diff --git a/README.md b/README.md index dca8858..4596f60 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,22 @@ # Tiny File Manager - [![Live demo](https://img.shields.io/badge/Live-Demo-brightgreen.svg?style=flat-square)](https://tinyfilemanager.github.io/demo/) [![Live demo](https://img.shields.io/badge/Help-Docs-lightgrey.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/wiki) [![GitHub Release](https://img.shields.io/github/release/qubyte/rubidium.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/releases) - [![GitHub License](https://img.shields.io/github/license/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE) +[![GitHub License](https://img.shields.io/github/license/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE) [![Paypal](https://img.shields.io/badge/Donate-Paypal-lightgrey.svg?style=flat-square)](https://www.paypal.me/prasathmani) + > TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows the creation of multiple users and each user can have its own directory and a build-in support for managing text files with cloud9 IDE and it supports syntax highlighting for over 150+ languages and over 35+ themes. ## Demo + [Demo](https://tinyfilemanager.github.io/demo/) - Login Details : admin/admin@123 | user/12345 - +Login Details : admin/admin@123 | user/12345 ## Documentation -Tinyfilemanager is highly documented on the [wiki pages](https://github.com/prasathmani/tinyfilemanager/wiki). +Tinyfilemanager is highly documented on the [wiki pages](https://github.com/prasathmani/tinyfilemanager/wiki). [![Tiny File Manager](screenshot.gif)](screenshot.gif) @@ -38,13 +38,14 @@ Default username/password: **admin/admin@123** and **user/12345**. To enable/disable authentication set `$use_auth` to true or false. +:information_source: Rename the `config-sample.php` file into `config.php` to use configuration, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application. -### :loudspeaker: Features +### :loudspeaker: Features - :cd: Open Source, light and extremely simple - :iphone: Mobile friendly view for touch devices -- :information_source: Basic features likes Create, Delete, Modify, View, Quick Preview, Download, Copy and Move files -- :arrow_double_up: Ajax Upload, Ability to drag & drop, upload from URL, multiple files upload with file extensions filter +- :information_source: Basic features likes Create, Delete, Modify, View, Quick Preview, Download, Copy and Move files +- :arrow_double_up: Ajax Upload, Ability to drag & drop, upload from URL, multiple files upload with file extensions filter - :file_folder: Ability to create folders and files - :gift: Ability to compress, extract files (`zip`, `tar`) - :sunglasses: Support user permissions - based on session and each user root folder mapping @@ -52,13 +53,12 @@ To enable/disable authentication set `$use_auth` to true or false. - :pencil2: Cloud9 IDE - Syntax highlighting for over `150+` languages, Over `35+` themes with your favorite programming style - :page_facing_up: Google/Microsoft doc viewer helps you preview `PDF/DOC/XLS/PPT/etc`. 25 MB can be previewed with the Google Drive viewer - :zap: Backup files and IP blacklist and whitelist -- :mag_right: Search - Search and filter files using `datatable js` +- :mag_right: Search - Search and filter files using `datatable js` - :file_folder: Exclude folders and files from listing - :globe_with_meridians: Multi-language(20+) support and for translations `translation.json` is file required - :bangbang: lots more... - -### License, Credit +### License, Credit - Available under the [GNU license](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE) - Original concept and development by github.com/alexantr/filemanager diff --git a/config.php b/config-sample.php similarity index 94% rename from config.php rename to config-sample.php index dc6c42c..abbdf8d 100644 --- a/config.php +++ b/config-sample.php @@ -2,7 +2,7 @@ /* ################################################################################################################# -This is an OPTIONAL configuration file. +This is an OPTIONAL configuration file. rename this file into config.php to use this configuration The role of this file is to make updating of "tinyfilemanager.php" easier. So you can: -Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application. @@ -76,8 +76,8 @@ $directories_users = array(); $iconv_input_encoding = 'UTF-8'; // date() format for file modification date -// Doc - https://www.php.net/manual/en/function.date.php -$datetime_format = 'd.m.y H:i'; +// Doc - https://www.php.net/manual/en/datetime.format.php +$datetime_format = 'd.m.y H:i:s'; // Allowed file extensions for create and rename files // e.g. 