group-append">
                                 <span class="input-group-text brl-0 brr-0" id="search-addon2"><i class="fa fa-search"></i></span>
                             </div>
@@ -4190,7 +4167,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
             if(_data && _data.fontSize) { $fontSizeEl.html(optionNode("", _data.fontSize)); }
             $modeEl.val( editor.getSession().$modeId );
             $themeEl.val( editor.getTheme() );
-            $(function() { $fontSizeEl.val(12).change(); }); //set default font size in drop down
+            $fontSizeEl.val(12).change(); //set default font size in drop down
         }
 
         $(function(){
@@ -4297,8 +4274,6 @@ function lng($txt) {
     $tr['en']['Invalid characters in file or folder name']      = 'Invalid characters in file or folder name';
     $tr['en']['Operations with archives are not available']     = 'Operations with archives are not available';
     $tr['en']['File or folder with this path already exists']   = 'File or folder with this path already exists';
-    $tr['en']['Are you sure want to rename?']                   = 'Are you sure want to rename?';
-    $tr['en']['Are you sure want to']                           = 'Are you sure want to';
 
     $i18n = fm_get_translations($tr);
     $tr = $i18n ? $i18n : $tr;

translation.json

@@ -1512,9 +1512,7 @@
         "Moved from": "Movido de",
         "Created": "Criado",
         "You are logged in": "Você está logado",
-        "Login failed. Invalid username or password": "Falha na autenticação. nome de usuário ou senha inválidos",
-        "Are you sure want to rename?": "Tem certeza de que deseja renomear?",
-        "Are you sure want to": "Tem certeza de que deseja"
+        "Login failed. Invalid username or password": "Falha na autenticação. nome de usuário ou senha inválidos"
       }
     },
     {
@@ -2534,14 +2532,14 @@
         "Operations with archives are not available": "Bewerkingen met archieven zijn niet beschikbaar",
         "File or folder with this path already exists": "Bestand of map met dit pad bestaat al",
         "Moved from": "Verplaatst van",
-        "a files": "bestanden",
+        "a files": "bestanden",  
         "Okay": "OK",
         "Enter here...": "Voer hier in...",
-        "Enter new file name": "Voer nieuwe bestandsnaam in:",
+        "Enter new file name": "Voer nieuwe bestandsnaam in:",  
         "Full path": "Volledig path",
         "File size": "Bestandsgrootte",
         "Image sizes": "Afbeeldingsgrootte",
-        "Charset": "Karakterset",
+        "Charset": "Karakterset", 
         "Image": "Afbeelding",
         "Audio": "Audio",
         "Video": "Video",
@@ -2549,18 +2547,16 @@
         "Files in archive": "Bestanden in archief",
         "Total size": "Totale grootte",
         "Compression": "Compressie",
-        "Size in archive": "Grootte in archief",
+        "Size in archive": "Grootte in archief",  
         "Invalid Token.": "Ongeldig token",
-        "Fullscreen": "Volledig scherm",
+        "Fullscreen": "Volledig scherm",      
         "Undo": "Ongedaan maken",
         "Redo": "Opnieuw doen",
-        "Theme": "Thema",
+        "Theme": "Thema",  
         "Select Theme": "Kies thema",
-        "Select Font Size": "Kies fontgrootte",
-        "Are you sure want to rename?": "Weet u zeker dat u de naam wilt wijzigen?",
-        "Are you sure want to": "Verder gaan met",
-        "dark": "donker",
-        "light": "licht"
+        "Select Font Size": "Kies fontgrootte",  
+        "Are you sure want to rename?": "Weet u zeker dat u de naam wilt wijzigen?",  
+        "Are you sure want to": "Verder gaan met"
       }
     },
     {