diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 8b9a591..b661a9b 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -3,13 +3,13 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"calc_folder":false}'; /** - * H3K | Tiny File Manager V2.4.1 + * H3K | Tiny File Manager V2.4.2 * CCP Programmers | ccpprogrammers@gmail.com * https://tinyfilemanager.github.io */ //TFM version -define('VERSION', '2.4.1'); +define('VERSION', '2.4.2'); //Application Title define('APP_TITLE', 'Tiny File Manager'); @@ -417,7 +417,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { //search : get list of files from the current folder if(isset($_POST['type']) && $_POST['type']=="search") { $dir = FM_ROOT_PATH; - $response = scan($_POST['path'], $_POST['content']); + $response = scan(fm_clean_path($_POST['path']), $_POST['content']); echo json_encode($response); exit(); } @@ -425,11 +425,16 @@ if (isset($_POST['ajax']) && !FM_READONLY) { // backup files if (isset($_POST['type']) && $_POST['type'] == "backup") { $file = $_POST['file']; - $path = $_POST['path']; - $date = date("dMy-His"); - $newFile = $file . '-' . $date . '.bak'; - copy($path . '/' . $file, $path . '/' . $newFile) or die("Unable to backup"); - echo "Backup $newFile Created"; + $dir = fm_clean_path($_POST['path']); + $path = FM_ROOT_PATH.'/'.$dir; + if($dir) { + $date = date("dMy-His"); + $newFile = $file . '-' . $date . '.bak'; + copy($path . '/' . $file, $path . '/' . $newFile) or die("Unable to backup"); + echo "Backup $newFile Created"; + } else { + echo "Error! Not allowed"; + } } // Save Config @@ -785,17 +790,7 @@ if (isset($_GET['dl'])) { $path .= '/' . FM_PATH; } if ($dl != '' && is_file($path . '/' . $dl)) { - header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename="' . basename($path . '/' . $dl) . '"'); - header('Content-Transfer-Encoding: binary'); - header('Connection: Keep-Alive'); - header('Expires: 0'); - header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); - header('Pragma: public'); - header('Content-Length: ' . filesize($path . '/' . $dl)); - ob_end_clean(); - readfile($path . '/' . $dl); + fm_download_file($path . '/' . $dl, $dl, 1024); exit; } else { fm_set_msg('File not found', 'error'); @@ -816,6 +811,10 @@ if (!empty($_FILES) && !FM_READONLY) { $errors = 0; $uploads = 0; $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; + $response = array ( + 'status' => 'error', + 'info' => 'Oops! Try again' + ); $filename = $f['file']['name']; $tmp_name = $f['file']['tmp_name']; @@ -989,8 +988,17 @@ if (isset($_GET['unzip']) && !FM_READONLY) { $zipper = new FM_Zipper(); $res = $zipper->unzip($zip_path, $path); } elseif ($ext == "tar") { - $gzipper = new PharData($zip_path); - $res = $gzipper->extractTo($path); + try { + $gzipper = new PharData($zip_path); + if (@$gzipper->extractTo($path,null, true)) { + $res = true; + } else { + $res = false; + } + } catch (Exception $e) { + //TODO:: need to handle the error + $res = true; + } } if ($res) { @@ -1137,7 +1145,7 @@ if (isset($_GET['upload']) && !FM_READONLY) { :
-