|
1
|
|
|
<?php |
|
2
|
|
|
if( ! defined('IN_MANAGER_MODE') || IN_MANAGER_MODE !== true) { |
|
3
|
|
|
die("<b>INCLUDE_ORDERING_ERROR</b><br /><br />Please use the EVO Content Manager instead of accessing this file directly."); |
|
4
|
|
|
} |
|
5
|
|
|
if (!$modx->hasPermission('file_manager')) { |
|
6
|
|
|
$modx->webAlertAndQuit($_lang["error_no_privileges"]); |
|
7
|
|
|
} |
|
8
|
|
|
$token_check = checkToken(); |
|
9
|
|
|
$newToken = makeToken(); |
|
10
|
|
|
|
|
11
|
|
|
// settings |
|
12
|
|
|
$theme_image_path = $modx->config['site_manager_url'] . 'media/style/' . $modx->config['manager_theme'] . '/images/'; |
|
13
|
|
|
$excludes = array( |
|
14
|
|
|
'.', |
|
15
|
|
|
'..', |
|
16
|
|
|
'.svn' |
|
17
|
|
|
); |
|
18
|
|
|
$alias_suffix = (!empty($friendly_url_suffix)) ? ',' . ltrim($friendly_url_suffix, '.') : ''; |
|
19
|
|
|
$editablefiles = explode(',', 'txt,php,tpl,less,sass,shtml,html,htm,xml,js,css,pageCache,htaccess,json,ini' . $alias_suffix); |
|
20
|
|
|
$inlineviewablefiles = explode(',', 'txt,php,tpl,less,sass,html,htm,xml,js,css,pageCache,htaccess,json,ini' . $alias_suffix); |
|
21
|
|
|
$viewablefiles = explode(',', 'jpg,gif,png,ico'); |
|
22
|
|
|
|
|
23
|
|
|
$editablefiles = add_dot($editablefiles); |
|
24
|
|
|
$inlineviewablefiles = add_dot($inlineviewablefiles); |
|
25
|
|
|
$viewablefiles = add_dot($viewablefiles); |
|
26
|
|
|
|
|
27
|
|
|
$protected_path = array(); |
|
28
|
|
|
/* jp only |
|
|
|
|
|
|
29
|
|
|
if($_SESSION['mgrRole']!=1) |
|
30
|
|
|
{ |
|
31
|
|
|
*/ |
|
32
|
|
|
$protected_path[] = $modx->config['site_manager_path']; |
|
33
|
|
|
$protected_path[] = $modx->config['base_path'] . 'temp/backup'; |
|
34
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/backup'; |
|
35
|
|
|
|
|
36
|
|
|
if (!$modx->hasPermission('save_plugin')) { |
|
37
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/plugins'; |
|
38
|
|
|
} |
|
39
|
|
|
if (!$modx->hasPermission('save_snippet')) { |
|
40
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/snippets'; |
|
41
|
|
|
} |
|
42
|
|
|
if (!$modx->hasPermission('save_template')) { |
|
43
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/templates'; |
|
44
|
|
|
} |
|
45
|
|
|
if (!$modx->hasPermission('save_module')) { |
|
46
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/modules'; |
|
47
|
|
|
} |
|
48
|
|
|
if (!$modx->hasPermission('empty_cache')) { |
|
49
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/cache'; |
|
50
|
|
|
} |
|
51
|
|
|
if (!$modx->hasPermission('import_static')) { |
|
52
|
|
|
$protected_path[] = $modx->config['base_path'] . 'temp/import'; |
|
53
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/import'; |
|
54
|
|
|
} |
|
55
|
|
|
if (!$modx->hasPermission('export_static')) { |
|
56
|
|
|
$protected_path[] = $modx->config['base_path'] . 'temp/export'; |
|
57
|
|
|
$protected_path[] = $modx->config['base_path'] . 'assets/export'; |
|
58
|
|
|
} |
|
59
|
|
|
/* |
|
60
|
|
|
} |
|
61
|
|
|
*/ |
|
62
|
|
|
|
|
63
