'text/plain', 'htm' => 'text/html', 'html' => 'text/html', 'php' => 'text/html', 'css' => 'text/css', 'js' => 'application/javascript', 'json' => 'application/json', 'xml' => 'application/xml', 'swf' => 'application/x-shockwave-flash', 'flv' => 'video/x-flv', // images 'png' => 'image/png', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'bmp' => 'image/bmp', 'ico' => 'image/vnd.microsoft.icon', 'tiff' => 'image/tiff', 'tif' => 'image/tiff', 'svg' => 'image/svg+xml', 'svgz' => 'image/svg+xml', // archives 'zip' => 'application/zip', 'rar' => 'application/x-rar-compressed', 'exe' => 'application/x-msdownload', 'msi' => 'application/x-msdownload', 'cab' => 'application/vnd.ms-cab-compressed', 'gz' => 'application/x-gzip', 'gz' => 'application/x-bzip2', // audio/video 'mp3' => 'audio/mpeg', 'qt' => 'video/quicktime', 'mov' => 'video/quicktime', // adobe 'pdf' => 'application/pdf', 'psd' => 'image/vnd.adobe.photoshop', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', // ms office 'doc' => 'application/msword', 'rtf' => 'application/rtf', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', // open office 'odt' => 'application/vnd.oasis.opendocument.text', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', ]; $ext_fields = explode('.', $filename); $ext = array_pop($ext_fields); $ext = strtolower($ext); if (array_key_exists($ext, $mime_types)) { return $mime_types[$ext]; } else if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME); $mimetype = finfo_file($finfo, $filename); finfo_close($finfo); return $mimetype; } else { $temp = exec('file '.$filename); if (isset($temp) && $temp != '') { return $temp; } else { return 'application/octet-stream'; } } } } global $config; $homedir_filemanager = trim($config['homedir']); $sec2 = get_parameter('sec2'); if ($sec2 == 'enterprise/godmode/agentes/collections' || $sec2 == 'advanced/collections') { $homedir_filemanager .= '/attachment/collection/'; } $upload_file_or_zip = (bool) get_parameter('upload_file_or_zip'); if ($upload_file_or_zip) { $decompress = get_parameter('decompress'); if (!$decompress) { $upload_file = true; $upload_zip = false; } else { $upload_file = false; $upload_zip = true; } } else { $upload_file = (bool) get_parameter('upload_file'); $upload_zip = (bool) get_parameter('upload_zip'); } // Upload file if ($upload_file) { // Load global vars global $config; $config['filemanager'] = []; $config['filemanager']['correct_upload_file'] = 0; $config['filemanager']['message'] = null; check_login(); if (! check_acl($config['id_user'], 0, 'AW')) { db_pandora_audit('ACL Violation', 'Trying to access File manager'); include 'general/noaccess.php'; return; } if (isset($_FILES['file']) && $_FILES['file']['name'] != '') { $filename = $_FILES['file']['name']; $filesize = $_FILES['file']['size']; $real_directory = io_safe_output((string) get_parameter('real_directory')); $directory = io_safe_output((string) get_parameter('directory')); $umask = io_safe_output((string) get_parameter('umask', '')); $hash = get_parameter('hash', ''); $testHash = md5($real_directory.$directory.$config['dbpass']); if ($hash != $testHash) { $config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true); } else { // Copy file to directory and change name if ($directory == '') { $nombre_archivo = $real_directory.'/'.$filename; } else { $nombre_archivo = $homedir_filemanager.'/'.$directory.'/'.$filename; } if (! @copy($_FILES['file']['tmp_name'], $nombre_archivo)) { $config['filemanager']['message'] = ui_print_error_message(__('Upload error'), '', true); } else { if ($umask !