'txt,html,css,js' @@ -90,11 +90,11 @@ $allowed_upload_extensions = ''; // Favicon path. This can be either a full url to an .PNG image, or a path based on the document root. // full path, e.g http://example.com/favicon.png // local path, e.g images/icons/favicon.png -$favicon_path = '?img=favicon'; +$favicon_path = ''; // Files and folders to excluded from listing // e.g. array('myfile.html', 'personal-folder', '*.php', ...) -$exclude_items = array(); +$exclude_items = array(''); // Online office Docs Viewer // Availabe rules are 'google', 'microsoft' or false @@ -110,7 +110,7 @@ $sticky_navbar = true; // max upload file size -$max_upload_size_bytes = 2048; +$max_upload_size_bytes = 5000; // Possible rules are 'OFF', 'AND' or 'OR' // OFF => Don't check connection IP, defaults to OFF diff --git a/index.php b/index.php index d2e967e..55a3b33 100644 --- a/index.php +++ b/index.php @@ -1,22 +1,22 @@ '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' //12345 ); -//set application theme -//options - 'light' and 'dark' -$theme = 'light'; - -// Readonly users +// Readonly users // e.g. array('users', 'guest', ...) $readonly_users = array( 'user' @@ -86,7 +82,7 @@ $allowed_upload_extensions = ''; // Favicon path. This can be either a full url to an .PNG image, or a path based on the document root. // full path, e.g http://example.com/favicon.png // local path, e.g images/icons/favicon.png -$favicon_path = '?img=favicon'; +$favicon_path = ''; // Files and folders to excluded from listing // e.g. array('myfile.html', 'personal-folder', '*.php', ...) @@ -107,7 +103,7 @@ $sticky_navbar = true; // Maximum file upload size // Increase the following values in php.ini to work properly // memory_limit, upload_max_filesize, post_max_size -$max_upload_size_bytes = 2048; +$max_upload_size_bytes = 5000; // Possible rules are 'OFF', 'AND' or 'OR' // OFF => Don't check connection IP, defaults to OFF @@ -131,7 +127,7 @@ $ip_blacklist = array( ); // if User has the customized config file, try to use it to override the default config above -$config_file = './config.php'; +$config_file = __DIR__.'/config.php'; if (is_readable($config_file)) { @include($config_file); } @@ -141,8 +137,6 @@ if (is_readable($config_file)) { // max upload file size define('MAX_UPLOAD_SIZE', $max_upload_size_bytes); -define('FM_THEME', $theme); - // private key and session name to store to the session if ( !defined( 'FM_SESSION_ID')) { define('FM_SESSION_ID', 'filemanager'); @@ -166,6 +160,11 @@ $hide_Cols = isset($cfg->data['hide_Cols']) ? $cfg->data['hide_Cols'] : true; // Show directory size: true or speedup output: false $calc_folder = isset($cfg->data['calc_folder']) ? $cfg->data['calc_folder'] : true; +// Theme +$theme = isset($cfg->data['theme']) ? $cfg->data['theme'] : 'light'; + +define('FM_THEME', $theme); + //available languages $lang_list = array( 'en' => 'English' @@ -236,11 +235,6 @@ if (isset($_GET['logout'])) { fm_redirect(FM_SELF_URL); } -// Show image here -if (isset($_GET['img'])) { - fm_show_image($_GET['img']); -} - // Validate connection IP if($ip_ruleset != 'OFF'){ $clientIp = $_SERVER['REMOTE_ADDR']; @@ -265,7 +259,7 @@ if($ip_ruleset != 'OFF'){ trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING); if($ip_silent == false){ - fm_set_msg('Access denied. IP restriction applicable', 'error'); + fm_set_msg(lng('Access denied. IP restriction applicable'), 'error'); fm_show_header_login(); fm_show_message(); } @@ -366,7 +360,7 @@ if ($use_auth && isset($_SESSION[FM_SESSION_ID]['logged'])) { $root_path = rtrim($root_path, '\\/'); $root_path = str_replace('\\', '/', $root_path); if (!@is_dir($root_path)) { - echo "