|
|
|
// Mod added by Raymond |
|
64
|
|
|
$enablefileunzip = true; |
|
65
|
|
|
$enablefiledownload = true; |
|
66
|
|
|
$newfolderaccessmode = $new_folder_permissions ? octdec($new_folder_permissions) : 0777; |
|
67
|
|
|
$new_file_permissions = $new_file_permissions ? octdec($new_file_permissions) : 0666; |
|
68
|
|
|
// End Mod - by Raymond |
|
69
|
|
|
// make arrays from the file upload settings |
|
70
|
|
|
$upload_files = explode(',', $upload_files); |
|
71
|
|
|
$upload_images = explode(',', $upload_images); |
|
72
|
|
|
$upload_media = explode(',', $upload_media); |
|
73
|
|
|
$upload_flash = explode(',', $upload_flash); |
|
74
|
|
|
// now merge them |
|
75
|
|
|
$uploadablefiles = array_merge($upload_files, $upload_images, $upload_media, $upload_flash); |
|
76
|
|
|
$uploadablefiles = add_dot($uploadablefiles); |
|
77
|
|
|
|
|
78
|
|
|
|
|
79
|
|
|
// end settings |
|
80
|
|
|
|
|
81
|
|
|
// get the current work directory |
|
82
|
|
|
if (isset($_REQUEST['path']) && !empty($_REQUEST['path'])) { |
|
83
|
|
|
$_REQUEST['path'] = str_replace('..', '', $_REQUEST['path']); |
|
84
|
|
|
$startpath = is_dir($_REQUEST['path']) ? $_REQUEST['path'] : removeLastPath($_REQUEST['path']); |
|
85
|
|
|
} else { |
|
86
|
|
|
$startpath = $filemanager_path; |
|
87
|
|
|
} |
|
88
|
|
|
$startpath = rtrim($startpath, '/'); |
|
89
|
|
|
|
|
90
|
|
|
if (!is_readable($startpath)) { |
|
91
|
|
|
$modx->webAlertAndQuit($_lang["not_readable_dir"]); |
|
92
|
|
|
} |
|
93
|
|
|
|
|
94
|
|
|
// Raymond: get web start path for showing pictures |
|
95
|
|
|
$rf = realpath($filemanager_path); |
|
96
|
|
|
$rw = realpath('../'); |
|
97
|
|
|
$webstart_path = str_replace('\\', '/', str_replace($rw, '', $rf)); |
|
98
|
|
|
if (substr($webstart_path, 0, 1) == '/') { |
|
99
|
|
|
$webstart_path = '..' . $webstart_path; |
|
100
|
|
|
} else { |
|
101
|
|
|
$webstart_path = '../' . $webstart_path; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
?> |
|
105
|
|
|
<script type="text/javascript"> |
|
106
|
|
|
|
|
107
|
|
|
var current_path = '<?= $startpath;?>'; |
|
108
|
|
|
|
|
109
|
|
|
function viewfile (url) |
|
110
|
|
|
{ |
|
111
|
|
|
var el = document.getElementById('imageviewer'); |
|
112
|
|
|
el.innerHTML = '<img src="' + url + '" />'; |
|
113
|
|
|
el.style.display = 'block' |
|
114
|
|
|
} |
|
115
|
|
|
|
|
116
|
|
|
function setColor (o, state) |
|
117
|
|
|
{ |
|
118
|
|
|
if (!o){return; |
|
119
|
|
|
} |
|
120
|
|
|
if (state && o.style){o.style.backgroundColor = '#eeeeee'; |
|
121
|
|
|
}else if (o.style){o.style.backgroundColor = 'transparent'; |
|
122
|
|
|
} |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
function confirmDelete () |
|
126
|
|
|
{ |
|
127
|
|
|
return confirm("<?= $_lang['confirm_delete_file'] ?>"); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
function confirmDeleteFolder (status) |
|
131
|
|
|
{ |
|
132
|
|
|
