Skip to content
This repository has been archived by the owner on Aug 27, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Fix #619 and #625
  • Loading branch information
mvdkleijn committed Aug 10, 2015
1 parent d9b0620 commit 2160275
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 29 deletions.
62 changes: 42 additions & 20 deletions wolf/plugins/file_manager/FileManagerController.php
Expand Up @@ -27,7 +27,7 @@
if (!defined('IN_CMS')) { exit(); }

/**
*
*
*/
class FileManagerController extends PluginController {

Expand Down Expand Up @@ -55,6 +55,14 @@ public function index() {
$this->browse();
}

static function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);

return stripslashes($output);
}

public function browse() {
$params = func_get_args();

Expand Down Expand Up @@ -94,7 +102,7 @@ public function browse() {
$this->fullpath = preg_replace('/\/\//', '/', $this->fullpath);

$this->display('file_manager/views/index', array(
'dir' => $this->path,
'dir' => htmlContextCleaner($this->path),
//'files' => $this->_getListFiles()
'files' => $this->_listFiles()
));
Expand Down Expand Up @@ -133,15 +141,15 @@ public function view() {

// We don't allow leading slashes
$filename = preg_replace('/^\//', '', $filename);

// Check if file had URL_SUFFIX - if so, append it to filename
$filename .= (isset($_GET['has_url_suffix']) && $_GET['has_url_suffix']==='1') ? URL_SUFFIX : '';

$file = FILES_DIR . '/' . $filename;
if (!$this->_isImage($file) && file_exists($file)) {
$content = file_get_contents($file);
}

$this->display('file_manager/views/view', array(
'csrf_token' => SecureToken::generateToken(BASE_URL.'plugin/file_manager/save/'.$filename),
'is_image' => $this->_isImage($file),
Expand All @@ -156,7 +164,7 @@ public function save() {
// security (remove all ..)
$data['name'] = str_replace('..', '', $data['name']);
$file = FILES_DIR . DS . $data['name'];

// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
Expand All @@ -169,7 +177,7 @@ public function save() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/view/'.$data['name']));
}

if (file_exists($file)) {
if (file_put_contents($file, $data['content']) !== false) {
Flash::set('success', __('File has been saved with success!'));
Expand Down Expand Up @@ -197,7 +205,7 @@ public function create_file() {
Flash::set('error', __('You do not have sufficient permissions to create a file.'));
redirect(get_url('plugin/file_manager/browse/'));
}

// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
Expand Down Expand Up @@ -231,7 +239,7 @@ public function create_directory() {
Flash::set('error', __('You do not have sufficient permissions to create a directory.'));
redirect(get_url('plugin/file_manager/browse/'));
}

// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
Expand Down Expand Up @@ -269,7 +277,7 @@ public function delete() {
$paths = func_get_args();

$file = urldecode(join('/', $paths));

// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
Expand Down Expand Up @@ -304,7 +312,7 @@ public function upload() {
Flash::set('error', __('You do not have sufficient permissions to upload a file.'));
redirect(get_url('plugin/file_manager/browse/'));
}

// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
Expand All @@ -317,7 +325,7 @@ public function upload() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}

$mask = Plugin::getSetting('umask', 'file_manager');
umask(octdec($mask));

Expand All @@ -329,6 +337,12 @@ public function upload() {
$filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']);
$filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename);

$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) {
Flash::set('error', __('Not allowed to upload files with extension :ext', $ext));
redirect(get_url('plugin/file_manager/browse/'));
}

if (isset($_FILES)) {
$file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite);

Expand Down Expand Up @@ -356,7 +370,7 @@ public function chmod() {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}

$data = $_POST['file'];
$data['name'] = str_replace('..', '', $data['name']);
$file = FILES_DIR . '/' . $data['name'];
Expand All @@ -378,7 +392,7 @@ public function rename() {
Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.'));
redirect(get_url('plugin/file_manager/browse/'));
}

// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
Expand All @@ -404,6 +418,14 @@ public function rename() {
$path = substr($data['current_name'], 0, strrpos($data['current_name'], '/'));
$file = FILES_DIR . '/' . $data['current_name'];

// Check if trying to rename to php file (.php / .php3 etc)
$ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION));

if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) {
Flash::set('error', __('Not allowed to rename to :ext', $ext));
redirect(get_url('plugin/file_manager/browse/' . $path));
}

// Check another file doesn't already exist with same name
if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) {
Flash::set('error', __('A file or directory with that name already exists!'));
Expand Down Expand Up @@ -442,7 +464,7 @@ private function _listFiles() {
$name = $cur->getFilename();
if (Plugin::getSetting('show_hidden', 'file_manager') == '0' && $name[0] === '.')
continue;

if (Plugin::getSetting('show_backups', 'file_manager') == '0' && $name[strlen($name)-1] === '~')
continue;

Expand All @@ -453,7 +475,7 @@ private function _listFiles() {
$object->size = convert_size($cur->getSize());
$object->mtime = date('D, j M, Y', $cur->getMTime());
list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms());

// Find the file type
$object->type = $this->_getFileType($cur);

