mirror_html/DirectoryLister
1
0
Fork 0
mirror of https://github.com/DirectoryLister/DirectoryLister.git synced 2025-09-25 05:01:37 +02:00
Code Issues Projects Releases Wiki Activity

Lots of work refining the overall system including:

Browse Source 
- Added system messages functionality and relevant error messages where applicable
  - More security for preventing file traversal where not allowed
  - Miscellaneous code tweaks and cleanup
This commit is contained in:
Chris Kankiewicz
2012-02-02 14:15:27 -07:00
parent bd6dc8ce95
commit 83e4edcab8
3 changed files with 244 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
index.php
View File

@@ -21,8 +21,6 @@
<div class="container">
<div class="breadcrumb-wrapper">
<ul class="breadcrumb">
<?php //foreach($lister->listBreadcrumbs() as $breadcrumb): ?>
@@ -39,6 +37,15 @@
</ul>
</div>
<?php if($lister->getSystemMessages()): ?>
<?php foreach ($lister->getSystemMessages() as $message): ?>
<div class="alert alert-<?php echo $message['type']; ?>">
<?php echo $message['text']; ?>
<a class="close" data-dismiss="alert" href="#">&times;</a>
</div>
<?php endforeach; ?>
<?php endif; ?>
<div id="header" class="clearfix">
<span class="fileName">File</span>
<span class="fileSize">Size</span>

143
resources/DirectoryLister.php
View File

@@ -19,10 +19,11 @@ class DirectoryLister {
const VERSION = '2.0.0-dev';
// Set some default variables
protected $_directory = NULL;
protected $_appDir = NULL;
protected $_appURL = NULL;
protected $_settings = NULL;
protected $_directory = NULL;
protected $_appDir = NULL;
protected $_appURL = NULL;
protected $_settings = NULL;
protected $_systemMessage = NULL;
/**
@@ -30,30 +31,6 @@ class DirectoryLister {
*/
function __construct() {
// Set the directory to list
if (@$_GET['dir']) {
$this->_directory = $_GET['dir'];
} else {
$this->_directory = '.';
}
// Prevent access to parent folders
if (substr_count($this->_directory,'.',0,1) !== 0
|| substr_count($this->_directory,'..') !== 0
|| substr_count($this->_directory,'<') !== 0
|| substr_count($this->_directory,'>') !== 0
|| substr_count($this->_directory,'/',0,1) !== 0) {
$this->_directory = '.';
} else {
// Should stop all URL wrappers (Thanks to Hexatex)
$this->_directory = './' . $this->_directory;
}
// Remove trailing slash if present
if(substr($this->_directory, -1, 1) == '/') {
$this->_directory = substr($this->_directory, 0, -1);
}
// Set class directory constant
if(!defined('__DIR__')) {
define('__DIR__', dirname(__FILE__));
@@ -84,26 +61,68 @@ class DirectoryLister {
// Build the application URL
$this->_appURL = $protocol . $host . $path;
// Get file settings
// Load the configuration file
$configFile = $this->_appDir . '/settings.php';
if (file_exists($configFile)) {
include($configFile);
} else {
die('ERROR: Unable to locate config');
$this->setSystemMessage('error', '<b>ERROR:</b> Unable to locate application config file');
}
// Get the directory path for listing
if (!empty($_GET['dir'])) {
$dir = $_GET['dir'];
} else {
$dir = '.';
}
// Remove trailing slash if present
if(substr($dir, -1, 1) == '/') {
$dir = substr($dir, 0, -1);
}
// Prevent access to hidden files
if (in_array(strtolower($dir), $this->_settings['hidden_files'])) {
// Set the error message
$this->setSystemMessage('error', '<b>ERROR:</b> Access denied');
// Set the directory to web root
$dir = '.';
}
// Prevent access to dotfiles if specified
if ($this->_settings['hide_dot_files']) {
if (strlen($dir) > 1 && substr($dir, 0, 1) == '.') {
// Set the error message
$this->setSystemMessage('error', '<b>ERROR:</b> Access denied');
// Set the directory to web root
$dir = '.';
}
}
// Check if file path exists
if (!file_exists($dir)) {
// Set the error message
$this->setSystemMessage('error', '<b>ERROR:</b> File path does not exist');
// Set the directory to web root
$dir = '.';
}
// Prevent access to parent folders
if (strstr($dir, '<') || strstr($dir, '>') || strstr($dir, '..') || substr($dir, 0, 1) == '/') {
// Set the error message
$this->setSystemMessage('error', '<b>ERROR:</b> An invalid path string was deceted');
// Set the directory to web root
$this->_directory = '.';
} else {
// Should stop all URL wrappers (Thanks to Hexatex)
$this->_directory = $dir;
}
}
/**
* Special init method for simple one-line interface.
*
* @access public
*/
public static function init() {
$reflection = new ReflectionClass(__CLASS__);
return $reflection->newInstanceArgs(func_get_args());
}
@@ -150,7 +169,23 @@ class DirectoryLister {
/**
* Loop through directory and return array with pertinent information
* Get an array of error messages or false when empty.
*
* @return array Array of error messages
* @access public
*/
public function getSystemMessages() {
if (isset($this->_systemMessage) && is_array($this->_systemMessage)) {
return $this->_systemMessage;
} else {
return false;
}
}
/**
* Loop through directory and return array with file info, including
* file path, size, modification time, icon and sort order.
*
* @access private
*/
@@ -285,6 +320,30 @@ class DirectoryLister {
return $sortedArray;
}
/**
* Add a message to the system message array
*
* @param string $type The type of message (ie - error, success, notice, etc.)
* @param string $message The message to be displayed to the user
* @access public
*/
public function setSystemMessage($type, $text) {
// Create empty message array if it doesn't already exist
if (isset($this->_systemMessage) && !is_array($this->_systemMessage)) {
$this->_systemMessage = array();
}
// Set the error message
$this->_systemMessage[] = array(
'type' => $type,
'text' => $text
);
return true;
}
}
?>

