deblan-mirror/tinyfilemanager
deblan-mirror/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager synced 2024-05-01 05:22:51 +02:00
Code Issues Projects Releases Wiki Activity

Some language strings are missing. And other... #192

Browse source 
view file is insecure #187
Get files size (recursive) #186
There is no possibility for translation for some hints (title =) #185
View dirSize instead of word "Folder" #184
Document type detection #183
Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180
strings in code #177
Remove tracking #164
This commit is contained in:
Prasath Mani 2019-07-23 12:56:01 +05:30
parent 21094a66ee
commit 3114fa92e3
2 changed files with 102 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

129
tinyfilemanager.php
View file

@ -1,15 +1,15 @@
<?php
//Default Configuration
$CONFIG = '{"lang":"Ar","error_reporting":false,"show_hidden":false}';
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":true,"hide_Cols":false,"calc_folder":false}';
/**
* H3K | Tiny File Manager V2.3.6
* H3K | Tiny File Manager V2.3.8
* CCP Programmers | ccpprogrammers@gmail.com
* https://tinyfilemanager.github.io
*/
//TFM version
define('VERSION', '2.3.6');
define('VERSION', '2.3.8');
//Application Title
define('APP_TITLE', 'Tiny File Manager');
@ -131,6 +131,12 @@ $show_hidden_files = isset($cfg->data['show_hidden']) ? $cfg->data['show_hidden'
// PHP error reporting - false = Turns off Errors, true = Turns on Errors
$report_errors = isset($cfg->data['error_reporting']) ? $cfg->data['error_reporting'] : true;
// Hide Permissions and Owner cols in file-listing
$hide_Cols = isset($cfg->data['hide_Cols']) ? $cfg->data['hide_Cols'] : true;
// Show Dirsize: true or speedup output: false
$calc_folder = isset($cfg->data['calc_folder']) ? $cfg->data['calc_folder'] : true;
//available languages
$lang_list = array(
'en' => 'English'
@ -144,9 +150,6 @@ if ($report_errors == true) {
@ini_set('display_errors', 0);
}
// Set Cookie
setcookie('fm_cache', true, 2147483647, "/");
// if fm included
if (defined('FM_EMBED')) {
$use_auth = false;
@ -303,7 +306,6 @@ if ($use_auth) {
</div>
<div class="footer text-center">
&mdash;&mdash; &copy;
<?php if(!isset($_COOKIE['fm_cache'])) { ?> <img src="https://logs-01.loggly.com/inputs/d8bad570-def7-44d4-922c-a8680d936ae6.gif?s=1" /> <?php } ?>
<a href="https://tinyfilemanager.github.io/" target="_blank" class="text-muted" data-version="<?php echo VERSION; ?>">CCP Programmers</a> &mdash;&mdash;
</div>
</div>
@ -409,7 +411,7 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
// Save Config
if (isset($_POST['type']) && $_POST['type'] == "settings") {
global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list;
global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $calc_folder;
$newLng = $_POST['js-language'];
fm_get_translations([]);
if (!array_key_exists($newLng, $lang_list)) {
@ -418,6 +420,8 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
$erp = isset($_POST['js-error-report']) && $_POST['js-error-report'] == "true" ? true : false;
$shf = isset($_POST['js-show-hidden']) && $_POST['js-show-hidden'] == "true" ? true : false;
$hco = isset($_POST['js-hide-cols']) && $_POST['js-hide-cols'] == "true" ? true : false;
$caf = isset($_POST['js-calc-folder']) && $_POST['js-calc-folder'] == "true" ? true : false;
if ($cfg->data['lang'] != $newLng) {
$cfg->data['lang'] = $newLng;
@ -431,6 +435,18 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
$cfg->data['show_hidden'] = $shf;
$show_hidden_files = $shf;
}
if ($cfg->data['show_hidden'] != $shf) {
$cfg->data['show_hidden'] = $shf;
$show_hidden_files = $shf;
}
if ($cfg->data['hide_Cols'] != $hco) {