== '') { chmod($nombre_archivo, $umask); } $config['filemanager']['correct_upload_file'] = 1; $config['filemanager']['message'] = ui_print_success_message(__('Upload correct'), '', true); // Delete temporal file unlink($_FILES['file']['tmp_name']); } } } } if (isset($_SERVER['CONTENT_LENGTH'])) { // Control the max_post_size exceed if (intval($_SERVER['CONTENT_LENGTH']) > 0 && empty($_POST) and empty($_FILES)) { $config['filemanager']['correct_upload_file'] = 0; $config['filemanager']['message'] = ui_print_error_message(__('File size seems to be too large. Please check your php.ini configuration or contact with the administrator'), '', true); } } // Create text file $create_text_file = (bool) get_parameter('create_text_file'); if ($create_text_file) { // Load global vars global $config; $config['filemanager'] = []; $config['filemanager']['correct_upload_file'] = 0; $config['filemanager']['message'] = null; check_login(); if (! check_acl($config['id_user'], 0, 'AW')) { db_pandora_audit('ACL Violation', 'Trying to access File manager'); include 'general/noaccess.php'; return; } $filename = io_safe_output(get_parameter('name_file')); if ($filename != '') { $real_directory = (string) get_parameter('real_directory'); $real_directory = io_safe_output($real_directory); $directory = (string) get_parameter('directory'); $directory = io_safe_output($directory); $umask = (string) get_parameter('umask', ''); $hash = get_parameter('hash', ''); $testHash = md5($real_directory.$directory.$config['dbpass']); if ($hash != $testHash) { ui_print_error_message(__('Security error'), '', true); } else { if ($directory == '') { $nombre_archivo = $real_directory.'/'.$filename; } else { $nombre_archivo = $homedir_filemanager.'/'.$directory.'/'.$filename; } if (! @touch($nombre_archivo)) { $config['filemanager']['message'] = ui_print_error_message(__('Error creating file'), '', true); } else { if ($umask !== '') { chmod($nombre_archivo, $umask); } $config['filemanager']['message'] = ui_print_success_message(__('Upload correct'), '', true); $config['filemanager']['correct_upload_file'] = 1; } } } else { $config['filemanager']['message'] = ui_print_error_message(__('Error creating file with empty name'), '', true); } } // Upload zip if ($upload_zip) { // Load global vars global $config; $config['filemanager'] = []; $config['filemanager']['correct_upload_file'] = 0; $config['filemanager']['message'] = null; check_login(); if (! check_acl($config['id_user'], 0, 'AW')) { db_pandora_audit('ACL Violation', 'Trying to access File manager'); include 'general/noaccess.php'; return; } if (isset($_FILES['file']) && $_FILES['file']['name'] != '') { $filename = $_FILES['file']['name']; $filesize = $_FILES['file']['size']; $real_directory = (string) get_parameter('real_directory'); $real_directory = io_safe_output($real_directory); $directory = (string) get_parameter('directory'); $directory = io_safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($real_directory.$directory.$config['dbpass']); if ($hash != $testHash) { $config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true); } else { // Copy file to directory and change name if ($directory == '') { $nombre_archivo = $real_directory.'/'.$filename; } else { $nombre_archivo = $homedir_filemanager.'/'.$directory.'/'.$filename; } if (! @copy($_FILES['file']['tmp_name'], $nombre_archivo)) { $config['filemanager']['message'] = ui_print_error_message(__('Attach error'), '', true); } else { // Delete temporal file unlink($_FILES['file']['tmp_name']); // Extract the zip file $zip = new ZipArchive; $pathname = $homedir_filemanager.'/'.$directory.'/'; if ($zip->open($nombre_archivo) === true) { $zip->extractTo($pathname); unlink($nombre_archivo); } $config['filemanager']['message'] = ui_print_success_message(__('Upload correct'), '', true); $config['filemanager']['correct_upload_file'] = 1; } } } } // CREATE DIR $create_dir = (bool) get_parameter('create_dir'); if ($create_dir) { global $config; $config['filemanager'] = []; $config['filemanager']['correct_create_dir'] = 0; $config['filemanager']['message'] = null; $directory = (string) get_parameter('directory', '/'); $directory = io_safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($directory.$config['dbpass']); if ($hash != $testHash) { ui_print_error_message(__('Security error.')); } else { $dirname = (string) get_parameter('dirname'); $dirname = io_safe_output($dirname); if ($dirname != '') { @mkdir( $homedir_filemanager.'/'.$directory.'/'.