mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-05-03 14:23:14 +02:00
Prasath Mani
parent
03c3f6d7f9
commit
a04567d3ba
|
|
@ -38,7 +38,7 @@ Default username/password: **admin/admin@123** and **user/12345**.
|
|||
|
||||
To enable/disable authentication set `$use_auth` to true or false.
|
||||
|
||||
:information_source: The default configuration will be loaded from `config.php`, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
||||
:information_source: Rename the `config-sample.php` file into `config.php` to use configuration, it is an additional configuration file, Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
||||
|
||||
### :loudspeaker: Features
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
/*
|
||||
#################################################################################################################
|
||||
This is an OPTIONAL configuration file.
|
||||
This is an OPTIONAL configuration file. rename this file into config.php to use this configuration
|
||||
The role of this file is to make updating of "tinyfilemanager.php" easier.
|
||||
So you can:
|
||||
-Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
|
||||
|
|
@ -85,7 +85,7 @@ $favicon_path = '';
|
|||
|
||||
// Files and folders to excluded from listing
|
||||
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
|
||||
$exclude_items = array();
|
||||
$exclude_items = array('');
|
||||
|
||||
// Online office Docs Viewer
|
||||
// Availabe rules are 'google', 'microsoft' or false
|
||||
|
|
@ -3,13 +3,13 @@
|
|||
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"calc_folder":false}';
|
||||
|
||||
/**
|
||||
* H3K | Tiny File Manager V2.4.4
|
||||
* H3K | Tiny File Manager V2.4.5
|
||||
* CCP Programmers | ccpprogrammers@gmail.com
|
||||
* https://tinyfilemanager.github.io
|
||||
*/
|
||||
|
||||
//TFM version
|
||||
define('VERSION', '2.4.4');
|
||||
define('VERSION', '2.4.5');
|
||||
|
||||
//Application Title
|
||||
define('APP_TITLE', 'Tiny File Manager');
|
||||
|
|
@ -526,16 +526,6 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
|||
$path .= '/' . FM_PATH;
|
||||
}
|
||||
|
||||
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
||||
$use_curl = false;
|
||||
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
||||
$fileinfo = new stdClass();
|
||||
$fileinfo->name = trim(basename($url), ".\x00..\x20");
|
||||
|
||||
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
|
||||
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||
|
||||
function event_callback ($message) {
|
||||
global $callback;
|
||||
echo json_encode($message);
|
||||
|
|
@ -546,6 +536,28 @@ if (isset($_POST['ajax']) && !FM_READONLY) {
|
|||
return $path."/".basename($fileinfo->name);
|
||||
}
|
||||
|
||||
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
|
||||
|
||||
//prevent 127.* domain and known ports
|
||||
$domain = parse_url($url, PHP_URL_HOST);
|
||||
$port = parse_url($url, PHP_URL_PORT);
|
||||
$knownPorts = [22, 23, 25, 3306];
|
||||
|
||||
if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) {
|
||||
$err = array("message" => "URL is not allowed");
|
||||
event_callback(array("fail" => $err));
|
||||
exit();
|
||||
}
|
||||
|
||||
$use_curl = false;
|
||||
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
|
||||
$fileinfo = new stdClass();
|
||||
$fileinfo->name = trim(basename($url), ".\x00..\x20");
|
||||
|
||||
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
|
||||
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
|
||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||
|
||||
$err = false;
|
||||
|
||||
if(!$isFileAllowed) {
|
||||
|
|
@ -855,6 +867,14 @@ if (!empty($_FILES) && !FM_READONLY) {
|
|||
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||
|
||||
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
|
||||
$response = array (
|
||||
'status' => 'error',
|
||||
'info' => "Invalid File name!",
|
||||
);
|
||||
echo json_encode($response); exit();
|
||||
}
|
||||
|
||||
$targetPath = $path . $ds;
|
||||
if ( is_writable($targetPath) ) {
|
||||
$fullPath = $path . '/' . $_REQUEST['fullpath'];
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"appName": "Tiny File Manager",
|
||||
"version": "2.4.3",
|
||||
"version": "2.4.5",
|
||||
"language": [
|
||||
{
|
||||
"name": "Norsk",
|
||||
|
|
@ -80,9 +80,9 @@
|
|||
"You are logged in": "Du er innlogget",
|
||||
"Login failed. Invalid username or password": "Innlogging feilet. Feil brukernavn eller passord",
|
||||
"password_hash not supported, Upgrade PHP version": "password_hash er ikke støttet, venligst oppdater PHP versjonen"
|
||||
|
||||
}
|
||||
}, {
|
||||
},
|
||||
{
|
||||
"name": "فارسی",
|
||||
"code": "Fa",
|
||||
"translation": {
|
||||
|
|
|
|||
Loading…
Reference in a new issue