mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-05-08 16:46:37 +02:00
Added Html encode
This commit is contained in:
parent
cf1eaf8ef1
commit
6b48a3f221
|
@ -236,10 +236,10 @@ if (isset($_GET['del']) && !FM_READONLY) {
|
|||
$is_dir = is_dir($path . '/' . $del);
|
||||
if (fm_rdelete($path . '/' . $del)) {
|
||||
$msg = $is_dir ? 'Folder <b>%s</b> deleted' : 'File <b>%s</b> deleted';
|
||||
fm_set_msg(sprintf($msg, $del));
|
||||
fm_set_msg(sprintf($msg, fm_enc($del)));
|
||||
} else {
|
||||
$msg = $is_dir ? 'Folder <b>%s</b> not deleted' : 'File <b>%s</b> not deleted';
|
||||
fm_set_msg(sprintf($msg, $del), 'error');
|
||||
fm_set_msg(sprintf($msg, fm_enc($del)), 'error');
|
||||
}
|
||||
} else {
|
||||
fm_set_msg('Wrong file or folder name', 'error');
|
||||
|
@ -261,17 +261,17 @@ if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) {
|
|||
if($_GET['type']=="file") {
|
||||
if(!file_exists($path . '/' . $new)) {
|
||||
@fopen($path . '/' . $new, 'w') or die('Cannot open file: '.$new);
|
||||
fm_set_msg(sprintf('File <b>%s</b> created', $new));
|
||||
fm_set_msg(sprintf('File <b>%s</b> created', fm_enc($new)));
|
||||
} else {
|
||||
fm_set_msg(sprintf('File <b>%s</b> already exists', $new), 'alert');
|
||||
fm_set_msg(sprintf('File <b>%s</b> already exists', fm_enc($new)), 'alert');
|
||||
}
|
||||
} else {
|
||||
if (fm_mkdir($path . '/' . $new, false) === true) {
|
||||
fm_set_msg(sprintf('Folder <b>%s</b> created', $new));
|
||||
} elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) {
|
||||
fm_set_msg(sprintf('Folder <b>%s</b> already exists', $new), 'alert');
|
||||
fm_set_msg(sprintf('Folder <b>%s</b> already exists', fm_enc($new)), 'alert');
|
||||
} else {
|
||||
fm_set_msg(sprintf('Folder <b>%s</b> not created', $new), 'error');
|
||||
fm_set_msg(sprintf('Folder <b>%s</b> not created', fm_enc($new)), 'error');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
@ -306,17 +306,17 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) {
|
|||
if ($move) {
|
||||
$rename = fm_rename($from, $dest);
|
||||
if ($rename) {
|
||||
fm_set_msg(sprintf('Moved from <b>%s</b> to <b>%s</b>', $copy, $msg_from));
|
||||
fm_set_msg(sprintf('Moved from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($msg_from)));
|
||||
} elseif ($rename === null) {
|
||||
fm_set_msg('File or folder with this path already exists', 'alert');
|
||||
} else {
|
||||
fm_set_msg(sprintf('Error while moving from <b>%s</b> to <b>%s</b>', $copy, $msg_from), 'error');
|
||||
fm_set_msg(sprintf('Error while moving from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($msg_from)), 'error');
|
||||
}
|
||||
} else {
|
||||
if (fm_rcopy($from, $dest)) {
|
||||
fm_set_msg(sprintf('Copyied from <b>%s</b> to <b>%s</b>', $copy, $msg_from));
|
||||
fm_set_msg(sprintf('Copyied from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($msg_from)));
|
||||
} else {
|
||||
fm_set_msg(sprintf('Error while copying from <b>%s</b> to <b>%s</b>', $copy, $msg_from), 'error');
|
||||
fm_set_msg(sprintf('Error while copying from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($msg_from)), 'error');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
@ -404,9 +404,9 @@ if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) {
|
|||
// rename
|
||||
if ($old != '' && $new != '') {
|
||||
if (fm_rename($path . '/' . $old, $path . '/' . $new)) {
|
||||
fm_set_msg(sprintf('Renamed from <b>%s</b> to <b>%s</b>', $old, $new));