if (status !== 'file_exists')return confirm("<?= $_lang['confirm_delete_dir'] ?>");else return confirm("<?= $_lang['confirm_delete_dir_recursive'] ?>"); |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
function confirmUnzip () |
|
136
|
|
|
{ |
|
137
|
|
|
return confirm("<?= $_lang['confirm_unzip_file'] ?>"); |
|
138
|
|
|
} |
|
139
|
|
|
|
|
140
|
|
|
function unzipFile (file) |
|
141
|
|
|
{ |
|
142
|
|
|
if (confirmUnzip()) { |
|
143
|
|
|
window.location.href = "index.php?a=31&mode=unzip&path=" + current_path + '/&file=' + file + "&token=<?= $newToken;?>"; |
|
144
|
|
|
return false; |
|
145
|
|
|
} |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
function getFolderName (a) |
|
149
|
|
|
{ |
|
150
|
|
|
var f = window.prompt("<?= $_lang['files_dynamic_new_file_name'] ?>", ''); |
|
151
|
|
|
if (f) a.href += encodeURI(f); |
|
152
|
|
|
return !!(f); |
|
153
|
|
|
} |
|
154
|
|
|
|
|
155
|
|
|
function getFileName (a) |
|
156
|
|
|
{ |
|
157
|
|
|
var f = window.prompt("<?= $_lang['files_dynamic_new_file_name'] ?>", ''); |
|
158
|
|
|
if (f) a.href += encodeURI(f); |
|
159
|
|
|
return !!(f); |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
|
|
function deleteFolder (folder, status) |
|
163
|
|
|
{ |
|
164
|
|
|
if (confirmDeleteFolder(status)) { |
|
165
|
|
|
window.location.href = "index.php?a=31&mode=deletefolder&path=" + current_path + "&folderpath=" + current_path + '/' + folder + "&token=<?= $newToken;?>"; |
|
166
|
|
|
return false; |
|
167
|
|
|
} |
|
168
|
|
|
} |
|
169
|
|
|
|
|
170
|
|
|
function deleteFile (file) |
|
171
|
|
|
{ |
|
172
|
|
|
if (confirmDelete()) { |
|
173
|
|
|
window.location.href = "index.php?a=31&mode=delete&path=" + current_path + '/' + file + "&token=<?= $newToken;?>"; |
|
174
|
|
|
return false; |
|
175
|
|
|
} |
|
176
|
|
|
} |
|
177
|
|
|
|
|
178
|
|
|
function duplicateFile (file) |
|
179
|
|
|
{ |
|
180
|
|
|
var newFilename = prompt("<?= $_lang["files_dynamic_new_file_name"] ?>", file); |
|
181
|
|
|
if (newFilename !== null && newFilename !== file) { |
|
182
|
|
|
window.location.href = "index.php?a=31&mode=duplicate&path=" + current_path + '/' + file + "&newFilename=" + newFilename + "&token=<?= $newToken;?>"; |
|
183
|
|
|
} |
|
184
|
|
|
} |
|
185
|
|
|
|
|
186
|
|
|
function renameFolder (dir) |
|
187
|
|
|
{ |
|
188
|
|
|
var newDirname = prompt("<?= $_lang["files_dynamic_new_folder_name"] ?>", dir); |
|
189
|
|
|
if (newDirname !== null && newDirname !== dir) { |
|
190
|
|
|
window.location.href = "index.php?a=31&mode=renameFolder&path=" + current_path + '&dirname=' + dir + "&newDirname=" + newDirname + "&token=<?= $newToken;?>"; |
|
191
|
|
|
} |
|
192
|
|
|
} |
|
193
|
|
|
|
|
194
|
|
|
function renameFile (file) |
|
195
|
|
|
{ |
|
196
|
|
|
var newFilename = prompt("<?= $_lang["files_dynamic_new_file_name"] ?>", file); |
|
197
|
|
|
if (newFilename !== null && newFilename !== file) { |
|
198
|
|
|
window.location.href = "index.php?a=31&mode=renameFile&path=" + current_path + '/' + file + "&newFilename=" + newFilename + "&token=<?= $newToken;?>"; |
|
199
|
|
|
} |
|
200
|
