diff --git a/README.md b/README.md index 0010681..a066123 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Live demo](https://img.shields.io/badge/Live-Demo-brightgreen.svg?style=flat-square)](https://tinyfilemanager.github.io/demo/) [![Live demo](https://img.shields.io/badge/Help-Docs-lightgrey.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/wiki) -[![GitHub Release](https://img.shields.io/github/release/qubyte/rubidium.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/releases) +[![GitHub Release](https://img.shields.io/github/release/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/releases) [![GitHub License](https://img.shields.io/github/license/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE) [![Paypal](https://img.shields.io/badge/Donate-Paypal-lightgrey.svg?style=flat-square)](https://www.paypal.me/prasathmani) @@ -12,7 +12,6 @@ [Demo](https://tinyfilemanager.github.io/demo/) -Login Details : admin/admin@123 | user/12345 ## Documentation diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 33a2417..5f55c37 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -4,13 +4,13 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols": /** - * H3K | Tiny File Manager V2.4.6 + * H3K | Tiny File Manager V2.4.7 * CCP Programmers | ccpprogrammers@gmail.com * https://tinyfilemanager.github.io */ //TFM version -define('VERSION', '2.4.6'); +define('VERSION', '2.4.7'); //Application Title define('APP_TITLE', 'Tiny File Manager'); @@ -36,6 +36,13 @@ $readonly_users = array( 'user' ); +// Global readonly, including when auth is not being used +$global_readonly = false; + +// user specific directories +// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...) +$directories_users = array(); + // Enable highlight.js (https://highlightjs.org/) on view's page $use_highlightjs = true; @@ -237,8 +244,19 @@ if (isset($_GET['logout'])) { } // Validate connection IP -if($ip_ruleset != 'OFF'){ - $clientIp = $_SERVER['REMOTE_ADDR']; +if ($ip_ruleset != 'OFF') { + function getClientIP() { + if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { + return $_SERVER["HTTP_X_FORWARDED_FOR"]; + }else if (array_key_exists('REMOTE_ADDR', $_SERVER)) { + return $_SERVER['REMOTE_ADDR']; + }else if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) { + return $_SERVER['HTTP_CLIENT_IP']; + } + return ''; + } + + $clientIp = getClientIP(); $proceed = false; @@ -438,14 +456,6 @@ if (isset($_POST['ajax']) && !FM_READONLY) { die(true); } - //search : get list of files from the current folder - if(isset($_POST['type']) && $_POST['type']=="search") { - $dir = FM_ROOT_PATH; - $response = scan(fm_clean_path($_POST['path']), $_POST['content']); - echo json_encode($response); - exit(); - } - // backup files if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) { $fileName = $_POST['file']; @@ -614,6 +624,16 @@ if (isset($_POST['ajax']) && !FM_READONLY) { exit(); } +if (isset($_POST['ajax'])) { + //search : get list of files from the current folder + if(isset($_POST['type']) && $_POST['type']=="search") { + $dir = FM_ROOT_PATH; + $response = scan(fm_clean_path($_POST['path']), $_POST['content']); + echo json_encode($response); + exit(); + } +} + // Delete file / folder if (isset($_GET['del']) && !FM_READONLY) { $del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) ); @@ -871,7 +891,7 @@ if (!empty($_FILES) && !FM_READONLY) { $filename = $f['file']['name']; $tmp_name = $f['file']['tmp_name']; - $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); + $ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : ''; $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) { @@ -884,12 +904,12 @@ if (!empty($_FILES) && !FM_READONLY) { $targetPath = $path . $ds; if ( is_writable($targetPath) ) { - $fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']); + $fullPath = $path . '/' . basename($_REQUEST['fullpath']); $folder = substr($fullPath, 0, strrpos($fullPath, "/")); - + if(file_exists ($fullPath) && !$override_file_name && !$chunks) { $ext_1 = $ext ? '.'.$ext : ''; - $fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1; + $fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1; } if (!is_dir($folder)) { @@ -898,16 +918,15 @@ if (!empty($_FILES) && !FM_READONLY) { umask($old); } - - if (empty($f['file']['error']) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) { if ($chunkTotal){ $out = @fopen("{$fullPath}.part", $chunkIndex == 0 ? "wb" : "ab"); if ($out) { $in = @fopen($tmp_name, "rb"); - if ($in) { - while ($buff = fread($in, 4096)) { fwrite($out, $buff); } - } else { + + if ($in) { + while ($buff = fread($in, 4096)) { fwrite($out, $buff); } + } else { $response = array ( 'status' => 'error', 'info' => "failed to open output stream" @@ -916,25 +935,26 @@ if (!empty($_FILES) && !FM_READONLY) { @fclose($in); @fclose($out); @unlink($tmp_name); - + $response = array ( 'status' => 'success', 'info' => "file upload successful", 'fullPath' => $fullPath ); - } else { + + } else { + $response = array ( 'status' => 'error', 'info' => "failed to open output stream" ); } - - - if ($chunkIndex == $chunkTotal - 1) { - rename("{$fullPath}.part", $fullPath); + if ($chunkIndex == $chunkTotal - 1) { + rename("{$fullPath}.part", $fullPath); } - + + } else if (move_uploaded_file($tmp_name, $fullPath)) { // Be sure that the file has been uploaded if ( file_exists($fullPath) ) { @@ -1282,7 +1302,7 @@ if (isset($_GET['upload']) && !FM_READONLY) { }); }).on("success", function (res) { let _response = JSON.parse(res.xhr.response); - + if(_response.status == "error") { toast(_response.info); } @@ -1485,7 +1505,7 @@ if (isset($_GET['settings']) && !FM_READONLY) { - +