|
||||
fm_set_msg(sprintf('Renamed from <b>%s</b> to <b>%s</b>', fm_enc($old), fm_enc($new)));
|
||||
} else {
|
||||
fm_set_msg(sprintf('Error while renaming from <b>%s</b> to <b>%s</b>', $old, $new), 'error');
|
||||
fm_set_msg(sprintf('Error while renaming from <b>%s</b> to <b>%s</b>', fm_enc($old), fm_enc($new)), 'error');
|
||||
}
|
||||
} else {
|
||||
fm_set_msg('Names not set', 'error');
|
||||
|
@ -468,7 +468,7 @@ if (isset($_POST['upl']) && !FM_READONLY) {
|
|||
}
|
||||
|
||||
if ($errors == 0 && $uploads > 0) {
|
||||
fm_set_msg(sprintf('All files uploaded to <b>%s</b>', $path));
|
||||
fm_set_msg(sprintf('All files uploaded to <b>%s</b>', fm_enc($path)));
|
||||
} elseif ($errors == 0 && $uploads == 0) {
|
||||
fm_set_msg('Nothing uploaded', 'alert');
|
||||
} else {
|
||||
|
@ -535,7 +535,7 @@ if (isset($_POST['group'], $_POST['zip']) && !FM_READONLY) {
|
|||
$res = $zipper->create($zipname, $files);
|
||||
|
||||
if ($res) {
|
||||
fm_set_msg(sprintf('Archive <b>%s</b> created', $zipname));
|
||||
fm_set_msg(sprintf('Archive <b>%s</b> created', fm_enc($zipname)));
|
||||
} else {
|
||||
fm_set_msg('Archive not created', 'error');
|
||||
}
|
||||
|
@ -692,7 +692,7 @@ if (isset($_GET['upload']) && !FM_READONLY) {
|
|||
?>
|
||||
<div class="path">
|
||||
<p><b>Uploading files</b></p>
|
||||
<p class="break-word">Destination folder: <?php echo fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH) ?></p>
|
||||
<p class="break-word">Destination folder: <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH)) ?></p>
|
||||
<form action="" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
|
||||
<input type="hidden" name="upl" value="1">
|
||||
|
@ -735,7 +735,7 @@ if (isset($_POST['copy']) && !FM_READONLY) {
|
|||
}
|
||||
?>
|
||||
<p class="break-word">Files: <b><?php echo implode('</b>, <b>', $copy_files) ?></b></p>
|
||||
<p class="break-word">Source folder: <?php echo fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH) ?><br>
|
||||
<p class="break-word">Source folder: <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH)) ?><br>
|
||||
<label for="inp_copy_to">Destination folder:</label>
|
||||
<?php echo FM_ROOT_PATH ?>/<input type="text" name="copy_to" id="inp_copy_to" value="<?php echo fm_enc(FM_PATH) ?>">
|
||||
</p>
|
||||
|
@ -766,8 +766,8 @@ if (isset($_GET['copy']) && !isset($_GET['finish']) && !FM_READONLY) {
|
|||
<div class="path">
|
||||
<p><b>Copying</b></p>
|
||||
<p class="break-word">
|
||||
Source path: <?php echo fm_convert_win(FM_ROOT_PATH . '/' . $copy) ?><br>
|
||||
Destination folder: <?php echo fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH) ?>
|
||||
Source path: <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . $copy)) ?><br>
|
||||
Destination folder: <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH)) ?>
|
||||
</p>
|
||||
<p>
|
||||
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&copy=<?php echo urlencode($copy) ?>&finish=1"><i class="fa fa-check-circle"></i> Copy</a></b>
|
||||
|
@ -845,9 +845,9 @@ if (isset($_GET['view'])) {
|
|||
|
||||
?>
|
||||
<div class="path">
|
||||
<p class="break-word"><b><?php echo $view_title ?> "<?php echo fm_convert_win($file) ?>"</b></p>
|
||||
<p class="break-word"><b><?php echo $view_title ?> "<?php echo fm_enc(fm_convert_win($file)) ?>"</b></p>
|
||||
<p class="break-word">
|
||||
Full path: <?php echo fm_convert_win($file_path) ?><br>