|
|
} |
|
201
|
|
|
|
|
202
|
|
|
</script> |
|
203
|
|
|
|
|
204
|
|
|
<h1> |
|
205
|
|
|
<i class="fa fa-folder-open-o"></i><?= $_lang['manage_files'] ?> |
|
206
|
|
|
</h1> |
|
207
|
|
|
|
|
208
|
|
|
<div id="actions"> |
|
209
|
|
|
<div class="btn-group"> |
|
210
|
|
|
<?php if ($_POST['mode'] == 'save' || $_GET['mode'] == 'edit') : ?> |
|
211
|
|
|
<a class="btn btn-success" href="javascript:;" onclick="documentDirty=false;document.editFile.submit();"> |
|
212
|
|
|
<i class="<?= $_style["files_save"] ?>"></i><span><?= $_lang['save'] ?></span> |
|
213
|
|
|
</a> |
|
214
|
|
|
<?php endif ?> |
|
215
|
|
|
<?php |
|
216
|
|
|
if (isset($_GET['mode']) && $_GET['mode'] !== 'drill') { |
|
217
|
|
|
$href = 'a=31&path=' . urlencode($_REQUEST['path']); |
|
218
|
|
|
} else { |
|
219
|
|
|
$href = 'a=2'; |
|
220
|
|
|
} |
|
221
|
|
|
if (is_writable($startpath)) { |
|
222
|
|
|
$ph = array(); |
|
223
|
|
|
$ph['style_path'] = $theme_image_path; |
|
224
|
|
|
$tpl = '<a class="btn btn-secondary" href="[+href+]" onclick="return getFolderName(this);"><i class="[+image+]"></i><span>[+subject+]</span></a>'; |
|
225
|
|
|
$ph['image'] = $_style['files_folder-open']; |
|
226
|
|
|
$ph['subject'] = $_lang['add_folder']; |
|
227
|
|
|
$ph['href'] = 'index.php?a=31&mode=newfolder&path=' . urlencode($startpath) . '&name='; |
|
228
|
|
|
$_ = parsePlaceholder($tpl, $ph); |
|
229
|
|
|
|
|
230
|
|
|
$tpl = '<a class="btn btn-secondary" href="[+href+]" onclick="return getFileName(this);"><i class="[+image+]"></i><span>' . $_lang['files.dynamic.php1'] . '</span></a>'; |
|
231
|
|
|
$ph['image'] = $_style['files_page_html']; |
|
232
|
|
|
$ph['href'] = 'index.php?a=31&mode=newfile&path=' . urlencode($startpath) . '&name='; |
|
233
|
|
|
$_ .= parsePlaceholder($tpl, $ph); |
|
234
|
|
|
echo $_; |
|
235
|
|
|
} |
|
236
|
|
|
?> |
|
237
|
|
|
<a id="Button5" class="btn btn-secondary" href="javascript:;" onclick="documentDirty=false;document.location.href='index.php?<?= $href ?>';"> |
|
238
|
|
|
<i class="<?= $_style["actions_cancel"] ?>"></i><span><?= $_lang['cancel'] ?></span> |
|
239
|
|
|
</a> |
|
240
|
|
|
</div> |
|
241
|
|
|
</div> |
|
242
|
|
|
|
|
243
|
|
|
<div id="ManageFiles"> |
|
244
|
|
|
<div class="container breadcrumbs"> |
|
245
|
|
|
<?php |
|
246
|
|
|
if (!empty($_FILES['userfile'])) { |
|
247
|
|
|
$information = fileupload(); |
|
248
|
|
|
} elseif ($_POST['mode'] == 'save') { |
|
249
|
|
|
echo textsave(); |
|
250
|
|
|
} elseif ($_REQUEST['mode'] == 'delete') { |
|
251
|
|
|
echo delete_file(); |
|
252
|
|
|
} |
|
253
|
|
|
|
|
254
|
|
|
if (in_array($startpath, $protected_path)) { |
|
255
|
|
|
$modx->webAlertAndQuit($_lang["files.dynamic.php2"]); |
|
256
|
|
|
} |
|
257
|
|
|
|
|
258
|
|
|
$tpl = '<i class="[+image+] FilesTopFolder"></i>[+subject+]'; |
|
259
|
|
|
$ph = array(); |
|
260
|
|
|
$ph['style_path'] = $theme_image_path; |
|
261
|
|
|
// To Top Level with folder icon to the left |
|
262
|
|
|