$cfg->data['hide_Cols'] = $hco;
$hide_Cols = $hco;
}
if ($cfg->data['calc_folder'] != $caf) {
$cfg->data['calc_folder'] = $caf;
$calc_folder = $caf;
}
$cfg->save();
echo true;
}
@ -675,7 +691,7 @@ if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) {
$old = str_replace('/', '', $old);
// new name
$new = $_GET['to'];
$new = fm_clean_path($new);
$new = fm_clean_path(strip_tags($new));
$new = str_replace('/', '', $new);
// path
$path = FM_ROOT_PATH;
@ -1229,6 +1245,34 @@ if (isset($_GET['settings']) && !FM_READONLY) {
</div>
</div>
<div class="form-group row">
<label for="js-hid-1" class="col-sm-3 col-form-label"><?php echo lng('HideColumns') ?></label>
<div class="col-sm-9">
<div class="btn-group btn-group-toggle" data-toggle="buttons">
<label class="btn btn-secondary <?php echo getChecked($hide_Cols, 1, 'active') ?>">
<input type="radio" name="js-hide-cols" id="js-hid-1" autocomplete="off" value="true" <?php echo getChecked($hide_Cols, 1, 'checked') ?> > ON
</label>
<label class="btn btn-secondary <?php echo getChecked($hide_Cols, '', 'active') ?>">
<input type="radio" name="js-hide-cols" id="js-hid-0" autocomplete="off" value="false" <?php echo getChecked($hide_Cols, '', 'checked') ?> > OFF
</label>
</div>
</div>
</div>
<div class="form-group row">
<label for="js-dir-1" class="col-sm-3 col-form-label"><?php echo lng('CalculateFolderSize') ?></label>
<div class="col-sm-9">
<div class="btn-group btn-group-toggle" data-toggle="buttons">
<label class="btn btn-secondary <?php echo getChecked($calc_folder, 1, 'active') ?>">
<input type="radio" name="js-calc-folder" id="js-dir-1" autocomplete="off" value="true" <?php echo getChecked($calc_folder, 1, 'checked') ?> > ON
</label>
<label class="btn btn-secondary <?php echo getChecked($calc_folder, '', 'active') ?>">
<input type="radio" name="js-calc-folder" id="js-dir-0" autocomplete="off" value="false" <?php echo getChecked($calc_folder, '', 'checked') ?> > OFF
</label>
</div>
</div>
</div>
<div class="form-group row">
<div class="col-sm-10">
<button type="submit" class="btn btn-success"> <i class="fa fa-check-circle"></i> <?php echo lng('Save'); ?></button>
@ -1267,10 +1311,10 @@ if (isset($_GET['help'])) {
<div class="card">
<ul class="list-group list-group-flush">
<li class="list-group-item"><a href="https://tinyfilemanager.github.io/" target="_blank"><i class="fa fa-question-circle"></i> <?php echo lng('Help Documents') ?> </a> </li>
<li class="list-group-item"><a href="https://github.com/prasathmani/tinyfilemanager/issues" target="_blank"><i class="fa fa-bug"></i><?php echo lng('Report Issue') ?></a></li>
<li class="list-group-item"><a href="javascript:latest_release_info('<?php echo VERSION; ?>');" target="_blank"><i class="fa fa-link"></i><?php echo lng('Check Latest Version') ?></a></li>
<li class="list-group-item"><a href="https://github.com/prasathmani/tinyfilemanager/issues" target="_blank"><i class="fa fa-bug"></i> <?php echo lng('Report Issue') ?></a></li>
<li class="list-group-item"><a href="javascript:latest_release_info('<?php echo VERSION; ?>');" target="_blank"><i class="fa fa-link"> </i> <?php echo lng('Check Latest Version') ?></a></li>
<?php if(!FM_READONLY) { ?>
<li class="list-group-item"><a href="javascript:show_new_pwd();" target="_blank"><i class="fa fa-lock"></i><?php echo lng('Generate new password hash') ?></a></li>
<li class="list-group-item"><a href="javascript:show_new_pwd();" target="_blank"><i class="fa fa-lock"></i> <?php echo lng('Generate new password hash') ?></a></li>
<?php } ?>
</ul>
</div>
@ -1306,7 +1350,7 @@ if (isset($_GET['view'])) {
$quickView = (isset($_GET['quickView']) && $_GET['quickView'] == 1) ? true : false;
$file = fm_clean_path($file);
$file = str_replace('/', '', $file);
if ($file == '' || !is_file($path . '/' . $file)) {
if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
fm_set_msg('File not found', 'error');
fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));
}
@ -1690,7 +1734,7 @@ $all_files_size = 0;
<th><?php echo lng('Name') ?></th>
<th><?php echo lng('Size') ?></th>
<th><?php echo lng('Modified') ?></th>
<?php if (!FM_IS_WIN): ?>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<th><?php echo lng('Perms') ?></th>
<th><?php echo lng('Owner') ?></th><?php endif; ?>
<th><?php echo lng('Actions') ?></th>
@ -1706,7 +1750,7 @@ $all_files_size = 0;
<td class="border-0"></td>
<td class="border-0"></td>
<td class="border-0"></td>
<?php if (!FM_IS_WIN) { ?>
<?php if (!FM_IS_WIN && !$hide_Cols) { ?>
<td class="border-0"></td>
<td class="border-0"></td>
<?php } ?>
@ -1739,9 +1783,9 @@ $all_files_size = 0;
<div class="filename"><a href="?p=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?>
</a><?php echo($is_link ? ' &rarr; <i>' . readlink($path . '/' . $f) . '</i>' : '') ?></div>
</td>
<td><?php echo lng('Folder') ?></td>
<td><?php if ($calc_folder) { echo fm_get_directorysize($path . '/' . $f); } else { echo "Folder"; } ?></td>
<td><?php echo $modif ?></td>
<?php if (!FM_IS_WIN): ?>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<td><?php if (!FM_READONLY): ?><a title="Change Permissions" href="?p=<?php echo urlencode(FM_PATH) ?>&amp;chmod=<?php echo urlencode($f) ?>"><?php echo $perms ?></a><?php else: ?><?php echo $perms ?><?php endif; ?>
</td>
<td><?php echo $owner['name'] . ':' . $group['name'] ?></td>
@ -1788,9 +1832,11 @@ $all_files_size = 0;
<div class="filename"><a href="<?php echo $filelink ?>" title="File info"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?>
</a><?php echo($is_link ? ' &rarr; <i>' . readlink($path . '/' . $f) . '</i>' : '') ?></div>
</td>
<td><span title="<?php printf('%s bytes', $filesize_raw) ?>"><?php echo $filesize ?></span></td>
<td><span title="<?php printf('%s bytes', $filesize_raw) ?>">
<?php echo $filesize; ?>
</span></td>
<td><?php echo $modif ?></td>
<?php if (!FM_IS_WIN): ?>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<td><?php if (!FM_READONLY): ?><a title="<?php echo 'Change Permissions' ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&amp;chmod=<?php echo urlencode($f) ?>"><?php echo $perms ?></a><?php else: ?><?php echo $perms ?><?php endif; ?>
</td>
<td><?php echo fm_enc($owner['name'] . ':' . $group['name']) ?></td>
@ -1827,7 +1873,7 @@ $all_files_size = 0;
<tr><?php if (!FM_READONLY): ?>
<td class="gray"></td><?php endif; ?>
<td class="gray" colspan="<?php echo !FM_IS_WIN ? '6' : '4' ?>">
<?php echo lng('FullSize').': <span title="'.printf('%s bytes', $all_files_size).'"><span class="badge badge-light">'.fm_get_filesize($all_files_size).'</span>' ?></span>
<?php echo lng('FullSize').': <span class="badge badge-light">'.fm_get_filesize($all_files_size).'</span>' ?>
<?php echo lng('File').': <span class="badge badge-light">'.$num_files.'</span>' ?>
<?php echo lng('Folder').': <span class="badge badge-light">'.$num_folders.'</span>' ?>
<?php echo lng('MemoryUsed').': <span class="badge badge-light">'.fm_get_filesize(@memory_get_usage(true)).'</span>' ?>
@ -2209,6 +2255,27 @@ function fm_get_filesize($size)
}
}
/**
* Get director total size
* @param string $directory
* @return string
*/
function fm_get_directorysize($directory) {
global $calc_folder;
if ($calc_folder==true) { // Slower output
$size = 0; $count= 0; $dirCount= 0;
foreach(new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $file)
if ($file->isFile())
{ $size+=$file->getSize();
$count++;
}
else if ($file->isDir()) { $dirCount++; }
// return [$size, $count, $dirCount];
return fm_get_filesize($size);
}
else return 'Folder'; // Quick output
}
/**
* Get info about zip archive
* @param string $path
@ -3487,11 +3554,14 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
});
});
</script>
<?php if (isset($_GET['edit']) && isset($_GET['env']) && FM_EDIT_FILE): ?>
<?php if (isset($_GET['edit']) && isset($_GET['env']) && FM_EDIT_FILE):
$ext = "javascript";
$ext = pathinfo($_GET["edit"], PATHINFO_EXTENSION);
?>
<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.1/ace.js"></script>
<script>
var editor = ace.edit("editor");
editor.getSession().setMode("ace/mode/javascript");
editor.getSession().setMode( {path:"ace/mode/<?php echo $ext; ?>", inline:true} );
//editor.setTheme("ace/theme/twilight"); //Dark Theme
function ace_commend (cmd) { editor.commands.exec(cmd, editor); }
editor.commands.addCommands([{
@ -3499,9 +3569,10 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
exec: function(editor) { edit_save(this, 'ace'); }
}]);
function renderThemeMode() {
var $modeEl = $("select#js-ace-mode"), $themeEl = $("select#js-ace-theme"), optionNode = function(type, arr){ var $Option = ""; $.each(arr, function(i, val) { $Option += "<option value='"+type+i+"'>" + val + "</option>"; }); return $Option; };
if(window.config && window.config.aceMode) { $modeEl.html(optionNode("ace/mode/", window.config.aceMode)); }
if(window.config && window.config.aceTheme) { var lightTheme = optionNode("ace/theme/", window.config.aceTheme.bright), darkTheme = optionNode("ace/theme/", window.config.aceTheme.dark); $themeEl.html("<optgroup label=\"Bright\">"+lightTheme+"</optgroup><optgroup label=\"Dark\">"+darkTheme+"</optgroup>");}
var $modeEl = $("select#js-ace-mode"), $themeEl = $("select#js-ace-theme"), optionNode = function(type, arr){ var $Option = ""; $.each(arr, function(i, val) { $Option += "<option value='"+type+i+"'>" + val + "</option>"; }); return $Option; },
_data = {"aceTheme":{"bright":{"chrome":"Chrome","clouds":"Clouds","crimson_editor":"Crimson Editor","dawn":"Dawn","dreamweaver":"Dreamweaver","eclipse":"Eclipse","github":"GitHub","iplastic":"IPlastic","solarized_light":"Solarized Light","textmate":"TextMate","tomorrow":"Tomorrow","xcode":"XCode","kuroir":"Kuroir","katzenmilch":"KatzenMilch","sqlserver":"SQL Server"},"dark":{"ambiance":"Ambiance","chaos":"Chaos","clouds_midnight":"Clouds Midnight","dracula":"Dracula","cobalt":"Cobalt","gruvbox":"Gruvbox","gob":"Green on Black","idle_fingers":"idle Fingers","kr_theme":"krTheme","merbivore":"Merbivore","merbivore_soft":"Merbivore Soft","mono_industrial":"Mono Industrial","monokai":"Monokai","pastel_on_dark":"Pastel on dark","solarized_dark":"Solarized Dark","terminal":"Terminal","tomorrow_night":"Tomorrow Night","tomorrow_night_blue":"Tomorrow Night Blue","tomorrow_night_bright":"Tomorrow Night Bright","tomorrow_night_eighties":"Tomorrow Night 80s","twilight":"Twilight","vibrant_ink":"Vibrant Ink"}},"aceMode":{"javascript":"JavaScript","abap":"ABAP","abc":"ABC","actionscript":"ActionScript","ada":"ADA","apache_conf":"Apache Conf","asciidoc":"AsciiDoc","asl":"ASL","assembly_x86":"Assembly x86","autohotkey":"AutoHotKey","apex":"Apex","batchfile":"BatchFile","bro":"Bro","c_cpp":"C and C++","c9search":"C9Search","cirru":"Cirru","clojure":"Clojure","cobol":"Cobol","coffee":"CoffeeScript","coldfusion":"ColdFusion","csharp":"C#","csound_document":"Csound Document","csound_orchestra":"Csound","csound_score":"Csound