|
||||
Full path: <?php echo fm_enc(fm_convert_win($file_path)) ?><br>
|
||||
File size: <?php echo fm_get_filesize($filesize) ?><?php if ($filesize >= 1000): ?> (<?php echo sprintf('%s bytes', $filesize) ?>)<?php endif; ?><br>
|
||||
MIME-type: <?php echo $mime_type ?><br>
|
||||
<?php
|
||||
|
@ -889,7 +889,7 @@ if (isset($_GET['view'])) {
|
|||
</p>
|
||||
<p>
|
||||
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&dl=<?php echo urlencode($file) ?>"><i class="fa fa-cloud-download"></i> Download</a></b>
|
||||
<b><a href="<?php echo $file_url ?>" target="_blank"><i class="fa fa-external-link-square"></i> Open</a></b>
|
||||
<b><a href="<?php echo fm_enc($file_url) ?>" target="_blank"><i class="fa fa-external-link-square"></i> Open</a></b>
|
||||
<?php
|
||||
// ZIP actions
|
||||
if (!FM_READONLY && $is_zip && $filenames !== false) {
|
||||
|
@ -918,7 +918,7 @@ if (isset($_GET['view'])) {
|
|||
echo '<code class="maxheight">';
|
||||
foreach ($filenames as $fn) {
|
||||
if ($fn['folder']) {
|
||||
echo '<b>' . $fn['name'] . '</b><br>';
|
||||
echo '<b>' . fm_enc($fn['name']) . '</b><br>';
|
||||
} else {
|
||||
echo $fn['name'] . ' (' . fm_get_filesize($fn['filesize']) . ')<br>';
|
||||
}
|
||||
|
@ -930,14 +930,14 @@ if (isset($_GET['view'])) {
|
|||
} elseif ($is_image) {
|
||||
// Image content
|
||||
if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico'))) {
|
||||
echo '<p><img src="' . $file_url . '" alt="" class="preview-img"></p>';
|
||||
echo '<p><img src="' . fm_enc($file_url) . '" alt="" class="preview-img"></p>';
|
||||
}
|
||||
} elseif ($is_audio) {
|
||||
// Audio content
|
||||
echo '<p><audio src="' . $file_url . '" controls preload="metadata"></audio></p>';
|
||||
echo '<p><audio src="' . fm_enc($file_url) . '" controls preload="metadata"></audio></p>';
|
||||
} elseif ($is_video) {
|
||||
// Video content
|
||||
echo '<div class="preview-video"><video src="' . $file_url . '" width="640" height="360" controls preload="metadata"></video></div>';
|
||||
echo '<div class="preview-video"><video src="' . fm_enc($file_url) . '" width="640" height="360" controls preload="metadata"></video></div>';
|
||||
} elseif ($is_text) {
|
||||
if (FM_USE_HIGHLIGHTJS) {
|
||||
// highlight
|
||||
|
@ -1020,10 +1020,10 @@ if (isset($_GET['edit'])) {
|
|||
<?php if($is_text) { ?>
|
||||
<?php if($isNormalEditor) { ?>
|
||||
<a title="Advanced" href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>&env=ace"><i class="fa fa-paper-plane"></i> Advanced Editor</a>
|
||||
<button type="button" name="Save" data-url="<?php echo $file_url ?>" onclick="edit_save(this,'nrl')"><i class="fa fa-floppy-o"></i> Save</button>
|
||||
<button type="button" name="Save" data-url="<?php echo fm_enc($file_url) ?>" onclick="edit_save(this,'nrl')"><i class="fa fa-floppy-o"></i> Save</button>
|
||||
<?php } else { ?>
|
||||
<a title="Plain Editor" href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>"><i class="fa fa-text-height"></i> Plain Editor</a>
|
||||
<button type="button" name="Save" data-url="<?php echo $file_url ?>" onclick="edit_save(this,'ace')"><i class="fa fa-floppy-o"></i> Save</button>
|
||||
<button type="button" name="Save" data-url="<?php echo fm_enc($file_url) ?>" onclick="edit_save(this,'ace')"><i class="fa fa-floppy-o"></i> Save</button>
|
||||
<?php } ?>
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
@ -1172,7 +1172,7 @@ foreach ($folders as $f) {
