2010-08-02 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_filemanager.php: cleaned source code, changed the show to buttons of actions (create file, upload...) to out the list of files. And check if the directory is writeable to show this buttons. * include/get_file.php: added file to work as mediator between the Pandora and file system, and added a some security checks as check login and others. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3083 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
2082a37ccb
commit
e335bc1762
|
@ -1,3 +1,11 @@
|
|||
2010-08-02 Miguel de Dios <miguel.dedios@artica.es>
|
||||
* include/functions_filemanager.php: cleaned source code, changed the show
|
||||
to buttons of actions (create file, upload...) to out the list of files. And
|
||||
check if the directory is writeable to show this buttons.
|
||||
|
||||
* include/get_file.php: added file to work as mediator between the Pandora
|
||||
and file system, and added a some security checks as check login and others.
|
||||
|
||||
2010-07-30 Sergio Martin <sergio.martin@artica.es>
|
||||
|
||||
* extras/pandoradb_migrate_v3.1_to_v3.2.sql: Typo fix
|
||||
|
|
|
@ -420,6 +420,8 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
?>
|
||||
<script type="text/javascript">
|
||||
function show_form_create_folder() {
|
||||
$("#table1-1").css('display', '');
|
||||
|
||||
$("#main_buttons").css("display", "none");
|
||||
$("#create_folder").css("display", "");
|
||||
}
|
||||
|
@ -435,7 +437,8 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
}
|
||||
|
||||
function show_main_buttons_folder() {
|
||||
$("#main_buttons").css("display", "");
|
||||
//$("#main_buttons").css("display", "");
|
||||
$("#table1-1").css('display', 'none');
|
||||
$("#create_folder").css("display", "none");
|
||||
$("#upload_file").css("display", "none");
|
||||
$("#create_text_file").css("display", "none");
|
||||
|
@ -487,12 +490,14 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
}
|
||||
|
||||
if (is_writable ($real_directory)) {
|
||||
$table->rowstyle[1] = 'display: none;';
|
||||
$table->data[1][0] = '';
|
||||
$table->data[1][1] = '<div id="main_buttons">';
|
||||
$table->data[1][1] .= print_button(__('Create folder'), 'folder', false, 'show_form_create_folder();', "class='sub'", true);
|
||||
$table->data[1][1] .= print_button(__('Upload file/s'), 'up_files', false, 'show_upload_file();', "class='sub'", true);
|
||||
$table->data[1][1] .= print_button(__('Create text file'), 'create_file', false, 'show_create_text_file();', "class='sub'", true);
|
||||
$table->data[1][1] .= '</div>';
|
||||
$table->data[1][1] = '';
|
||||
// $table->data[1][1] -= '<div id="main_buttons">';
|
||||
// $table->data[1][1] .= print_button(__('Create folder'), 'folder', false, 'show_form_create_folder();', "class='sub'", true);
|
||||
// $table->data[1][1] .= print_button(__('Upload file/s'), 'up_files', false, 'show_upload_file();', "class='sub'", true);
|
||||
// $table->data[1][1] .= print_button(__('Create text file'), 'create_file', false, 'show_create_text_file();', "class='sub'", true);
|
||||
// $table->data[1][1] .= '</div>';
|
||||
|
||||
$table->data[1][1] .= '<div id="create_folder" style="display: none;">';
|
||||
$table->data[1][1] .= print_button(__('Close'), 'close', false, 'show_main_buttons_folder();', "class='sub' style='float: left;'", true);
|
||||
|
@ -513,8 +518,6 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
$table->data[1][1] .= print_input_file ('file', true, false);
|
||||
$table->data[1][1] .= print_checkbox('decompress', 1, false, true);
|
||||
$table->data[1][1] .= __('Decompress');
|
||||
// $table->data[1][1] .= print_radio_button('zip_or_file', 'zip', '', false, true) . __('Multiple files zipped');
|
||||
// $table->data[1][1] .= print_radio_button('zip_or_file', 'file', '', true, true) . __('One');
|
||||
$table->data[1][1] .= ' ';
|
||||
$table->data[1][1] .= print_submit_button (__('Go'), 'go', false, 'class="sub next"', true);