Root path \"{$root_path}\" not found!

"; + echo "

".lng('Root path')." \"{$root_path}\" ".lng('not found!')."

"; exit; } @@ -375,7 +369,7 @@ defined('FM_ROOT_PATH') || define('FM_ROOT_PATH', $root_path); defined('FM_LANG') || define('FM_LANG', $lang); defined('FM_FILE_EXTENSION') || define('FM_FILE_EXTENSION', $allowed_file_extensions); defined('FM_UPLOAD_EXTENSION') || define('FM_UPLOAD_EXTENSION', $allowed_upload_extensions); -defined('FM_EXCLUDE_ITEMS') || define('FM_EXCLUDE_ITEMS', $exclude_items); +defined('FM_EXCLUDE_ITEMS') || define('FM_EXCLUDE_ITEMS', (version_compare(PHP_VERSION, '7.0.0', '<') ? serialize($exclude_items) : $exclude_items)); defined('FM_DOC_VIEWER') || define('FM_DOC_VIEWER', $online_viewer); define('FM_READONLY', $use_auth && !empty($readonly_users) && isset($_SESSION[FM_SESSION_ID]['logged']) && in_array($_SESSION[FM_SESSION_ID]['logged'], $readonly_users)); define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\'); @@ -426,17 +420,17 @@ if (isset($_POST['ajax']) && !FM_READONLY) { $file = fm_clean_path($file); $file = str_replace('/', '', $file); if ($file == '' || !is_file($path . '/' . $file)) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } - header('X-XSS-Protection:0'); + header('X-XSS-Protection:0'); $file_path = $path . '/' . $file; - + $writedata = $_POST['content']; $fd = fopen($file_path, "w"); $write_results = @fwrite($fd, $writedata); fclose($fd); - if ($write_results === false){ + if ($write_results === false){ header("HTTP/1.1 500 Internal Server Error"); die("Could Not Write File! - Check Permissions / Ownership"); } @@ -450,7 +444,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { echo json_encode($response); exit(); } - + // backup files if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) { $fileName = $_POST['file']; @@ -478,7 +472,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { // Save Config if (isset($_POST['type']) && $_POST['type'] == "settings") { - global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $calc_folder; + global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $calc_folder, $theme; $newLng = $_POST['js-language']; fm_get_translations([]); if (!array_key_exists($newLng, $lang_list)) { @@ -489,6 +483,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { $shf = isset($_POST['js-show-hidden']) && $_POST['js-show-hidden'] == "true" ? true : false; $hco = isset($_POST['js-hide-cols']) && $_POST['js-hide-cols'] == "true" ? true : false; $caf = isset($_POST['js-calc-folder']) && $_POST['js-calc-folder'] == "true" ? true : false; + $te3 = $_POST['js-theme-3']; if ($cfg->data['lang'] != $newLng) { $cfg->data['lang'] = $newLng; @@ -514,6 +509,10 @@ if (isset($_POST['ajax']) && !FM_READONLY) { $cfg->data['calc_folder'] = $caf; $calc_folder = $caf; } + if ($cfg->data['theme'] != $te3) { + $cfg->data['theme'] = $te3; + $theme = $te3; + } $cfg->save(); echo true; } @@ -531,17 +530,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) { $path .= '/' . FM_PATH; } - $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; - $use_curl = false; - $temp_file = tempnam(sys_get_temp_dir(), "upload-"); - $fileinfo = new stdClass(); - $fileinfo->name = trim(basename($url), ".\x00..\x20"); - - $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; - $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION)); - $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; - - function event_callback ($message) { + function event_callback ($message) { global $callback; echo json_encode($message); } @@ -551,6 +540,28 @@ if (isset($_POST['ajax']) && !FM_READONLY) { return $path."/".basename($fileinfo->name); } + $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; + + //prevent 127.* domain and known ports + $domain = parse_url($url, PHP_URL_HOST); + $port = parse_url($url, PHP_URL_PORT); + $knownPorts = [22, 23, 25, 3306]; + + if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) { + $err = array("message" => "URL is not allowed"); + event_callback(array("fail" => $err)); + exit(); + } + + $use_curl = false; + $temp_file = tempnam(sys_get_temp_dir(), "upload-"); + $fileinfo = new stdClass(); + $fileinfo->name = trim(basename($url), ".\x00..