Skip to content
Permalink
Browse files

v1.7 - Improve support for spaces.

-v1.7.
-Improve support for spaces in filenames.
-Tweak sanitization.
-Spaces are now replaced by underscores in uploaded files.
  • Loading branch information...
zelon88 committed Jun 30, 2018
1 parent dbd97ab commit 68e5e92d23c7fc0e9f59dbea34c9785aa74603cf
Showing with 34 additions and 38 deletions.
  1. +33 −37 convertCore.php
  2. +1 −1 versionInfo.php
@@ -65,7 +65,7 @@
// / -----------------------------------------------------------------------------------
// / The following code sets the global variables for the session.
$HRConvertVersion = 'v1.6.5';
$HRConvertVersion = 'v1.7';
$Date = date("m_d_y");
$Time = date("F j, Y, g:i a");
$JanitorFile = 'janitor.php';
@@ -135,17 +135,18 @@ function symlinkmtime($symlinkPath) {
$stat = lstat($symlinkPath);
return isset($stat['mtime']) ? $stat['mtime'] : null; }
function fileTime($filePath) {
$stat = filemtime($filePath);
return ($stat); }
if (file_exists($filePath)) {
$stat = filemtime($filePath);
return ($stat); } }
function cleanFiles($path) {
global $ConvertLoc, $ConvertTemp;
$i = new DirectoryIterator($path);
foreach($i as $f) {
if($f->isFile()) {
unlink($f->getRealPath()); }
@unlink($f->getRealPath()); }
else if(!$f->isDot() && $f->isDir()) {
cleanFiles($f->getRealPath()); } }
if ($path !== $ConvertLoc && $path !== $ConvertTemp) rmdir($path); }
if ($path !== $ConvertLoc && $path !== $ConvertTemp) @rmdir($path); }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
@@ -168,8 +169,7 @@ function cleanFiles($path) {
$DFiles = scandir($ConvertTemp);
$now = time();
foreach ($DFiles as $DFile) {
if ($DFile == 'index.html') continue;
if (in_array($DFile, $defaultApps)) continue;
if ($DFile == 'index.html' or in_array($DFile, $defaultApps)) continue;
if (($now - fileTime($ConvertTemp.'/'.$DFile)) > ($Delete_Threshold * 60)) { // Time to keep files.
if (is_file($DFile)) {
chmod ($DFile, 0755);
@@ -185,8 +185,7 @@ function cleanFiles($path) {
$DFiles = scandir($ConvertLoc);
$now = time();
foreach ($DFiles as $DFile) {
if ($DFile == 'index.html') continue;
if (in_array($DFile, $defaultApps)) continue;
if ($DFile == 'index.html' or in_array($DFile, $defaultApps)) continue;
if (($now - fileTime($ConvertLoc.'/'.$DFile)) > ($Delete_Threshold * 60)) { // Time to keep files.
if (is_file($DFile)) {
chmod ($DFile, 0755);
@@ -222,15 +221,15 @@ function cleanFiles($path) {
if (!is_array($_FILES['file']['name'])) $_FILES['file']['name'] = array($_FILES['file']['name']);
foreach ($_FILES['file']['name'] as $key=>$file) {
if ($file == '.' or $file == '..' or $file == 'index.html') continue;
$file = htmlentities(str_replace(str_split('\\/[]{};:$!#^&%@>*<'), '', $file), ENT_QUOTES, 'UTF-8');
$file = htmlentities(str_replace(str_split('\\/[](){};:$!#^&%@>*<'), '', $file), ENT_QUOTES, 'UTF-8');
$F0 = pathinfo($file, PATHINFO_EXTENSION);
if (in_array($F0, $DangerousFiles)) {
$txt = ("ERROR!!! HRConvert2103, Unsupported file format, $F0 on $Time.");
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
echo nl2br($txt."\n");
continue; }
$F2 = pathinfo($file, PATHINFO_BASENAME);
$F3 = str_replace('//', '/', $ConvertDir.'/'.$F2);
$F3 = str_replace(' ', '_', str_replace('//', '/', $ConvertDir.'/'.$F2));
if($file == "") {
$txt = ("ERROR!!! HRConvert2160, No file specified on $Time.");
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
@@ -265,14 +264,13 @@ function cleanFiles($path) {
// / -----------------------------------------------------------------------------------
// / The following code is performed when a user downloads a selection of files.
