tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2010-08-02 Miguel de Dios <miguel.dedios@artica.es> 

* include/functions_filemanager.php: cleaned source code, changed the show
	to buttons of actions (create file, upload...) to out the list of files. And
	check if the directory is writeable to show this buttons.
	
	* include/get_file.php: added file to work as mediator between the Pandora
	and file system, and added a some security checks as check login and others.
	


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3083 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2010-08-02 10:36:55 +00:00
parent 2082a37ccb
commit e335bc1762
3 changed files with 98 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/ChangeLog
View File

@ -1,3 +1,11 @@
2010-08-02 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_filemanager.php: cleaned source code, changed the show
to buttons of actions (create file, upload...) to out the list of files. And
check if the directory is writeable to show this buttons.
* include/get_file.php: added file to work as mediator between the Pandora
and file system, and added a some security checks as check login and others.
2010-07-30 Sergio Martin <sergio.martin@artica.es> 2010-07-30 Sergio Martin <sergio.martin@artica.es>
* extras/pandoradb_migrate_v3.1_to_v3.2.sql: Typo fix * extras/pandoradb_migrate_v3.1_to_v3.2.sql: Typo fix

46
pandora_console/include/functions_filemanager.php
View File

@ -420,6 +420,8 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
?> ?>
<script type="text/javascript"> <script type="text/javascript">
function show_form_create_folder() { function show_form_create_folder() {
$("#table1-1").css('display', '');
$("#main_buttons").css("display", "none"); $("#main_buttons").css("display", "none");
$("#create_folder").css("display", ""); $("#create_folder").css("display", "");
} }
@ -435,7 +437,8 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
} }
function show_main_buttons_folder() { function show_main_buttons_folder() {
$("#main_buttons").css("display", ""); //$("#main_buttons").css("display", "");
$("#table1-1").css('display', 'none');
$("#create_folder").css("display", "none"); $("#create_folder").css("display", "none");
$("#upload_file").css("display", "none"); $("#upload_file").css("display", "none");
$("#create_text_file").css("display", "none"); $("#create_text_file").css("display", "none");
@ -487,12 +490,14 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
} }
if (is_writable ($real_directory)) { if (is_writable ($real_directory)) {
$table->rowstyle[1] = 'display: none;';
$table->data[1][0] = ''; $table->data[1][0] = '';
$table->data[1][1] = '<div id="main_buttons">'; $table->data[1][1] = '';
$table->data[1][1] .= print_button(__('Create folder'), 'folder', false, 'show_form_create_folder();', "class='sub'", true); // $table->data[1][1] -= '<div id="main_buttons">';
$table->data[1][1] .= print_button(__('Upload file/s'), 'up_files', false, 'show_upload_file();', "class='sub'", true); // $table->data[1][1] .= print_button(__('Create folder'), 'folder', false, 'show_form_create_folder();', "class='sub'", true);
$table->data[1][1] .= print_button(__('Create text file'), 'create_file', false, 'show_create_text_file();', "class='sub'", true); // $table->data[1][1] .= print_button(__('Upload file/s'), 'up_files', false, 'show_upload_file();', "class='sub'", true);
$table->data[1][1] .= '</div>'; // $table->data[1][1] .= print_button(__('Create text file'), 'create_file', false, 'show_create_text_file();', "class='sub'", true);
// $table->data[1][1] .= '</div>';
$table->data[1][1] .= '<div id="create_folder" style="display: none;">'; $table->data[1][1] .= '<div id="create_folder" style="display: none;">';
$table->data[1][1] .= print_button(__('Close'), 'close', false, 'show_main_buttons_folder();', "class='sub' style='float: left;'", true); $table->data[1][1] .= print_button(__('Close'), 'close', false, 'show_main_buttons_folder();', "class='sub' style='float: left;'", true);
@ -513,8 +518,6 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
$table->data[1][1] .= print_input_file ('file', true, false); $table->data[1][1] .= print_input_file ('file', true, false);
