diff --git a/README.md b/README.md index af68405..4596f60 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Default username/password: **admin/admin@123** and **user/12345**. To enable/disable authentication set `$use_auth` to true or false. -:information_source: The default configuration will be loaded from `config.php`, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application. +:information_source: Rename the `config-sample.php` file into `config.php` to use configuration, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application. ### :loudspeaker: Features diff --git a/config.php b/config-sample.php similarity index 96% rename from config.php rename to config-sample.php index d39387b..a24b196 100644 --- a/config.php +++ b/config-sample.php @@ -2,7 +2,7 @@ /* ################################################################################################################# -This is an OPTIONAL configuration file. +This is an OPTIONAL configuration file. rename this file into config.php to use this configuration The role of this file is to make updating of "tinyfilemanager.php" easier. So you can: -Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application. @@ -85,7 +85,7 @@ $favicon_path = ''; // Files and folders to excluded from listing // e.g. array('myfile.html', 'personal-folder', '*.php', ...) -$exclude_items = array(); +$exclude_items = array(''); // Online office Docs Viewer // Availabe rules are 'google', 'microsoft' or false diff --git a/tinyfilemanager.php b/tinyfilemanager.php index ec5cb72..fc8d73e 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -3,13 +3,13 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"calc_folder":false}'; /** - * H3K | Tiny File Manager V2.4.4 + * H3K | Tiny File Manager V2.4.5 * CCP Programmers | ccpprogrammers@gmail.com * https://tinyfilemanager.github.io */ //TFM version -define('VERSION', '2.4.4'); +define('VERSION', '2.4.5'); //Application Title define('APP_TITLE', 'Tiny File Manager'); @@ -526,17 +526,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { $path .= '/' . FM_PATH; } - $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; - $use_curl = false; - $temp_file = tempnam(sys_get_temp_dir(), "upload-"); - $fileinfo = new stdClass(); - $fileinfo->name = trim(basename($url), ".\x00..\x20"); - - $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; - $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION)); - $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; - - function event_callback ($message) { + function event_callback ($message) { global $callback; echo json_encode($message); } @@ -546,6 +536,28 @@ if (isset($_POST['ajax']) && !FM_READONLY) { return $path."/".basename($fileinfo->name); } + $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; + + //prevent 127.* domain and known ports + $domain = parse_url($url, PHP_URL_HOST); + $port = parse_url($url, PHP_URL_PORT); + $knownPorts = [22, 23, 25, 3306]; + + if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) { + $err = array("message" => "URL is not allowed"); + event_callback(array("fail" => $err)); + exit(); + } + + $use_curl = false; + $temp_file = tempnam(sys_get_temp_dir(), "upload-"); + $fileinfo = new stdClass(); + $fileinfo->name = trim(basename($url), ".\x00..\x20"); + + $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; + $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION)); + $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; + $err = false; if(!$isFileAllowed) { @@ -855,6 +867,14 @@ if (!empty($_FILES) && !FM_READONLY) { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; + if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) { + $response = array ( + 'status' => 'error', + 'info' => "Invalid File name!", + ); + echo json_encode($response); exit(); + } + $targetPath = $path . $ds; if ( is_writable($targetPath) ) { $fullPath = $path . '/' . $_REQUEST['fullpath']; diff --git a/translation.json b/translation.json index e10bba7..b7fbef8 100644 --- a/translation.json +++ b/translation.json @@ -1,6 +1,6 @@ { "appName": "Tiny File Manager", - "version": "2.4.3", + "version": "2.4.5", "language": [ { "name": "Norsk", @@ -80,9 +80,9 @@ "You are logged in": "Du er innlogget", "Login failed. Invalid username or password": "Innlogging feilet. Feil brukernavn eller passord", "password_hash not supported, Upgrade PHP version": "password_hash er ikke støttet, venligst oppdater PHP versjonen" - } - }, { + }, + { "name": "فارسی", "code": "Fa", "translation": { @@ -550,7 +550,7 @@ "Change": "Ändern", "Settings": "Einstellungen", "Language": "Sprache", - "You are logged in": "Du bist eingeloggt.", + "You are logged in": "Du bist eingeloggt.", "Login failed. Invalid username or password": "Login fehlgeschlagen. Falscher Benutzername oder Passwort.", "password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version" } @@ -754,19 +754,19 @@ "enable": "開啟", "disable": "關閉", "ErrorReporting": "錯誤報告", - "Help": "幫助", - "ShowHiddenFiles": "顯示隱藏的檔案", - "HideColumns": "不顯示權限以及擁有者", - "CalculateFolderSize": "顯示資料夾大小", - "Help Documents": "幫助文件", - "Report Issue": "回報問題", - "Check Latest Version": "檢查最新版本", - "Generate new password hash": "建立新的密碼 Hash 函數", - "Generate": "建立", - "FullSize": "所有檔案容量", - "MemoryUsed": "使用的記憶體大小", - "PartitionSize" : "剩餘可用空間", - "FreeOf": "硬碟容量:" + "Help": "幫助", + "ShowHiddenFiles": "顯示隱藏的檔案", + "HideColumns": "不顯示權限以及擁有者", + "CalculateFolderSize": "顯示資料夾大小", + "Help Documents": "幫助文件", + "Report Issue": "回報問題", + "Check Latest Version": "檢查最新版本", + "Generate new password hash": "建立新的密碼 Hash 函數", + "Generate": "建立", + "FullSize": "所有檔案容量", + "MemoryUsed": "使用的記憶體大小", + "PartitionSize": "剩餘可用空間", + "FreeOf": "硬碟容量:" } }, { @@ -1449,75 +1449,75 @@ "FreeOf": "voľné z" } }, -{ - "name": "Suomi", - "code": "fi", - "translation": { - "AppName": "Tiny File Manager", - "AppTitle": "File Manager", - "Login": "Kirjautuminen", - "Username": "Käyttäjänimi", - "Password": "Salasana", - "Logout": "Kirjaudu ulos", - "Move": "Siirrä", - "Copy": "Kopioi", - "Save": "Tallenna", - "SelectAll": "Valitse kaikki", - "UnSelectAll": "Poista valinnat", - "File": "Tiedosto", - "Back": "Takaisin", - "Size": "Koko", - "Perms": "Oikeudet", - "Modified": "Muokattu", - "Owner": "Omistaja", - "Search": "Haku", - "NewItem": "Luo uusi...", - "Folder": "Kansio", - "Delete": "Poista", - "Rename": "Nimeä uudelleen", - "CopyTo": "Kopioi kohteeseen", - "DirectLink": "Suora linkki", - "UploadingFiles": "Siirrä tiedostoja", - "ChangePermissions": "Muuta oikeuksia", - "Copying": "Kopioidaan", - "CreateNewItem": "Luo uusi tiedosto tai kansio", - "Name": "Nimi", - "AdvancedEditor": "Edistynyt editori", - "RememberMe": "Muista minut", - "Actions": "Toiminnot", - "Upload": "Vie", - "Cancel": "Peruuta", - "InvertSelection": "Vaihda valinta", - "DestinationFolder": "Kohdekansio", - "ItemType": "Tiedoston tyyppi", - "ItemName": "Nimi", - "CreateNow": "Luo nyt", - "Download": "Lataa", - "Open": "Avaa", - "UnZip": "Pura", - "UnZipToFolder": "Pura kansioon", - "Edit": "Muokkaa", - "NormalEditor": "Editori", - "BackUp": "Varmuuskopioi", - "SourceFolder": "Kohdekansio", - "Files": "Tiedostot", - "Change": "Vaihda", - "Settings": "Asetukset", - "Language": "Kieli", - "MemoryUsed": "Muistia käytetty", - "PartitionSize": "Osion koko", - "ErrorReporting": "Virheraportit", - "ShowHiddenFiles": "Näytä piilotiedostot", - "Preview": "Esikatsele", - "Help": "Apua", - "FullSize": "Täysikokoinen", - "FreeOf": "Vapaana", - "CalculateFolderSize": "Laske kansion koko", - "CheckLatestVersion": "Tarkista päivitykset", - "Generate new password hash": "Luo uusi salasana-hash", - "HideColumns": "Piilota oikeudet-/omistaja-sarakkeet" - } -}, + { + "name": "Suomi", + "code": "fi", + "translation": { + "AppName": "Tiny File Manager", + "AppTitle": "File Manager", + "Login": "Kirjautuminen", + "Username": "Käyttäjänimi", + "Password": "Salasana", + "Logout": "Kirjaudu ulos", + "Move": "Siirrä", + "Copy": "Kopioi", + "Save": "Tallenna", + "SelectAll": "Valitse kaikki", + "UnSelectAll": "Poista valinnat", + "File": "Tiedosto", + "Back": "Takaisin", + "Size": "Koko", + "Perms": "Oikeudet", + "Modified": "Muokattu", + "Owner": "Omistaja", + "Search": "Haku", + "NewItem": "Luo uusi...", + "Folder": "Kansio", + "Delete": "Poista", + "Rename": "Nimeä uudelleen", + "CopyTo": "Kopioi kohteeseen", + "DirectLink": "Suora linkki", + "UploadingFiles": "Siirrä tiedostoja", + "ChangePermissions": "Muuta oikeuksia", + "Copying": "Kopioidaan", + "CreateNewItem": "Luo uusi tiedosto tai kansio", + "Name": "Nimi", + "AdvancedEditor": "Edistynyt editori", + "RememberMe": "Muista minut", + "Actions": "Toiminnot", + "Upload": "Vie", + "Cancel": "Peruuta", + "InvertSelection": "Vaihda valinta", + "DestinationFolder": "Kohdekansio", + "ItemType": "Tiedoston tyyppi", + "ItemName": "Nimi", + "CreateNow": "Luo nyt", + "Download": "Lataa", + "Open": "Avaa", + "UnZip": "Pura", + "UnZipToFolder": "Pura kansioon", + "Edit": "Muokkaa", + "NormalEditor": "Editori", + "BackUp": "Varmuuskopioi", + "SourceFolder": "Kohdekansio", + "Files": "Tiedostot", + "Change": "Vaihda", + "Settings": "Asetukset", + "Language": "Kieli", + "MemoryUsed": "Muistia käytetty", + "PartitionSize": "Osion koko", + "ErrorReporting": "Virheraportit", + "ShowHiddenFiles": "Näytä piilotiedostot", + "Preview": "Esikatsele", + "Help": "Apua", + "FullSize": "Täysikokoinen", + "FreeOf": "Vapaana", + "CalculateFolderSize": "Laske kansion koko", + "CheckLatestVersion": "Tarkista päivitykset", + "Generate new password hash": "Luo uusi salasana-hash", + "HideColumns": "Piilota oikeudet-/omistaja-sarakkeet" + } + }, { "name": "한국어", "code": "ko",