$dirname ); $config['filemanager']['message'] = ui_print_success_message(__('Directory created'), '', true); $config['filemanager']['correct_create_dir'] = 1; } else { $config['filemanager']['message'] = ui_print_error_message(__('Error creating file with empty name'), '', true); } } } // DELETE FILE OR DIR $delete_file = (bool) get_parameter('delete_file'); if ($delete_file) { global $config; $config['filemanager'] = []; $config['filemanager']['delete'] = 0; $config['filemanager']['message'] = null; $filename = (string) get_parameter('filename'); $filename = io_safe_output($filename); $hash = get_parameter('hash', ''); $testHash = md5($filename.$config['dbpass']); if ($hash != $testHash) { $config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true); } else { $config['filemanager']['message'] = ui_print_success_message(__('Deleted'), '', true); if (is_dir($filename)) { rmdir($filename); $config['filemanager']['delete'] = 1; } else { unlink($filename); $config['filemanager']['delete'] = 1; } } } /** * Recursive delete directory and empty or not directory. * * @param string $dir The dir to deletete */ function filemanager_delete_directory($dir) { // Windows compatibility $dir = str_replace('\\', '/', $dir); if ($handle = opendir($dir)) { while (false !== ($file = readdir($handle))) { if (($file != '.') && ($file != '..')) { if (is_dir($dir.$file)) { if (!rmdir($dir.$file)) { filemanager_delete_directory($dir.$file.'/'); } } else { unlink($dir.$file); } } } closedir($handle); rmdir($dir); } } /** * Read a directory recursibly and return a array with the files with * the absolute path and relative * * @param string $dir absoute dir to scan * @param string $relative_path Relative path to scan, by default '' * * @return array The files in the dirs, empty array for empty dir of files. */ function filemanager_read_recursive_dir($dir, $relative_path='', $add_empty_dirs=false) { $return = []; // Windows compatibility $dir = str_replace('\\', '/', $dir); $relative_path = str_replace('\\', '/', $relative_path); if ($handle = opendir($dir)) { while (false !== ($entry = readdir($handle))) { if (($entry != '.') && ($entry != '..')) { if (is_dir($dir.$entry)) { $return[] = [ 'relative' => $relative_path.$entry, 'absolute' => $dir.$entry, 'dir' => true, ]; $return = array_merge( $return, filemanager_read_recursive_dir( $dir.$entry.'/', $relative_path.$entry.'/', '', $add_empty_dirs ) ); } else { $return[] = [ 'relative' => $relative_path.$entry, 'absolute' => $dir.$entry, 'dir' => false, ]; } } } closedir($handle); } return $return; } /** * The main function to show the directories and files. * * @param string $real_directory The string of dir as realpath. * @param string $relative_directory The string of dir as relative path. * @param string $url The url to set in the forms and some links in the explorer. * @param string $father The directory father don't navigate bottom this. * @param boolean $editor The flag to set the edition of text files. * @param string $url_file The url to put in the files instead the default. By default empty string and use the url of filemanager. * @param boolean $download_button The flag to show download button, by default false. * @param string $umask The umask as hex values to set the new files or updload. */ function filemanager_file_explorer( $real_directory, $relative_directory, $url, $father='', $editor=false, $readOnly=false, $url_file='', $download_button=false, $umask='', $homedir_filemanager=false ) { global $config; // Windows compatibility $real_directory = str_replace('\\', '/', $real_directory); $relative_directory = str_replace('\\', '/', $relative_directory); $father = str_replace('\\', '/', $father); if ($homedir_filemanager === false) { $homedir_filemanager = $config['homedir']; } $hack_metaconsole = ''; if (defined('METACONSOLE')) { $hack_metaconsole = '../../'; } ?> width = '100%'; $table->id = 'table_filemanager'; if (!defined('METACONSOLE')) { $table->class = 'info_table'; $table->title = ''.