Skip to content
Permalink
Browse files

Fix #619 and #625

  • Loading branch information...
mvdkleijn committed Aug 10, 2015
1 parent d9b0620 commit 2160275b60736f706dfda132c7c46728c5b255fa
@@ -27,7 +27,7 @@
if (!defined('IN_CMS')) { exit(); }
/**
*
*
*/
class FileManagerController extends PluginController {
@@ -55,6 +55,14 @@ public function index() {
$this->browse();
}
static function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);
return stripslashes($output);
}
public function browse() {
$params = func_get_args();
@@ -94,7 +102,7 @@ public function browse() {
$this->fullpath = preg_replace('/\/\//', '/', $this->fullpath);
$this->display('file_manager/views/index', array(
'dir' => $this->path,
'dir' => htmlContextCleaner($this->path),
//'files' => $this->_getListFiles()
'files' => $this->_listFiles()
));
@@ -133,15 +141,15 @@ public function view() {
// We don't allow leading slashes
$filename = preg_replace('/^\//', '', $filename);
// Check if file had URL_SUFFIX - if so, append it to filename
$filename .= (isset($_GET['has_url_suffix']) && $_GET['has_url_suffix']==='1') ? URL_SUFFIX : '';
$file = FILES_DIR . '/' . $filename;
if (!$this->_isImage($file) && file_exists($file)) {
$content = file_get_contents($file);
}
$this->display('file_manager/views/view', array(
'csrf_token' => SecureToken::generateToken(BASE_URL.'plugin/file_manager/save/'.$filename),
'is_image' => $this->_isImage($file),
@@ -156,7 +164,7 @@ public function save() {
// security (remove all ..)
$data['name'] = str_replace('..', '', $data['name']);
$file = FILES_DIR . DS . $data['name'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
@@ -169,7 +177,7 @@ public function save() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/view/'.$data['name']));
}
if (file_exists($file)) {
if (file_put_contents($file, $data['content']) !== false) {
Flash::set('success', __('File has been saved with success!'));
@@ -197,7 +205,7 @@ public function create_file() {
Flash::set('error', __('You do not have sufficient permissions to create a file.'));
redirect(get_url('plugin/file_manager/browse/'));
}
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
@@ -231,7 +239,7 @@ public function create_directory() {
Flash::set('error', __('You do not have sufficient permissions to create a directory.'));
redirect(get_url('plugin/file_manager/browse/'));
}
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
@@ -269,7 +277,7 @@ public function delete() {
$paths = func_get_args();
$file = urldecode(join('/', $paths));
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
@@ -304,7 +312,7 @@ public function upload() {
Flash::set('error', __('You do not have sufficient permissions to upload a file.'));
redirect(get_url('plugin/file_manager/browse/'));
}
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
@@ -317,7 +325,7 @@ public function upload() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}
$mask = Plugin::getSetting('umask', 'file_manager');
umask(octdec($mask));
@@ -329,6 +337,12 @@ public function upload() {
$filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']);
$filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename);
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) {
Flash::set('error', __('Not allowed to upload files with extension :ext', $ext));
redirect(get_url('plugin/file_manager/browse/'));
}
if (isset($_FILES)) {
$file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite);
@@ -356,7 +370,7 @@ public function chmod() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}
$data = $_POST['file'];
$data['name'] = str_replace('..', '', $data['name']);
$file = FILES_DIR . '/' . $data['name'];
@@ -378,7 +392,7 @@ public function rename() {
Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.'));
redirect(get_url('plugin/file_manager/browse/'));
}
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
@@ -404,6 +418,14 @@ public function rename() {
$path = substr($data['current_name'], 0, strrpos($data['current_name'], '/'));
$file = FILES_DIR . '/' . $data['current_name'];
// Check if trying to rename to php file (.php / .php3 etc)
$ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION));
if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) {
Flash::set('error', __('Not allowed to rename to :ext', $ext));
redirect(get_url('plugin/file_manager/browse/' . $path));
}
// Check another file doesn't already exist with same name
if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) {
Flash::set('error', __('A file or directory with that name already exists!'));
@@ -442,7 +464,7 @@ private function _listFiles() {
$name = $cur->getFilename();
if (Plugin::getSetting('show_hidden', 'file_manager') == '0' && $name[0] === '.')
continue;
if (Plugin::getSetting('show_backups', 'file_manager') == '0' && $name[strlen($name)-1] === '~')
continue;
@@ -453,7 +475,7 @@ private function _listFiles() {
$object->size = convert_size($cur->getSize());
$object->mtime = date('D, j M, Y', $cur->getMTime());
list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms());
// Find the file type
$object->type = $this->_getFileType($cur);
@@ -477,13 +499,13 @@ private function _listFiles() {
return strnatcmp($a->name, $b->name);
}
});
return $files;
}
return array();
}
private function _getFileType($file) {
$default = 'unknown';
@@ -659,7 +681,7 @@ public function settings() {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
$settings = Plugin::getAllSettings('file_manager');
if (!$settings) {
@@ -678,7 +700,7 @@ public function settings_save() {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
if (!isset($_POST['settings'])) {
Flash::set('error', 'File Manager - ' . __('form was not posted.'));
redirect(get_url('plugin/file_manager/settings'));
@@ -41,6 +41,8 @@
'Modified' => 'Modified',
'Modify' => 'Modify',
'No' => 'No',
'Not allowed to upload files with extension :ext' => 'Not allowed to upload files with extension :ext',
'Not allowed to rename to :ext' => 'Not allowed to rename to :ext',
'Permission denied!' => 'Permission denied!',
'Permissions' => 'Permissions',
'Provides interface to manage files from the administration.' => 'Provides interface to manage files from the administration.',
@@ -72,4 +74,4 @@
'unable to retrieve plugin settings.' => 'unable to retrieve plugin settings.',
'unable to store plugin settings!' => 'unable to store plugin settings!',
'uninstalled.' => 'uninstalled.'
);
);
@@ -23,16 +23,25 @@
/* Security measure */
if (!defined('IN_CMS')) { exit(); }
function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);
return stripslashes($output);
}
$out = '';
$progres_path = '';
$paths = explode('/', $dir);
$paths = explode('/', $dir);
$nb_path = count($paths)-1; // -1 to didn't display current dir as a link
foreach ($paths as $i => $path) {
if ($i+1 == $nb_path) {
$out .= $path;
} else if ($path != '') {
$path = preg_replace('/.*:\/\/[^\/]+\//', '/', $path);
$progres_path .= $path.'/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.$path.'</a>/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.htmlContextCleaner($path).'</a>/';
}
}
?>
@@ -74,23 +83,23 @@