$table->data[1][1] .= print_checkbox('decompress', 1, false, true); $table->data[1][1] .= print_checkbox('decompress', 1, false, true);
$table->data[1][1] .= __('Decompress'); $table->data[1][1] .= __('Decompress');
// $table->data[1][1] .= print_radio_button('zip_or_file', 'zip', '', false, true) . __('Multiple files zipped');
// $table->data[1][1] .= print_radio_button('zip_or_file', 'file', '', true, true) . __('One');
$table->data[1][1] .= '&nbsp;&nbsp;&nbsp;'; $table->data[1][1] .= '&nbsp;&nbsp;&nbsp;';
$table->data[1][1] .= print_submit_button (__('Go'), 'go', false, 'class="sub next"', true); $table->data[1][1] .= print_submit_button (__('Go'), 'go', false, 'class="sub next"', true);
$table->data[1][1] .= print_input_hidden ('real_directory', $real_directory, true); $table->data[1][1] .= print_input_hidden ('real_directory', $real_directory, true);
@ -563,14 +566,17 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
if ($fileinfo['is_dir']) { if ($fileinfo['is_dir']) {
$data[1] = '<a href="' . $url . '&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2=' . md5($relative_directory.'/'.$fileinfo['name'].$config['dbpass']) . '">'.$fileinfo['name'].'</a>'; $data[1] = '<a href="' . $url . '&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2=' . md5($relative_directory.'/'.$fileinfo['name'].$config['dbpass']) . '">'.$fileinfo['name'].'</a>';
} else { }
$data[1] = '<a href="'.$fileinfo['url'].'">'.$fileinfo['name'].'</a>'; else {
$hash = md5($fileinfo['url'] . $config['dbpass']);
$data[1] = '<a href="include/get_file.php?file='.$fileinfo['url'].'&hash=' . $hash . '">'.$fileinfo['name'].'</a>';
} }
$data[2] = print_timestamp ($fileinfo['last_modified'], true, $data[2] = print_timestamp ($fileinfo['last_modified'], true,
array ('prominent' => true)); array ('prominent' => true));
if ($fileinfo['is_dir']) { if ($fileinfo['is_dir']) {
$data[3] = ''; $data[3] = '';
} else { }
else {
$data[3] = format_filesize ($fileinfo['size']); $data[3] = format_filesize ($fileinfo['size']);
} }
@ -598,6 +604,24 @@ function file_explorer($real_directory, $relative_directory, $url, $father = '',
array_push ($table->data, $data); array_push ($table->data, $data);
} }
if (is_writable ($real_directory)) {
echo "<div style='text-align: right; width: " . $table->width . ";'>";
echo "<a href='javascript:show_form_create_folder();' style='margin-right: 3px;' title='" . __('Create directory') . "'>";
echo "<img src='images/mimetypes/directory.png' />";
echo "</a>";
echo "<a href='javascript: show_create_text_file();' style='margin-right: 3px;' title='" . __('Create text') . "'>";
echo "<img src='images/mimetypes/text.png' />";
echo "</a>";
echo "<a href='javascript: show_upload_file();' title='" . __('Upload file/s') . "'>";
echo "<img src='images/mimetypes/unknown.png' />";
echo "</a>";
echo "</div>";
}
else {
echo "<div style='text-align: right; width: " . $table->width . "; color:#AC4444;'>";
echo "<image src='images/info.png' />" . __('The directory is only readble.');
echo "</div>";
}
print_table ($table); print_table ($table);
} }

55
pandora_console/include/get_file.php Normal file
View File

@ -0,0 +1,55 @@
<?php
// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
require_once('functions.php');
require_once('functions_filemanager.php');
session_start();
require_once ("config.php");
global $config;
session_write_close ();
check_login ();
$styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;";
$file = get_parameter('file', null);
$chunks = explode('/', $file);
$nameFile = end($chunks);
$hash = get_parameter('hash', null);
$testHash = md5($file . $config['dbpass']);
if ($hash != $testHash) {
echo "<h3 style='" . $styleError . "'>".__('Security error. Please contact the administrator.')."</h3>";
}
else if (!empty($file) && !empty($hash)) {
$file = $_SERVER['DOCUMENT_ROOT'] . $file;
if (!file_exists($file)){
echo "<h3 style='" . $styleError . "'>".__("File is missing in disk storage. Please contact the administrator.")."</h3>";
}
else {
header('Content-type: aplication/octet-stream;');
header('Content-type: ' . mime_content_type($file) . ';');
header("Content-Length: " . filesize($file));
header('Content-Disposition: attachment; filename="' . $nameFile . '"');
readfile($file);
}
}
?>