__('Index of %s', $relative_directory).''; } if (defined('METACONSOLE')) { $table->class = 'databox_tactical'; $table->title = ''.__('Index of %s', $relative_directory).''; } $table->colspan = []; $table->data = []; $table->head = []; $table->size = []; $table->align[1] = 'left'; $table->align[2] = 'left'; $table->align[3] = 'left'; $table->align[4] = 'left'; $table->size[0] = '24px'; $table->head[0] = ''; $table->head[1] = __('Name'); $table->head[2] = __('Last modification'); $table->head[3] = __('Size'); $table->head[4] = __('Actions'); $prev_dir = explode('/', $relative_directory); $prev_dir_str = ''; for ($i = 0; $i < (count($prev_dir) - 1); $i++) { $prev_dir_str .= $prev_dir[$i]; if ($i < (count($prev_dir) - 2)) { $prev_dir_str .= '/'; } } if (($prev_dir_str != '') && ($father != $relative_directory)) { $table->data[0][0] = html_print_image('images/go_previous.png', true); $table->data[0][1] = ''; $table->data[0][1] .= __('Parent directory'); $table->data[0][1] .= ''; $table->colspan[0][1] = 5; } foreach ($files as $fileinfo) { $fileinfo['realpath'] = str_replace('\\', '/', $fileinfo['realpath']); $relative_path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $fileinfo['realpath']); $data = []; switch ($fileinfo['mime']) { case MIME_DIR: $data[0] = html_print_image('images/mimetypes/directory.png', true, ['title' => __('Directory')]); break; case MIME_IMAGE: $data[0] = html_print_image('images/mimetypes/image.png', true, ['title' => __('Image')]); break; case MIME_ZIP: $data[0] = html_print_image('images/mimetypes/zip.png', true, ['title' => __('Compressed file')]); break; case MIME_TEXT: $data[0] = html_print_image('images/mimetypes/text.png', true, ['title' => __('Text file')]); break; case MIME_UNKNOWN: if ($fileinfo['size'] == 0) { if ((strstr($fileinfo['name'], '.txt') !== false) || (strstr($fileinfo['name'], '.conf') !== false) || (strstr($fileinfo['name'], '.sql') !== false) || (strstr($fileinfo['name'], '.pl') !== false)) { $fileinfo['mime'] = MIME_TEXT; $data[0] = html_print_image('images/mimetypes/text.png', true, ['title' => __('Text file')]); } else { // unknow $data[0] = ''; } } else { // pdf $data[0] = ''; } break; default: $data[0] = html_print_image('images/mimetypes/unknown.png', true, ['title' => __('Unknown')]); break; } if ($fileinfo['is_dir']) { $data[1] = ''.$fileinfo['name'].''; } else if (!empty($url_file)) { // Set the custom url file $url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file); $data[1] = ''.$fileinfo['name'].''; } else { $hash = md5($relative_path.$config['dbpass']); $data[1] = ''.$fileinfo['name'].''; } // Notice that uploaded php files could be dangerous if (pathinfo($fileinfo['realpath'], PATHINFO_EXTENSION) == 'php' && (is_readable($fileinfo['realpath']) || is_executable($fileinfo['realpath'])) ) { $error_message = __('This file could be executed by any user'); $error_message .= '. '.__('Make sure it can\'t perform dangerous tasks'); $data[1] = ''.$data[1].''; } $data[2] = ui_print_timestamp( $fileinfo['last_modified'], true, ['prominent' => true] ); if ($fileinfo['is_dir']) { $data[3] = ''; } else { $data[3] = ui_format_filesize($fileinfo['size']); } // Actions buttons // Delete button $data[4] = ''; $data[4] .= ''; $typefile = array_pop(explode('.', $fileinfo['name'])); if (is_writable($fileinfo['realpath']) && (! is_dir($fileinfo['realpath']) || count(scandir($fileinfo['realpath'])) < 3) && (!$readOnly) ) { $data[4] .= ''; if (($editor) && (!$readOnly)) { if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg') && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') ) { $hash = md5($fileinfo['realpath'].$config['dbpass']); $data[4] .= "".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file')]).''; } } } if ((!$fileinfo['is_dir']) && ($download_button)) { $hash = md5($fileinfo['realpath'].$config['dbpass']); $data[4] .= ''; $data[4] .= html_print_image('images/file.png', true); $data[4] .= ''; } $data[4] .= ''; array_push($table->data, $data); } if (!$readOnly) { if (is_writable($real_directory)) { // The buttons to make actions $tabs_dialog = '