tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'pandora_6.0' of https://brutus.artica.lan:8081/artica/pandorafms into pandora_6.0

This commit is contained in:
cesar991 2016-09-15 16:19:03 +02:00
parent 7d1de5c922 458e01951a
commit 11b3667f24
3 changed files with 120 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
pandora_console/godmode/servers/plugin.php
View File

@ -105,6 +105,8 @@ enterprise_include_once ('meta/include/functions_components_meta.php');
$view = get_parameter ("view", ""); $view = get_parameter ("view", "");
$create = get_parameter ("create", ""); $create = get_parameter ("create", "");
$filemanager = (bool)get_parameter("filemanager", false); $filemanager = (bool)get_parameter("filemanager", false);
$edit_file = get_parameter("edit_file",false);
$update_file = get_parameter("update_file",false);
$plugin_command = get_parameter('plugin_command', ''); $plugin_command = get_parameter('plugin_command', '');
$tab = get_parameter('tab', ''); $tab = get_parameter('tab', '');
@ -142,57 +144,102 @@ if ($create != "") {
// INIT FILEMANAGER // INIT FILEMANAGER
// ===================================================================== // =====================================================================
if ($filemanager) { if ($filemanager) {
if($edit_file) {
$location_file = get_parameter("location_file",'');
$filename = array_pop(explode("/",$location_file));
$file = file_get_contents($location_file);
echo "<h4>" . __("Edit file") ." ".$filename. "</h4>";
//echo "<a href='index.php?sec=gagente&sec2=enterprise/godmode/agentes/collections&action=file&id=" . $collection['id'] . "&directory=" . $relative_dir . "&hash2=" . $hash2 . "'>" . __('Back to file explorer') . "</a>";
echo "<form method='post' action='index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1"."&update_file=1'>";
//html_print_input_hidden('location_file', $locationFile);
echo "<table style='width: 98%'>";
echo "<tr>";
echo "<th>" . __('Edit') . "</th>";
echo "</tr>";
echo "<tr>";
echo "<td>";
echo "<textarea name='content_file' style='width: 100%; height: 400px;' >";
echo $file;
echo "</textarea>";
echo "</td>";
echo "</tr>";
echo "<tr align='right'>";
echo "<td>";
html_print_input_hidden('location_file', $location_file);
$id_plugin = (int)get_parameter('id_plugin', 0); echo __('Compatibility mode').":";
$options = array('unix' => 'Unix', 'windows' => 'Windows');
html_print_select($options, 'compatibility', $compatibility);
echo " <input type='submit' name='submit' value='" . __('Update') . "' class='sub upd' />";
echo "</td>";
echo "</tr>";
echo "</table>";
echo "</form>";
}else {
if($update_file){
$location_file = get_parameter("location_file",'');
$contentFile = io_safe_output(get_parameter('content_file', ''));
$compatibility = get_parameter('compatibility', 'unix');
$is_win_compatible = strpos($contentFile, "\r\n");
// If is win compatible and the compatibility must be unix
if ($is_win_compatible !== false && $compatibility == 'unix') {
$contentFile = str_replace("\r\n", "\n", $contentFile);
}
// If is unix compatible and the compatibility must be win
else if ($is_win_compatible === false && $compatibility == 'windows') {
$contentFile = str_replace("\n", "\r\n", $contentFile);
}
$result = file_put_contents($location_file, $contentFile);
/* Add custom directories here */ }
$fallback_directory = "attachment/plugin"; $id_plugin = (int)get_parameter('id_plugin', 0);
$directory = (string) get_parameter ('directory', $fallback_directory); /* Add custom directories here */
$directory = str_replace("\\", "/", $directory); $fallback_directory = "attachment/plugin";
// A miminal security check to avoid directory traversal $directory = (string) get_parameter ('directory', $fallback_directory);
if (preg_match ("/\.\./", $directory)) $directory = str_replace("\\", "/", $directory);
$directory = $fallback_directory;
if (preg_match ("/^\//", $directory))
$directory = $fallback_directory;
if (preg_match ("/^manager/", $directory))
$directory = $fallback_directory;
$banned_directories['include'] = true; // A miminal security check to avoid directory traversal
$banned_directories['godmode'] = true; if (preg_match ("/\.\./", $directory))
$banned_directories['operation'] = true; $directory = $fallback_directory;
$banned_directories['reporting'] = true; if (preg_match ("/^\//", $directory))
$banned_directories['general'] = true; $directory = $fallback_directory;
$banned_directories[ENTERPRISE_DIR] = true; if (preg_match ("/^manager/", $directory))
$directory = $fallback_directory;
if (isset ($banned_directories[$directory])) $banned_directories['include'] = true;
$directory = $fallback_directory; $banned_directories['godmode'] = true;
$banned_directories['operation'] = true;
$banned_directories['reporting'] = true;
$banned_directories['general'] = true;
$banned_directories[ENTERPRISE_DIR] = true;
$real_directory = realpath ($config['homedir'] . '/' . $directory); if (isset ($banned_directories[$directory]))
$directory = $fallback_directory;
echo '<h4>' . __('Index of %s', $directory) . '</h4>'; $real_directory = realpath ($config['homedir'] . '/' . $directory);
$chunck_url = '&view=' . $id_plugin; echo '<h4>' . __('Index of %s', $directory) . '</h4>';
if ($id_plugin == 0) {
$chunck_url = '&create=1'; $chunck_url = '&view=' . $id_plugin;
if ($id_plugin == 0) {
$chunck_url = '&create=1';
}
$homedir_filemanager = isset ($config['homedir_filemanager']) ? $config['homedir_filemanager'] : false;
filemanager_file_explorer($real_directory,
$directory,
'index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1&id_plugin=' . $id_plugin,
$fallback_directory,
true,
false,
'index.php?sec=gservers&sec2=godmode/servers/plugin' . $chunck_url . '&plugin_command=[FILE_FULLPATH]&id_plugin=' . $id_plugin,
true,
0775,
$homedir_filemanager);
} }
$homedir_filemanager = isset ($config['homedir_filemanager']) ? $config['homedir_filemanager'] : false;
filemanager_file_explorer($real_directory,
$directory,
'index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1&id_plugin=' . $id_plugin,
$fallback_directory,
false,
false,
'index.php?sec=gservers&sec2=godmode/servers/plugin' . $chunck_url . '&plugin_command=[FILE_FULLPATH]&id_plugin=' . $id_plugin,
true,
0775,
$homedir_filemanager);
return; return;
} }