|
||||
$table->data[1][1] .= print_input_hidden ('real_directory', $real_directory, true);
|
||||
|
@ -563,14 +566,17 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
|
||||
if ($fileinfo['is_dir']) {
|
||||
$data[1] = '<a href="' . $url . '&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2=' . md5($relative_directory.'/'.$fileinfo['name'].$config['dbpass']) . '">'.$fileinfo['name'].'</a>';
|
||||
} else {
|
||||
$data[1] = '<a href="'.$fileinfo['url'].'">'.$fileinfo['name'].'</a>';
|
||||
}
|
||||
else {
|
||||
$hash = md5($fileinfo['url'] . $config['dbpass']);
|
||||
$data[1] = '<a href="include/get_file.php?file='.$fileinfo['url'].'&hash=' . $hash . '">'.$fileinfo['name'].'</a>';
|
||||
}
|
||||
$data[2] = print_timestamp ($fileinfo['last_modified'], true,
|
||||
array ('prominent' => true));
|
||||
if ($fileinfo['is_dir']) {
|
||||
$data[3] = '';
|
||||
} else {
|
||||
}
|
||||
else {
|
||||
$data[3] = format_filesize ($fileinfo['size']);
|
||||
}
|
||||
|
||||
|
@ -598,6 +604,24 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
|
|||
array_push ($table->data, $data);
|
||||
}
|
||||
|
||||
if (is_writable ($real_directory)) {
|
||||
echo "<div style='text-align: right; width: " . $table->width . ";'>";
|
||||
echo "<a href='javascript:show_form_create_folder();' style='margin-right: 3px;' title='" . __('Create directory') . "'>";
|
||||
echo "<img src='images/mimetypes/directory.png' />";
|
||||
echo "</a>";
|
||||
echo "<a href='javascript: show_create_text_file();' style='margin-right: 3px;' title='" . __('Create text') . "'>";
|
||||
echo "<img src='images/mimetypes/text.png' />";
|
||||
echo "</a>";
|
||||
echo "<a href='javascript: show_upload_file();' title='" . __('Upload file/s') . "'>";
|
||||
echo "<img src='images/mimetypes/unknown.png' />";
|
||||
echo "</a>";
|
||||
echo "</div>";
|
||||
}
|
||||
else {
|
||||
echo "<div style='text-align: right; width: " . $table->width . "; color:#AC4444;'>";
|
||||
echo "<image src='images/info.png' />" . __('The directory is only readble.');
|
||||
echo "</div>";
|
||||
}
|
||||
print_table ($table);
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
<?php
|
||||
// Pandora FMS - http://pandorafms.com
|
||||
// ==================================================
|
||||
// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
|
||||
// Please see http://pandorafms.org for full contribution list
|
||||
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU Lesser General Public License
|
||||
// as published by the Free Software Foundation; version 2
|
||||
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
|
||||
require_once('functions.php');
|
||||
require_once('functions_filemanager.php');
|
||||
|
||||
session_start();
|
||||
|
||||
require_once ("config.php");
|
||||
global $config;
|
||||
|
||||
session_write_close ();
|
||||
|
||||
check_login ();
|
||||
|
||||
$styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;";
|
||||
|
||||
$file = get_parameter('file', null);
|
||||
$chunks = explode('/', $file);
|
||||
$nameFile = end($chunks);
|
||||
|
||||
$hash = get_parameter('hash', null);
|
||||
|
||||
$testHash = md5($file . $config['dbpass']);
|
||||
|
||||
if ($hash != $testHash) {
|
||||
echo "<h3 style='" . $styleError . "'>".__('Security error. Please contact the administrator.')."</h3>";
|
||||
}
|
||||
else if (!empty($file) && !empty($hash)) {
|
||||
$file = $_SERVER['DOCUMENT_ROOT'] . $file;
|
||||
|
||||
if (!file_exists($file)){
|
||||
echo "<h3 style='" . $styleError . "'>".__("File is missing in disk storage. Please contact the administrator.")."</h3>";
|
||||
}
|
||||
else {
|
||||
header('Content-type: aplication/octet-stream;');
|
||||
header('Content-type: ' . mime_content_type($file) . ';');
|
||||
header("Content-Length: " . filesize($file));
|
||||
header('Content-Disposition: attachment; filename="' . $nameFile . '"');
|
||||
readfile($file);
|
||||
}
|
||||
}
|
||||
?>
|
Loading…
Reference in New Issue