|
|||
<a title="Rename" href="#" onclick="rename('<?php echo fm_enc(FM_PATH) ?>', '<?php echo fm_enc($f) ?>');return false;"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a>
|
||||
<a title="Copy to..." href="?p=&copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o" aria-hidden="true"></i></a>
|
||||
<?php endif; ?>
|
||||
<a title="Direct link" href="<?php echo FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f . '/' ?>" target="_blank"><i class="fa fa-link" aria-hidden="true"></i></a>
|
||||
<a title="Direct link" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f . '/') ?>" target="_blank"><i class="fa fa-link" aria-hidden="true"></i></a>
|
||||
</td></tr>
|
||||
<?php
|
||||
flush();
|
||||
|
@ -1197,12 +1197,12 @@ foreach ($files as $f) {
|
|||
?>
|
||||
<tr>
|
||||
<?php if (!FM_READONLY): ?><td><label><input type="checkbox" name="file[]" value="<?php echo fm_enc($f) ?>"></label></td><?php endif; ?>
|
||||
<td><div class="filename"><a href="<?php echo $filelink ?>" title="File info"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?></a><?php echo ($is_link ? ' → <i>' . readlink($path . '/' . $f) . '</i>' : '') ?></div></td>
|
||||
<td><div class="filename"><a href="<?php echo fm_enc($filelink) ?>" title="File info"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?></a><?php echo ($is_link ? ' → <i>' . readlink($path . '/' . $f) . '</i>' : '') ?></div></td>
|
||||
<td><span title="<?php printf('%s bytes', $filesize_raw) ?>"><?php echo $filesize ?></span></td>
|
||||
<td><?php echo $modif ?></td>
|
||||
<?php if (!FM_IS_WIN): ?>
|
||||
<td><?php if (!FM_READONLY): ?><a title="<?php echo 'Change Permissions' ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&chmod=<?php echo urlencode($f) ?>"><?php echo $perms ?></a><?php else: ?><?php echo $perms ?><?php endif; ?></td>
|
||||
<td><?php echo $owner['name'] . ':' . $group['name'] ?></td>
|
||||
<td><?php echo fm_enc($owner['name'] . ':' . $group['name']) ?></td>
|
||||
<?php endif; ?>
|
||||
<td class="inline-actions">
|
||||
<?php if (!FM_READONLY): ?>
|
||||
|
@ -1210,7 +1210,7 @@ foreach ($files as $f) {
|
|||
<a title="Rename" href="#" onclick="rename('<?php echo fm_enc(FM_PATH) ?>', '<?php echo fm_enc($f) ?>');return false;"><i class="fa fa-pencil-square-o"></i></a>
|
||||
<a title="Copy to..." href="?p=<?php echo urlencode(FM_PATH) ?>&copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o"></i></a>
|
||||
<?php endif; ?>
|
||||
<a title="Direct link" href="<?php echo FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f ?>" target="_blank"><i class="fa fa-link"></i></a>
|
||||
<a title="Direct link" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f) ?>" target="_blank"><i class="fa fa-link"></i></a>
|
||||
<a title="Download" href="?p=<?php echo urlencode(FM_PATH) ?>&dl=<?php echo urlencode($f) ?>"><i class="fa fa-download"></i></a>
|
||||
</td></tr>
|
||||
<?php
|
||||
|
@ -1949,7 +1949,7 @@ function fm_show_nav_path($path)
|
|||
for ($i = 0; $i < $count; $i++) {
|
||||
$parent = trim($parent . '/' . $exploded[$i], '/');
|
||||
$parent_enc = urlencode($parent);
|
||||
$array[] = "<a href='?p={$parent_enc}'>" . fm_convert_win($exploded[$i]) . "</a>";
|
||||
$array[] = "<a href='?p={$parent_enc}'>" . fm_enc(fm_convert_win($exploded[$i])) . "</a>";
|
||||
}
|
||||
$root_url .= $sep . implode($sep, $array);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue