mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-08 08:52:23 +02:00
parent
03c3f6d7f9
commit
a04567d3ba
|
@ -38,7 +38,7 @@ Default username/password: **admin/admin@123** and **user/12345**.
|
||||||
|
|
||||||
To enable/disable authentication set `$use_auth` to true or false.
|
To enable/disable authentication set `$use_auth` to true or false.
|
||||||
|
|
||||||
:information_source: The default configuration will be loaded from `config.php`, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
:information_source: Rename the `config-sample.php` file into `config.php` to use configuration, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
||||||
|
|
||||||
### :loudspeaker: Features
|
### :loudspeaker: Features
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
#################################################################################################################
|
#################################################################################################################
|
||||||
This is an OPTIONAL configuration file.
|
This is an OPTIONAL configuration file. rename this file into config.php to use this configuration
|
||||||
The role of this file is to make updating of "tinyfilemanager.php" easier.
|
The role of this file is to make updating of "tinyfilemanager.php" easier.
|
||||||
So you can:
|
So you can:
|
||||||
-Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
-Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
||||||
|
@ -85,7 +85,7 @@ $favicon_path = '';
|
||||||
|
|
||||||
// Files and folders to excluded from listing
|
// Files and folders to excluded from listing
|
||||||
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
|
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
|
||||||
$exclude_items = array();
|
$exclude_items = array('');
|
||||||
|
|
||||||
// Online office Docs Viewer
|
// Online office Docs Viewer
|
||||||
// Availabe rules are 'google', 'microsoft' or false
|
// Availabe rules are 'google', 'microsoft' or false
|
|
@ -3,13 +3,13 @@
|
||||||
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"calc_folder":false}';
|
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"calc_folder":false}';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* H3K | Tiny File Manager V2.4.4
|
* H3K | Tiny File Manager V2.4.5
|
||||||
* CCP Programmers | ccpprogrammers@gmail.com
|
* CCP Programmers | ccpprogrammers@gmail.com
|
||||||
* https://tinyfilemanager.github.io
|
* https://tinyfilemanager.github.io
|
||||||
*/
|
*/
|
||||||
|
|
||||||
//TFM version
|
//TFM version
|
||||||
define('VERSION', '2.4.4');
|
define('VERSION', '2.4.5');
|
||||||
|
|
||||||
//Application Title
|
//Application Title
|
||||||
define('APP_TITLE', 'Tiny File Manager');
|
define('APP_TITLE', 'Tiny File Manager');
|
||||||
|
@ -526,16 +526,6 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
||||||
$path .= '/' . FM_PATH;
|
$path .= '/' . FM_PATH;
|
||||||
}
|
}
|
||||||
|
|
||||||
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
|
||||||
$use_curl = false;
|
|
||||||
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
|
||||||
$fileinfo = new stdClass();
|
|
||||||
$fileinfo->name = trim(basename($url), ".\x00..\x20");
|
|
||||||
|
|
||||||
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
|
|
||||||
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
|
||||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
|
||||||
|
|
||||||
function event_callback ($message) {
|
function event_callback ($message) {
|
||||||
global $callback;
|
global $callback;
|
||||||
echo json_encode($message);
|
echo json_encode($message);
|
||||||
|
@ -546,6 +536,28 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
||||||
return $path."/".basename($fileinfo->name);
|
return $path."/".basename($fileinfo->name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
||||||
|
|
||||||
|
//prevent 127.* domain and known ports
|
||||||
|
$domain = parse_url($url, PHP_URL_HOST);
|
||||||
|
$port = parse_url($url, PHP_URL_PORT);
|
||||||
|
$knownPorts = [22, 23, 25, 3306];
|
||||||
|
|
||||||
|
if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) {
|
||||||
|
$err = array("message" => "URL is not allowed");
|
||||||
|
event_callback(array("fail" => $err));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
$use_curl = false;
|
||||||
|
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
||||||
|
$fileinfo = new stdClass();
|
||||||
|
$fileinfo->name = trim(basename($url), ".\x00..\x20");
|
||||||
|
|
||||||
|
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
|
||||||
|
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
||||||
|
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||||
|
|
||||||
$err = false;
|
$err = false;
|
||||||
|
|
||||||
if(!$isFileAllowed) {
|
if(!$isFileAllowed) {
|
||||||
|
@ -855,6 +867,14 @@ if (!empty($_FILES) && !FM_READONLY) {
|
||||||
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||||
|
|
||||||
|
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
|
||||||
|
$response = array (
|
||||||
|
'status' => 'error',
|
||||||
|
'info' => "Invalid File name!",
|
||||||
|
);
|
||||||
|
echo json_encode($response); exit();
|
||||||
|
}
|
||||||
|
|
||||||
$targetPath = $path . $ds;
|
$targetPath = $path . $ds;
|
||||||
if ( is_writable($targetPath) ) {
|
if ( is_writable($targetPath) ) {
|
||||||
$fullPath = $path . '/' . $_REQUEST['fullpath'];
|
$fullPath = $path . '/' . $_REQUEST['fullpath'];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"appName": "Tiny File Manager",
|
"appName": "Tiny File Manager",
|
||||||
"version": "2.4.3",
|
"version": "2.4.5",
|
||||||
"language": [
|
"language": [
|
||||||
{
|
{
|
||||||
"name": "Norsk",
|
"name": "Norsk",
|
||||||
|
@ -80,9 +80,9 @@
|
||||||
"You are logged in": "Du er innlogget",
|
"You are logged in": "Du er innlogget",
|
||||||
"Login failed. Invalid username or password": "Innlogging feilet. Feil brukernavn eller passord",
|
"Login failed. Invalid username or password": "Innlogging feilet. Feil brukernavn eller passord",
|
||||||
"password_hash not supported, Upgrade PHP version": "password_hash er ikke støttet, venligst oppdater PHP versjonen"
|
"password_hash not supported, Upgrade PHP version": "password_hash er ikke støttet, venligst oppdater PHP versjonen"
|
||||||
|
|
||||||
}
|
}
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"name": "فارسی",
|
"name": "فارسی",
|
||||||
"code": "Fa",
|
"code": "Fa",
|
||||||
"translation": {
|
"translation": {
|
||||||
|
@ -765,7 +765,7 @@
|
||||||
"Generate": "建立",
|
"Generate": "建立",
|
||||||
"FullSize": "所有檔案容量",
|
"FullSize": "所有檔案容量",
|
||||||
"MemoryUsed": "使用的記憶體大小",
|
"MemoryUsed": "使用的記憶體大小",
|
||||||
"PartitionSize" : "剩餘可用空間",
|
"PartitionSize": "剩餘可用空間",
|
||||||
"FreeOf": "硬碟容量:"
|
"FreeOf": "硬碟容量:"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -1449,7 +1449,7 @@
|
||||||
"FreeOf": "voľné z"
|
"FreeOf": "voľné z"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "Suomi",
|
"name": "Suomi",
|
||||||
"code": "fi",
|
"code": "fi",
|
||||||
"translation": {
|
"translation": {
|
||||||
|
@ -1517,7 +1517,7 @@
|
||||||
"Generate new password hash": "Luo uusi salasana-hash",
|
"Generate new password hash": "Luo uusi salasana-hash",
|
||||||
"HideColumns": "Piilota oikeudet-/omistaja-sarakkeet"
|
"HideColumns": "Piilota oikeudet-/omistaja-sarakkeet"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "한국어",
|
"name": "한국어",
|
||||||
"code": "ko",
|
"code": "ko",
|
||||||
|
|
Loading…
Reference in a new issue