<div class="popup" id="chmod-popup" style="display:none;">
<h3><?php echo __('Change mode'); ?></h3>
<form action="<?php echo get_url('plugin/file_manager/chmod'); ?>" method="post">
<form action="<?php echo get_url('plugin/file_manager/chmod'); ?>" method="post">
<div>
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL.'plugin/file_manager/chmod'); ?>" />
<input id="chmod_file_name" name="file[name]" type="hidden" value="" />
<input id="chmod_file_mode" maxlength="4" name="file[mode]" type="text" value="" />
<input id="chmod_file_mode" maxlength="4" name="file[mode]" type="text" value="" />
<input id="chmod_file_button" name="commit" type="submit" value="<?php echo __('Change mode'); ?>" />
</div>
<p><a class="close-link" href="#" onclick="toggle_chmod_popup(); return false;"><?php echo __('Close'); ?></a></p>
</form>
</div>
<div class="popup" id="rename-popup" style="display:none;">
<h3><?php echo __('Rename'); ?></h3>
<form action="<?php echo get_url('plugin/file_manager/rename'); ?>" method="post">
<form action="<?php echo get_url('plugin/file_manager/rename'); ?>" method="post">
<div>
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL.'plugin/file_manager/rename'); ?>" />
<input id="rename_file_current_name" name="file[current_name]" type="hidden" value="" />
<input id="rename_file_new_name" maxlength="50" name="file[new_name]" type="text" value="" />
<input id="rename_file_new_name" maxlength="50" name="file[new_name]" type="text" value="" />
<input id="rename_file_button" name="commit" type="submit" value="<?php echo __('Rename'); ?>" />
</div>
<p><a class="close-link" href="#" onclick="toggle_rename_popup(); return false;"><?php echo __('Close'); ?></a></p>
@@ -23,16 +23,26 @@
/* Security measure */
if (!defined('IN_CMS')) { exit(); }
function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);
return stripslashes($output);
}
$out = '';
$progres_path = '';
$paths = explode('/', $filename);
$paths = explode('/', $filename);
$nb_path = count($paths);
foreach ($paths as $i => $path) {
if ($i+1 == $nb_path) {
$out .= $path;
} else {
$path = preg_replace('/.*:\/\/[^\/]+\//', '/', $path);
$progres_path .= $path.'/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.$path.'</a>/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.htmlContextCleaner($path).'</a>/';
}
}
?>

0 comments on commit 2160275

Please sign in to comment.
You can’t perform that action at this time.