\x20"); + + $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; + $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION)); + $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; + $err = false; if(!$isFileAllowed) { @@ -612,14 +623,14 @@ if (isset($_GET['del']) && !FM_READONLY) { } $is_dir = is_dir($path . '/' . $del); if (fm_rdelete($path . '/' . $del)) { - $msg = $is_dir ? 'Folder %s deleted' : 'File %s deleted'; + $msg = $is_dir ? lng('Folder').' %s '.lng('Deleted') : lng('File').' %s '.lng('Deleted'); fm_set_msg(sprintf($msg, fm_enc($del))); } else { - $msg = $is_dir ? 'Folder %s not deleted' : 'File %s not deleted'; + $msg = $is_dir ? lng('Folder').' %s '.lng('not deleted') : lng('File').' %s '.lng('not deleted'); fm_set_msg(sprintf($msg, fm_enc($del)), 'error'); } } else { - fm_set_msg('Invalid file or folder name', 'error'); + fm_set_msg(lng('Invalid file or folder name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -639,22 +650,22 @@ if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) { @fopen($path . '/' . $new, 'w') or die('Cannot open file: ' . $new); fm_set_msg(sprintf(lng('File').' %s '.lng('Created'), fm_enc($new))); } else { - fm_set_msg('File extension is not allowed', 'error'); + fm_set_msg(lng('File extension is not allowed'), 'error'); } } else { - fm_set_msg(sprintf('File %s already exists', fm_enc($new)), 'alert'); + fm_set_msg(sprintf(lng('File').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } } else { if (fm_mkdir($path . '/' . $new, false) === true) { fm_set_msg(sprintf(lng('Folder').' %s '.lng('Created'), $new)); } elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) { - fm_set_msg(sprintf('Folder %s already exists', fm_enc($new)), 'alert'); + fm_set_msg(sprintf(lng('Folder').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } else { - fm_set_msg(sprintf('Folder %s not created', fm_enc($new)), 'error'); + fm_set_msg(sprintf(lng('Folder').' %s '.lng('not created'), fm_enc($new)), 'error'); } } } else { - fm_set_msg('Invalid characters in file or folder name', 'error'); + fm_set_msg(lng('Invalid characters in file or folder name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -666,7 +677,7 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { $copy = fm_clean_path($copy); // empty path if ($copy == '') { - fm_set_msg('Source path not defined', 'error'); + fm_set_msg(lng('Source path not defined'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // abs path from @@ -685,18 +696,17 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { if ($move) { // Move and to != from so just perform move $rename = fm_rename($from, $dest); if ($rename) { - fm_set_msg(sprintf('Moved from %s to %s', fm_enc($copy), fm_enc($msg_from))); + fm_set_msg(sprintf(lng('Moved from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from))); } elseif ($rename === null) { - fm_set_msg('File or folder with this path already exists', 'alert'); - + fm_set_msg(lng('File or folder with this path already exists'), 'alert'); } else { - fm_set_msg(sprintf('Error while moving from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); + fm_set_msg(sprintf(lng('Error while moving from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } else { // Not move and to != from so copy with original name if (fm_rcopy($from, $dest)) { - fm_set_msg(sprintf('Copied from %s to %s', fm_enc($copy), fm_enc($msg_from))); + fm_set_msg(sprintf(lng('Copied from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from))); } else { - fm_set_msg(sprintf('Error while copying from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); + fm_set_msg(sprintf(lng('Error while copying from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } } else { @@ -724,7 +734,7 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { } } else{ - fm_set_msg('Paths must be not equal', 'alert'); + fm_set_msg(lng('Paths must be not equal'), 'alert'); } } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); @@ -744,7 +754,7 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish']) && !FM_READONLY) $copy_to_path .