134
resources/settings.php Normal file
View File

@@ -0,0 +1,134 @@
<?php
/**
* Initialize settings array
*/
$this->_settings = array();
/**
* Basic settings
*/
$this->_settings['hide_dot_files'] = TRUE;
$this->_settings['list_folders_first'] = TRUE;
$this->_settings['list_sort_order'] = 'natcasesort';
/**
* Hidden files
*/
$this->_settings['hidden_files'] = array();
$this->_settings['hidden_files'][] = '.htaccess';
$this->_settings['hidden_files'][] = '.htpasswd';
// $this->_settings['hidden_files'][] = 'resources';
/**
* Cache settings
*/
// $this->_settings['cache_enable'] = FALSE;
// $this->_settings['cache_expire'] = 0;
/**
* Icon settings
*/
$this->_settings['file_types'] = array(
//Applications
'app' => 'app.png',
'bat' => 'app.png',
'deb' => 'app.png',
'exe' => 'app.png',
'msi' => 'app.png',
'rpm' => 'app.png',
// Archives
'7z' => 'archive.png',
'bz' => 'archive.png',
'gz' => 'archive.png',
'rar' => 'archive.png',
'tar' => 'archive.png',
'zip' => 'archive.png',
// Audio
'aac' => 'music.png',
'mid' => 'music.png',
'midi' => 'music.png',
'mp3' => 'music.png',
'ogg' => 'music.png',
'wma' => 'music.png',
'wav' => 'music.png',
// Code
'c' => 'code.png',
'cpp' => 'code.png',
'css' => 'code.png',
'erb' => 'code.png',
'htm' => 'code.png',
'html' => 'code.png',
'java' => 'code.png',
'js' => 'code.png',
'php' => 'code.png',
'pl' => 'code.png',
'py' => 'code.png',
'rb' => 'code.png',
'xhtml' => 'code.png',
'xml' => 'code.png',
// Disc Images
'cue' => 'cd.png',
'iso' => 'cd.png',
'mdf' => 'cd.png',
'mds' => 'cd.png',
'mdx' => 'cd.png',
'nrg' => 'cd.png',
// Documents
'csv' => 'excel.png',
'doc' => 'word.png',
'docx' => 'word.png',
'odt' => 'text.png',
'pdf' => 'pdf.png',
'xls' => 'excel.png',
'xlsx' => 'excel.png',
// Images
'bmp' => 'image.png',
'gif' => 'image.png',
'jpg' => 'image.png',
'jpeg' => 'image.png',
'png' => 'image.png',
'tga' => 'image.png',
// Scripts
'bat' => 'terminal.png',
'cmd' => 'terminal.png',
'sh' => 'terminal.png',
// Text
'log' => 'text.png',
'rtf' => 'text.png',
'txt' => 'text.png',
// Video
'avi' => 'video.png',
'mkv' => 'video.png',
'mov' => 'video.png',
'mp4' => 'video.png',
'mpg' => 'video.png',
'wmv' => 'video.png',
'swf' => 'flash.png',
// Other
'msg' => 'message.png'
);
?>