Score","css":"CSS","curly":"Curly","d":"D","dart":"Dart","diff":"Diff","dockerfile":"Dockerfile","dot":"Dot","drools":"Drools","edifact":"Edifact","eiffel":"Eiffel","ejs":"EJS","elixir":"Elixir","elm":"Elm","erlang":"Erlang","forth":"Forth","fortran":"Fortran","fsharp":"FSharp","fsl":"FSL","ftl":"FreeMarker","gcode":"Gcode","gherkin":"Gherkin","gitignore":"Gitignore","glsl":"Glsl","gobstones":"Gobstones","golang":"Go","graphqlschema":"GraphQLSchema","groovy":"Groovy","haml":"HAML","handlebars":"Handlebars","haskell":"Haskell","haskell_cabal":"Haskell Cabal","haxe":"haXe","hjson":"Hjson","html":"HTML","html_elixir":"HTML (Elixir)","html_ruby":"HTML (Ruby)","ini":"INI","io":"Io","jack":"Jack","jade":"Jade","java":"Java","json":"JSON","jsoniq":"JSONiq","jsp":"JSP","jssm":"JSSM","jsx":"JSX","julia":"Julia","kotlin":"Kotlin","latex":"LaTeX","less":"LESS","liquid":"Liquid","lisp":"Lisp","livescript":"LiveScript","logiql":"LogiQL","lsl":"LSL","lua":"Lua","luapage":"LuaPage","lucene":"Lucene","makefile":"Makefile","markdown":"Markdown","mask":"Mask","matlab":"MATLAB","maze":"Maze","mel":"MEL","mixal":"MIXAL","mushcode":"MUSHCode","mysql":"MySQL","nix":"Nix","nsis":"NSIS","objectivec":"Objective-C","ocaml":"OCaml","pascal":"Pascal","perl":"Perl","perl6":"Perl 6","pgsql":"pgSQL","php_laravel_blade":"PHP (Blade Template)","php":"PHP","puppet":"Puppet","pig":"Pig","powershell":"Powershell","praat":"Praat","prolog":"Prolog","properties":"Properties","protobuf":"Protobuf","python":"Python","r":"R","razor":"Razor","rdoc":"RDoc","red":"Red","rhtml":"RHTML","rst":"RST","ruby":"Ruby","rust":"Rust","sass":"SASS","scad":"SCAD","scala":"Scala","scheme":"Scheme","scss":"SCSS","sh":"SH","sjs":"SJS","slim":"Slim","smarty":"Smarty","snippets":"snippets","soy_template":"Soy Template","space":"Space","sql":"SQL","sqlserver":"SQLServer","stylus":"Stylus","svg":"SVG","swift":"Swift","tcl":"Tcl","terraform":"Terraform","tex":"Tex","text":"Text","textile":"Textile","toml":"Toml","tsx":"TSX","twig":"Twig","typescript":"Typescript","vala":"Vala","vbscript":"VBScript","velocity":"Velocity","verilog":"Verilog","vhdl":"VHDL","visualforce":"Visualforce","wollok":"Wollok","xml":"XML","xquery":"XQuery","yaml":"YAML","django":"Django"}};
if(_data && _data.aceMode) { $modeEl.html(optionNode("ace/mode/", _data.aceMode)); }
if(_data && _data.aceTheme) { var lightTheme = optionNode("ace/theme/", _data.aceTheme.bright), darkTheme = optionNode("ace/theme/", _data.aceTheme.dark); $themeEl.html("<optgroup label=\"Bright\">"+lightTheme+"</optgroup><optgroup label=\"Dark\">"+darkTheme+"</optgroup>");}
}
$(function(){
@ -3619,10 +3690,12 @@ function lng($txt) {
$tr['en']['ErrorReporting'] = 'Error Reporting'; $tr['en']['ShowHiddenFiles'] = 'Show Hidden Files';
$tr['en']['Full size'] = 'Full size'; $tr['en']['Help'] = 'Help';
$tr['en']['Free of'] = 'Free of'; $tr['en']['Preview'] = 'Preview';
$tr['en']['Help Documents'] = 'Help Documents'; $tr['en']['Report Issue'] = 'Report Issue';
$tr['en']['Generate'] = 'Generate'; $tr['en']['Generate new password hash'] = 'Generate new password hash';
$tr['en']['Check Latest Version']= 'Check Latest Version';
$tr['en']['Generate'] = 'Generate'; $tr['en']['FullSize'] = 'Full Size';
$tr['en']['FreeOf'] = 'free of'; $tr['en']['CalculateFolderSize']= 'Calculate folder size';
$tr['en']['Check Latest Version']= 'Check Latest Version';
$tr['en']['Generate new password hash'] = 'Generate new password hash';
$tr['en']['HideColumns'] = 'Hide Perms/Owner columns';
$i18n = fm_get_translations($tr);
$tr = $i18n ? $i18n : $tr;

2
translation.json
View file

@ -1,6 +1,6 @@
{
"appName": "Tiny File Manager",
"version": "2.3.5",
"version": "2.3.8",
"language": [
{
"name": "русский",