= '/' . $copy_to; } if ($path == $copy_to_path) { - fm_set_msg('Paths must be not equal', 'alert'); + fm_set_msg(lng('Paths must be not equal'), 'alert'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } if (!is_dir($copy_to_path)) { @@ -786,7 +796,7 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish']) && !FM_READONLY) fm_set_msg($msg, 'error'); } } else { - fm_set_msg('Nothing selected', 'alert'); + fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -809,12 +819,12 @@ if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) { // rename if (fm_isvalid_filename($new) && $old != '' && $new != '') { if (fm_rename($path . '/' . $old, $path . '/' . $new)) { - fm_set_msg(sprintf('Renamed from %s to %s', fm_enc($old), fm_enc($new))); + fm_set_msg(sprintf(lng('Renamed from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new))); } else { - fm_set_msg(sprintf('Error while renaming from %s to %s', fm_enc($old), fm_enc($new)), 'error'); + fm_set_msg(sprintf(lng('Error while renaming from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new)), 'error'); } } else { - fm_set_msg('Invalid characters in file name', 'error'); + fm_set_msg(lng('Invalid characters in file name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -832,7 +842,7 @@ if (isset($_GET['dl'])) { fm_download_file($path . '/' . $dl, $dl, 1024); exit; } else { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } } @@ -860,6 +870,14 @@ if (!empty($_FILES) && !FM_READONLY) { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; + if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) { + $response = array ( + 'status' => 'error', + 'info' => "Invalid File name!", + ); + echo json_encode($response); exit(); + } + $targetPath = $path . $ds; if ( is_writable($targetPath) ) { $fullPath = $path . '/' . $_REQUEST['fullpath']; @@ -927,12 +945,12 @@ if (isset($_POST['group'], $_POST['delete']) && !FM_READONLY) { } } if ($errors == 0) { - fm_set_msg('Selected files and folder deleted'); + fm_set_msg(lng('Selected files and folder deleted')); } else { - fm_set_msg('Error while deleting items', 'error'); + fm_set_msg(lng('Error while deleting items'), 'error'); } } else { - fm_set_msg('Nothing selected', 'alert'); + fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); @@ -951,7 +969,7 @@ if (isset($_POST['group']) && (isset($_POST['zip']) || isset($_POST['tar'])) && if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { - fm_set_msg('Operations with archives are not available', 'error'); + fm_set_msg(lng('Operations with archives are not available'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -976,12 +994,12 @@ if (isset($_POST['group']) && (isset($_POST['zip']) || isset($_POST['tar'])) && } if ($res) { - fm_set_msg(sprintf('Archive %s created', fm_enc($zipname))); + fm_set_msg(sprintf(lng('Archive').' %s '.lng('Created'), fm_enc($zipname))); } else { - fm_set_msg('Archive not created', 'error'); + fm_set_msg(lng('Archive not created'), 'error'); } } else { - fm_set_msg('Nothing selected', 'alert'); + fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); @@ -1004,12 +1022,12 @@ if (isset($_GET['unzip']) && !FM_READONLY) { $ext = pathinfo($zip_path, PATHINFO_EXTENSION); $isValid = true; } else { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); } if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { - fm_set_msg('Operations with archives are not available', 'error'); + fm_set_msg(lng('Operations with archives are not available'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1041,13 +1059,13 @@ if (isset($_GET['unzip']) && !FM_READONLY) { } if ($res) { - fm_set_msg('Archive unpacked'); + fm_set_msg(lng('Archive unpacked')); } else { - fm_set_msg('Archive not unpacked', 'error'); + fm_set_msg(lng('Archive not unpacked'), 'error'); } } else { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1063,7 +1081,7 @@ if (isset($_POST['chmod']) && !FM_READONLY && !FM_IS_WIN) { $file = fm_clean_path($file); $file = str_replace('/', '', $file); if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1097,9 +1115,9 @@ if (isset($_POST['chmod']) && !FM_READONLY && !FM_IS_WIN) { } if (@chmod($path . '/' . $file, $mode)) { - fm_set_msg('Permissions changed'); + fm_set_msg(lng('Permissions changed')); } else { - fm_set_msg('Permissions not changed', 'error'); + fm_set_msg(lng('Permissions not changed'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); @@ -1181,7 +1199,7 @@ if (isset($_GET['upload']) && !FM_READONLY) {