Expand All @@ -477,13 +499,13 @@ private function _listFiles() {
return strnatcmp($a->name, $b->name);
}
});

return $files;
}

return array();
}

private function _getFileType($file) {
$default = 'unknown';

Expand Down Expand Up @@ -659,7 +681,7 @@ public function settings() {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}

$settings = Plugin::getAllSettings('file_manager');

if (!$settings) {
Expand All @@ -678,7 +700,7 @@ public function settings_save() {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}

if (!isset($_POST['settings'])) {
Flash::set('error', 'File Manager - ' . __('form was not posted.'));
redirect(get_url('plugin/file_manager/settings'));
Expand Down
4 changes: 3 additions & 1 deletion wolf/plugins/file_manager/i18n/en-message.php
Expand Up @@ -41,6 +41,8 @@
'Modified' => 'Modified',
'Modify' => 'Modify',
'No' => 'No',
'Not allowed to upload files with extension :ext' => 'Not allowed to upload files with extension :ext',
'Not allowed to rename to :ext' => 'Not allowed to rename to :ext',
'Permission denied!' => 'Permission denied!',
'Permissions' => 'Permissions',
'Provides interface to manage files from the administration.' => 'Provides interface to manage files from the administration.',
Expand Down Expand Up @@ -72,4 +74,4 @@
'unable to retrieve plugin settings.' => 'unable to retrieve plugin settings.',
'unable to store plugin settings!' => 'unable to store plugin settings!',
'uninstalled.' => 'uninstalled.'
);
);
21 changes: 15 additions & 6 deletions wolf/plugins/file_manager/views/index.php
Expand Up @@ -23,16 +23,25 @@
/* Security measure */
if (!defined('IN_CMS')) { exit(); }

function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);

return stripslashes($output);
}

$out = '';
$progres_path = '';
$paths = explode('/', $dir);
$paths = explode('/', $dir);
$nb_path = count($paths)-1; // -1 to didn't display current dir as a link
foreach ($paths as $i => $path) {
if ($i+1 == $nb_path) {
$out .= $path;
} else if ($path != '') {
$path = preg_replace('/.*:\/\/[^\/]+\//', '/', $path);
$progres_path .= $path.'/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.$path.'</a>/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.htmlContextCleaner($path).'</a>/';
}
}
?>
Expand Down Expand Up @@ -74,23 +83,23 @@

<div class="popup" id="chmod-popup" style="display:none;">
<h3><?php echo __('Change mode'); ?></h3>
<form action="<?php echo get_url('plugin/file_manager/chmod'); ?>" method="post">
<form action="<?php echo get_url('plugin/file_manager/chmod'); ?>" method="post">
<div>
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL.'plugin/file_manager/chmod'); ?>" />
<input id="chmod_file_name" name="file[name]" type="hidden" value="" />
<input id="chmod_file_mode" maxlength="4" name="file[mode]" type="text" value="" />
<input id="chmod_file_mode" maxlength="4" name="file[mode]" type="text" value="" />
<input id="chmod_file_button" name="commit" type="submit" value="<?php echo __('Change mode'); ?>" />
</div>
<p><a class="close-link" href="#" onclick="toggle_chmod_popup(); return false;"><?php echo __('Close'); ?></a></p>
</form>
</div>
<div class="popup" id="rename-popup" style="display:none;">
<h3><?php echo __('Rename'); ?></h3>
<form action="<?php echo get_url('plugin/file_manager/rename'); ?>" method="post">
<form action="<?php echo get_url('plugin/file_manager/rename'); ?>" method="post">
<div>
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL.'plugin/file_manager/rename'); ?>" />
<input id="rename_file_current_name" name="file[current_name]" type="hidden" value="" />
<input id="rename_file_new_name" maxlength="50" name="file[new_name]" type="text" value="" />
<input id="rename_file_new_name" maxlength="50" name="file[new_name]" type="text" value="" />
<input id="rename_file_button" name="commit" type="submit" value="<?php echo __('Rename'); ?>" />
</div>
<p><a class="close-link" href="#" onclick="toggle_rename_popup(); return false;"><?php echo __('Close'); ?></a></p>
Expand Down
14 changes: 12 additions & 2 deletions wolf/plugins/file_manager/views/view.php
Expand Up @@ -23,16 +23,26 @@
/* Security measure */
if (!defined('IN_CMS')) { exit(); }

function htmlContextCleaner($input) {
$bad_chars = array("<", ">");
$safe_chars = array("&lt;", "&gt;");
$output = str_replace($bad_chars, $safe_chars, $input);

return stripslashes($output);
}


$out = '';
$progres_path = '';
$paths = explode('/', $filename);
$paths = explode('/', $filename);
$nb_path = count($paths);
foreach ($paths as $i => $path) {
if ($i+1 == $nb_path) {
$out .= $path;
} else {
$path = preg_replace('/.*:\/\/[^\/]+\//', '/', $path);
$progres_path .= $path.'/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.$path.'</a>/';
$out .= '<a href="'.get_url('plugin/file_manager/browse/'.rtrim($progres_path, '/')).'">'.htmlContextCleaner($path).'</a>/';
}
}
?>
Expand Down

0 comments on commit 2160275

Please sign in to comment.