if (isset($download)) {
$download = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $download);
$download = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $download);
$txt = ('OP-Act: Initiated Downloader with input '.$download.' on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
if (!is_array($download)) $download = array($download);
foreach ($download as $file) {
$file = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $file);
$file = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $file);
if ($file == '.' or $file == '..' or $file == 'index.html') continue;
$file1 = $file;
$file1 = trim($file, '/');
$file = $ConvertDir.'/'.$file;
if (!file_exists($file) or $file == "") {
@@ -308,13 +306,12 @@ function cleanFiles($path) {
if (isset($_POST['archive'])) {
$txt = ('OP-Act: Initiated Archiver on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
$_POST['archive'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['archive']);
$_POST['archive'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['archive']);
if (!is_array($_POST['filesToArchive'])) {
$_POST['filesToArchive'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['filesToArchive']);
$_POST['filesToArchive'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['filesToArchive']);
$_POST['filesToArchive'] = array($_POST['filesToArchive']); }
foreach ($_POST['filesToArchive'] as $key=>$TFile1) {
$TFile1 = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $TFile1);
$TFile1 = str_replace(' ', '\ ', $TFile1);
$TFile1 = str_replace(' ', '\ ', str_replace(str_split('[](){};:$!#^&%@>*<'), '', $TFile1));
$allowed = array('mov', 'mp4', 'mkv', 'flv', 'ogv', 'wmv', 'mpg', 'mpeg', 'm4v', '3gp', 'dat', 'cfg', 'txt', 'doc', 'docx', 'rtf', 'xls', 'xlsx', 'csv', 'ods', 'odf', 'odt', 'jpg', 'mp3',
'avi', 'wma', 'wav', 'ogg', 'jpeg', 'bmp', 'png', 'gif', 'pdf', 'abw', 'zip', '7z', 'rar', 'tar', 'tar.gz', 'tar.bz2', 'iso', 'vhd');
$archarray = array('zip', '7z', 'rar', 'tar', 'tar.gz', 'tar.bz2', 'iso', 'vhd');
@@ -324,11 +321,10 @@ function cleanFiles($path) {
$filename = str_replace('//', '/', $ConvertDir.$TFile1);
$filename1 = pathinfo($filename, PATHINFO_BASENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$_POST['archextension'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['archextension']);
$_POST['archextension'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['archextension']);
$UserExt = $_POST['archextension'];
$_POST['userfilename'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['userfilename']);
$UserFileName = str_replace('//', '/', $_POST['userfilename']);
$UserFileName = str_replace(' ', '\ ', $UserFileName);
$_POST['userfilename'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['userfilename']);
$UserFileName = str_replace(' ', '\ ', str_replace('//', '/', $_POST['userfilename']));
$archSrc = str_replace('//', '/', $ConvertTempDir.$TFile1);
$archDst = str_replace('//', '/', $ConvertDir.$UserFileName);
if (!is_dir($filename)) {
@@ -376,12 +372,12 @@ function cleanFiles($path) {
// / -----------------------------------------------------------------------------------
// / The following code is performed when a user selects files to convert to other formats.
if (isset($_POST['convertSelected'])) {
$_POST['convertSelected'] = str_replace('//', '/', str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['convertSelected']));
$_POST['convertSelected'] = str_replace('//', '/', str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['convertSelected']));
$txt = ('OP-Act: Initiated HRConvert2 on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
if (!is_array($_POST['convertSelected'])) $_POST['convertSelected'] = array($_POST['convertSelected']);
foreach ($_POST['convertSelected'] as $key => $file) {
$file = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $file);
$file = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $file);
$txt = ('OP-Act: User '.$UserID.' selected to Convert file '.$file.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
$allowed = array('svg', 'dxf', 'vdx', 'fig', '3ds', 'obj', 'collada', 'off', 'ply', 'stl', 'ptx', 'dxf', 'u3d', 'vrml', 'mov', 'mp4', 'mkv', 'flv', 'ogv', 'wmv', 'mpg', 'mpeg', 'm4v', '3gp', 'flac', 'aac', 'dat',
@@ -399,12 +395,12 @@ function cleanFiles($path) {
echo nl2br('ERROR!!! HRConvert2381, There was a problem copying your file between internal HRCloud directories.
Please rename your file or try again later.'."\n"); }
$convertcount = 0;
$extension = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['extension']);
$extension = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['extension']);
$pathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertTempDir.$file));
$oldPathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertDir.$file));
$filename = pathinfo($pathname, PATHINFO_FILENAME);
$oldExtension = pathinfo($pathname, PATHINFO_EXTENSION);
$newFile = str_replace('//', '/', str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['userconvertfilename'].'.'.$extension));
$newFile = str_replace('//', '/', str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['userconvertfilename'].'.'.$extension));
$newPathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertDir.$newFile));
$docarray = array('txt', 'doc', 'xls', 'xlsx', 'docx', 'rtf', 'odf', 'ods', 'odt', 'dat', 'cfg', 'pages', 'pptx', 'ppt', 'xps', 'potx', 'pot', 'ppa', 'odp', 'odf');
$imgarray = array('jpg', 'jpeg', 'bmp', 'png', 'gif');
@@ -425,7 +421,7 @@ function cleanFiles($path) {
$abwuno = array('docx', 'pdf', 'txt', 'rtf', 'odf', 'dat', 'cfg');
// / Code to increment the conversion in the event that an output file already exists.
while(file_exists($newPathname)) {
$newFile = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['userconvertfilename'].'.'.$extension);
$newFile = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['userconvertfilename'].'.'.$extension);
$newPathname = $ConvertDir.$newFile; }
// / Code to convert document files.