- : + :

@@ -1237,7 +1255,7 @@ if (isset($_GET['upload']) && !FM_READONLY) { if (isset($_POST['copy']) && !FM_READONLY) { $copy_files = isset($_POST['file']) ? $_POST['file'] : null; if (!is_array($copy_files) || empty($copy_files)) { - fm_set_msg('Nothing selected', 'alert'); + fm_set_msg(lng('Nothing selected'), 'alert'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1282,7 +1300,7 @@ if (isset($_GET['copy']) && !isset($_GET['finish']) && !FM_READONLY) { $copy = $_GET['copy']; $copy = fm_clean_path($copy); if ($copy == '' || !file_exists(FM_ROOT_PATH . '/' . $copy)) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1300,7 +1318,7 @@ if (isset($_GET['copy']) && !isset($_GET['finish']) && !FM_READONLY) { Move   Cancel

-

Select folder

+

+ +
+ +
+ +
+
@@ -1499,7 +1527,7 @@ if (isset($_GET['view'])) { $file = fm_clean_path($file, false); $file = str_replace('/', '', $file); if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1513,7 +1541,8 @@ if (isset($_GET['view'])) { $ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); $mime_type = fm_get_mime_type($file_path); - $filesize = fm_get_filesize(filesize($file_path)); + $filesize_raw = fm_get_size($file_path); + $filesize = fm_get_filesize($filesize_raw); $is_zip = false; $is_gzip = false; @@ -1556,9 +1585,7 @@ if (isset($_GET['view'])) {

""

Full path:
- File - size: = 1000): ?> () -
+ File size:
MIME-type:
'; } else { - echo '

Error while fetching archive info

'; + echo '

'.lng('Error while fetching archive info').'

'; } } elseif ($is_image) { // Image content - if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg'))) { + if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))) { echo '