9
pandora_console/include/functions_filemanager.php
View File

@ -733,6 +733,7 @@ function filemanager_file_explorer($real_directory, $relative_directory,
//Delete button //Delete button
$data[4] = ''; $data[4] = '';
$data[4] .= '<span style="">'; $data[4] .= '<span style="">';
$typefile = array_pop(explode(".",$fileinfo['name']));
if (is_writable ($fileinfo['realpath']) && if (is_writable ($fileinfo['realpath']) &&
(! is_dir ($fileinfo['realpath']) || count (scandir ($fileinfo['realpath'])) < 3)) { (! is_dir ($fileinfo['realpath']) || count (scandir ($fileinfo['realpath'])) < 3)) {
$data[4] .= '<form method="post" action="' . $url . '" style="display: inline;">'; $data[4] .= '<form method="post" action="' . $url . '" style="display: inline;">';
@ -752,14 +753,14 @@ function filemanager_file_explorer($real_directory, $relative_directory,
$data[4] .= '</form>'; $data[4] .= '</form>';
if (($editor) && (!$readOnly)) { if (($editor) && (!$readOnly)) {
if ($fileinfo['mime'] == MIME_TEXT) { if (($typefile == 'sh') || ($typefile == 'pl') || ($typefile == 'vbs')) {
$data[4] .= "<a style='vertical-align: top;' href='$url&edit_file=1&location_file=" . $fileinfo['realpath'] . "&hash=" . md5($fileinfo['realpath'] . $config['dbpass']) . "' style='float: left;'>" . html_print_image('images/edit.png', true, array("style" => 'margin-top: 2px;', 'title' => __('Edit file'))) . "</a>"; $data[4] .= "<a style='vertical-align: top;' href='$url&edit_file=1&location_file=" . $fileinfo['realpath'] . "' style='float: left;'>" . html_print_image('images/edit.png', true, array("style" => 'margin-top: 2px;', 'title' => __('Edit file'))) . "</a>";
} }
} }
} }
if ((!$fileinfo['is_dir']) && ($download_button)) { if ((!$fileinfo['is_dir']) && ($download_button)) {
$hash = md5($fileinfo['url'] . $config['dbpass']); $hash = md5($fileinfo['realpath'] . $config['dbpass']);
$data[4] .= '<a href="include/get_file.php?file='.urlencode(base64_encode($fileinfo['url'])).'&hash=' . $hash . '" style="vertical-align: 25%;">'; $data[4] .= '<a href="include/get_file.php?file='.urlencode(base64_encode($fileinfo['realpath'])).'&hash=' . $hash . '" style="vertical-align: 25%;">';
$data[4] .= html_print_image('images/file.png', true); $data[4] .= html_print_image('images/file.png', true);
$data[4] .= '</a>'; $data[4] .= '</a>';
} }

26
pandora_console/include/javascript/pandora.js
View File

@ -1009,15 +1009,25 @@ function addTinyMCE(elementID) {
tinyMCE.EditorManager.execCommand('mceAddControl', true, elementID); tinyMCE.EditorManager.execCommand('mceAddControl', true, elementID);
} }
function autoclick_profile_users(firts_level, second_level) {
if (typeof firts_level !== "undefined") {
var is_checked_firts = $('#checkbox-' + firts_level).is(':checked');
if (!is_checked_firts) {
$('#checkbox-' + firts_level).prop('checked', true);
} }
if (second_level !== false) { });
if (!$('#checkbox-' + second_level).is(":checked")) { }
$('#checkbox-' + second_level).prop('checked', true);
function autoclick_profile_users(actual_level, firts_level, second_level) {
if ($('#checkbox-' + actual_level).is(":checked")) {
if (typeof firts_level !== "undefined") {
var is_checked_firts = $('#checkbox-' + firts_level).is(':checked');
console.log("FIRTS");
console.log(is_checked_firts);
if (!is_checked_firts) {
$('#checkbox-' + firts_level).prop('checked', true);
}
if (second_level !== false) {
console.log("SECOND");
console.log($('#checkbox-' + second_level).is(":checked"));
if (!$('#checkbox-' + second_level).is(":checked")) {
$('#checkbox-' + second_level).prop('checked', true);
}
} }
} }
} }