// / Note: Some servers may experience a delay between the script finishing and the
@@ -473,9 +469,9 @@ function cleanFiles($path) {
die($txt); } } }
// / Code to convert and manipulate image files.
if (in_array($oldExtension, $imgarray)) {
$height = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['height']);
$width = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['width']);
$_POST["rotate"] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['rotate']);
$height = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['height']);
$width = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['width']);
$_POST["rotate"] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['rotate']);
$rotate = ('-rotate '.$_POST["rotate"]);
$wxh = $width.'x'.$height;
if ($wxh == '0x0' or $wxh =='x0' or $wxh == '0x' or $wxh == '0' or $wxh == '00' or $wxh == '' or $wxh == ' ') {
@@ -505,7 +501,7 @@ function cleanFiles($path) {
if (in_array($oldExtension, $audioarray)) {
$ext = (' -f ' . $extension);
if (isset($_POST['bitrate'])) {
$bitrate = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['bitrate']); }
$bitrate = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['bitrate']); }
if (!isset($_POST['bitrate'])) {
$bitrate = 'auto'; }
if ($bitrate = 'auto') {
@@ -621,13 +617,13 @@ function cleanFiles($path) {
// / -----------------------------------------------------------------------------------
// / The following code is performed whenever a user selects a document or PDF for manipulation.
if (isset($_POST['pdfworkSelected'])) {
$_POST['pdfworkSelected'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['pdfworkSelected']);
$_POST['pdfworkSelected'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['pdfworkSelected']);
$txt = ('OP-Act: Initiated PDFWork on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
$pdfworkcount = '0';
if (!is_array($_POST['pdfworkSelected'])) $_POST['pdfworkSelected'] = array($_POST['pdfworkSelected']);
foreach ($_POST['pdfworkSelected'] as $file) {
$file = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $file);
$file = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $file);
$txt = ('OP-Act: User '.$UserID.' selected to PDFWork file '.$file.' on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND);
$allowedPDFw = array('txt', 'doc', 'docx', 'rtf' ,'xls', 'xlsx', 'ods', 'odf', 'odt', 'jpg', 'jpeg', 'bmp', 'png', 'gif', 'pdf', 'abw');
@@ -645,28 +641,28 @@ function cleanFiles($path) {
die(); }
// / If no output format is selected the default of PDF is used instead.
if (isset($_POST['pdfextension'])) {
$extension = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['pdfextension']); }
$extension = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['pdfextension']); }
if (!isset($_POST['pdfextension'])) {
$extension = 'pdf'; }
$pathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertTempDir.$file));
$oldPathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertDir.$file));
$filename = pathinfo($pathname, PATHINFO_FILENAME);
$oldExtension = pathinfo($pathname, PATHINFO_EXTENSION);
$newFile = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['userpdfconvertfilename'].'.'.$extension);
$newFile = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['userpdfconvertfilename'].'.'.$extension);
$newPathname = str_replace(' ', '\ ', str_replace('//', '/', $ConvertDir.$newFile));
$doc1array = array('txt', 'pages', 'doc', 'xls', 'xlsx', 'docx', 'rtf', 'odf', 'ods', 'odt');
$img1array = array('jpg', 'jpeg', 'bmp', 'png', 'gif');
$pdf1array = array('pdf');
if (in_array($oldExtension, $allowedPDFw)) {
while(file_exists($newPathname)) {
$pdfworkcount++;
$newFile = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['userpdfconvertfilename'].'.'.$extension);
$newFile = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['userpdfconvertfilename'].'.'.$extension);
$newPathname = str_replace('//', '/', $ConvertDir.$newFile); } }
// / Code to convert a PDF to a document.
if (in_array($oldExtension, $pdf1array)) {
if (in_array($extension, $doc1array)) {
$pathnameTEMP = str_replace('.'.$oldExtension, '.txt', $pathname);
$_POST['method'] = str_replace(str_split('[]{};:$!#^&%@>*<'), '', $_POST['method']);
$_POST['method'] = str_replace(str_split('[](){};:$!#^&%@>*<'), '', $_POST['method']);
if ($_POST['method1'] == '0' or $_POST['method1'] == '') {
shell_exec("pdftotext -layout $pathname $pathnameTEMP");
$txt = ('OP-Act: '."Converted $pathnameTEMP1 to $pathnameTEMP on $Time".' using method 0.');
@@ -1,4 +1,4 @@
<?php
// / This file contains the current HRConvert2 version for auto-update purposes.
// /
$Version = 'v1.6.5';
$Version = 'v1.7';

0 comments on commit 68e5e92

Please sign in to comment.
You can’t perform that action at this time.