'; } } elseif ($is_audio) { @@ -1695,7 +1722,7 @@ if (isset($_GET['edit'])) { $file = fm_clean_path($file, false); $file = str_replace('/', '', $file); if ($file == '' || !is_file($path . '/' . $file)) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } header('X-XSS-Protection:0'); @@ -1719,7 +1746,7 @@ if (isset($_GET['edit'])) { $fd = fopen($file_path, "w"); @fwrite($fd, $writedata); fclose($fd); - fm_set_msg('File Saved Successfully'); + fm_set_msg(lng('File Saved Successfully')); } $ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); @@ -1748,7 +1775,7 @@ if (isset($_GET['edit'])) { - +
@@ -1775,7 +1802,7 @@ if (isset($_GET['edit'])) { } elseif ($is_text) { echo '
' . htmlspecialchars($content) . '
'; } else { - fm_set_msg('FILE EXTENSION HAS NOT SUPPORTED', 'error'); + fm_set_msg(lng('FILE EXTENSION HAS NOT SUPPORTED'), 'error'); } ?> @@ -1790,7 +1817,7 @@ if (isset($_GET['chmod']) && !FM_READONLY && !FM_IS_WIN) { $file = fm_clean_path($file); $file = str_replace('/', '', $file); if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) { - fm_set_msg('File not found', 'error'); + fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } @@ -1946,7 +1973,7 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white "> - + @@ -1954,7 +1981,7 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white - + @@ -1992,15 +2019,15 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white -
+
+ if (in_array(strtolower(pathinfo($f, PATHINFO_EXTENSION)), array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))): ?> - + - + ' . readlink($path . '/' . $f) . '' : '') ?>
@@ -2015,10 +2042,10 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white - + - + @@ -2049,7 +2076,6 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white '.fm_get_filesize($all_files_size).'' ?> '.$num_files.'' ?> '.$num_folders.'' ?> - '.fm_get_filesize(@memory_get_usage(true)).'' ?> '.fm_get_filesize(@disk_free_space($path)) .' '.lng('FreeOf').' '.fm_get_filesize(@disk_total_space($path)).''; ?> @@ -2067,11 +2093,11 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white
    • -
  • +
    • -
  • +
    • -
  • +
    • @@ -2376,7 +2402,15 @@ function fm_get_parent_path($path) */ function fm_is_exclude_items($file) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); - if(!in_array($file, FM_EXCLUDE_ITEMS) && !in_array("*.$ext", FM_EXCLUDE_ITEMS)) { + if (isset($exclude_items) and sizeof($exclude_items)) { + unset($exclude_items); + } + + $exclude_items = FM_EXCLUDE_ITEMS; + if (version_compare(PHP_VERSION, '7.0.0', '<')) { + $exclude_items = unserialize($exclude_items); + } + if (!in_array($file, $exclude_items) && !in_array("*.$ext", $exclude_items)) { return true; } return false; @@ -2421,7 +2455,7 @@ function fm_get_size($file) static $isdarwin; if (!isset($iswin)) { $iswin = (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'); - } + } if (!isset($isdarwin)) { $isdarwin = (strtoupper(substr(PHP_OS, 0)) == "DARWIN"); } @@ -2630,6 +2664,8 @@ function fm_get_file_icon_class($path) case 'bmp': case 'tif': case 'tiff': + case 'webp': + case 'avif': case 'svg': $img = 'fa fa-picture-o'; break; @@ -2648,6 +2684,7 @@ function fm_get_file_icon_class($path) case 'cpp': case 'cs': case 'py': + case 'rs': case 'map': case 'lock': case 'dtd': @@ -2666,11 +2703,13 @@ function fm_get_file_icon_class($path) case 'scss': $img = 'fa fa-css3'; break; + case 'bz2': case 'zip': case 'rar': case 'gz': case 'tar': case '7z': + case 'xz': $img = 'fa fa-file-archive-o'; break; case 'php': @@ -2708,6 +2747,7 @@ function fm_get_file_icon_class($path) case 'm3u8': case 'pls': case 'cue': + case 'xspf': $img = 'fa fa-headphones'; break; case 'avi': @@ -2739,6 +2779,7 @@ function fm_get_file_icon_class($path) $img = 'fa fa-file-text-o'; break; case 'bak': + case 'swp': $img = 'fa fa-clipboard'; break; case 'doc': @@ -2789,7 +2830,7 @@ function fm_get_file_icon_class($path) */ function fm_get_image_exts() { - return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg'); + return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg', 'webp', 'avif'); } /** @@ -2876,6 +2917,8 @@ function fm_get_file_mimes($extension) $fileTypes['png'] = 'image/png'; $fileTypes['jpeg'] = 'image/jpg'; $fileTypes['jpg'] = 'image/jpg'; + $fileTypes['webp'] = 'image/webp'; + $fileTypes['avif'] = 'image/avif'; $fileTypes['rar'] = 'application/rar'; $fileTypes['ra'] = 'audio/x-pn-realaudio'; @@ -2903,6 +2946,10 @@ function fm_get_file_mimes($extension) $fileTypes['php'] = ['application/x-php']; $fileTypes['html'] = ['text/html']; $fileTypes['txt'] = ['text/plain']; + //Unknown mime-types should be 'application/octet-stream' + if(empty($fileTypes[$extension])) { + $fileTypes[$extension] = ['application/octet-stream']; + } return $fileTypes[$extension]; } @@ -2994,7 +3041,7 @@ function fm_download_file($fileLocation, $fileName, $chunkSize = 1024) print(@fread($fp, 1024*$chunkSize)); flush(); ob_flush(); - sleep(1); + // sleep(1); } fclose($fp); @@ -3331,7 +3378,7 @@ function fm_show_nav_path($path)
    - Advanced Search +
    @@ -3404,9 +3451,9 @@ global $lang, $root_url, $favicon_path; - + '; } ?> <?php echo fm_enc(APP_TITLE) ?> - +