if ($startpath == $filemanager_path || $startpath . '/' == $filemanager_path) { |
|
263
|
|
|
$ph['image'] = '' . $_style['files_top'] . ''; |
|
264
|
|
|
$ph['subject'] = '<span>Top</span>'; |
|
265
|
|
|
} else { |
|
266
|
|
|
$ph['image'] = '' . $_style['files_top'] . ''; |
|
267
|
|
|
$ph['subject'] = '<a href="index.php?a=31&mode=drill&path=' . $filemanager_path . '">Top</a>/'; |
|
268
|
|
|
} |
|
269
|
|
|
|
|
270
|
|
|
echo parsePlaceholder($tpl, $ph); |
|
271
|
|
|
|
|
272
|
|
|
$len = strlen($filemanager_path); |
|
273
|
|
|
if (substr($startpath, $len, strlen($startpath)) == '') { |
|
274
|
|
|
$topic_path = '/'; |
|
275
|
|
|
} else { |
|
276
|
|
|
$topic_path = substr($startpath, $len, strlen($startpath)); |
|
277
|
|
|
$pieces = explode('/', rtrim($topic_path, '/')); |
|
278
|
|
|
$path = ''; |
|
279
|
|
|
$count = count($pieces); |
|
280
|
|
|
foreach ($pieces as $i => $v) { |
|
281
|
|
|
if (empty($v)) { |
|
282
|
|
|
continue; |
|
283
|
|
|
} |
|
284
|
|
|
$path .= rtrim($v, '/') . '/'; |
|
285
|
|
|
if (1 < $count) { |
|
286
|
|
|
$href = 'index.php?a=31&mode=drill&path=' . urlencode($filemanager_path . $path); |
|
287
|
|
|
$pieces[$i] = '<a href="' . $href . '">' . trim($v, '/') . '</a>'; |
|
288
|
|
|
} else { |
|
289
|
|
|
$pieces[$i] = '<span>' . trim($v, '/') . '</span>'; |
|
290
|
|
|
} |
|
291
|
|
|
$count--; |
|
292
|
|
|
} |
|
293
|
|
|
$topic_path = implode('/', $pieces); |
|
294
|
|
|
} |
|
295
|
|
|
|
|
296
|
|
|
echo $topic_path; |
|
297
|
|
|
|
|
298
|
|
|
?> |
|
299
|
|
|
</div> |
|
300
|
|
|
<?php |
|
301
|
|
|
// check to see user isn't trying to move below the document_root |
|
302
|
|
|
if (substr(strtolower(str_replace('//', '/', $startpath . "/")), 0, $len) != strtolower(str_replace('//', '/', $filemanager_path . '/'))) { |
|
303
|
|
|
$modx->webAlertAndQuit($_lang["files_access_denied"]); |
|
304
|
|
|
} |
|
305
|
|
|
|
|
306
|
|
|
// Unzip .zip files - by Raymond |
|
307
|
|
|
if ($enablefileunzip && $_REQUEST['mode'] == 'unzip' && is_writable($startpath)) { |
|
308
|
|
|
if (!$err = unzip(realpath("{$startpath}/" . $_REQUEST['file']), realpath($startpath))) { |
|
309
|
|
|
echo '<span class="warning"><b>' . $_lang['file_unzip_fail'] . ($err === 0 ? 'Missing zip library (php_zip.dll / zip.so)' : '') . '</b></span><br /><br />'; |
|
310
|
|
|
} else { |
|
311
|
|
|
echo '<span class="success"><b>' . $_lang['file_unzip'] . '</b></span><br /><br />'; |
|
312
|
|
|
} |
|
313
|
|
|
} |
|
314
|
|
|
// End Unzip - Raymond |
|
315
|
|
|
|
|
316
|
|
|
|
|
317
|
|
|
// New Folder & Delete Folder option - Raymond |
|
318
|
|
|
if (is_writable($startpath)) { |
|
319
|
|
|
// Delete Folder |
|
320
|
|
|
if ($_REQUEST['mode'] == 'deletefolder') { |
|
321
|
|
|
$folder = $_REQUEST['folderpath']; |
|
322
|
|
|
if (!$token_check || !@rrmdir($folder)) { |
|
323
|
|
|
echo '<span class="warning"><b>' . $_lang['file_folder_not_deleted'] . '</b></span><br /><br />'; |
|
324
|
|
|
} else { |
|
325
|
|
|
echo '<span class="success"><b>' . $_lang['file_folder_deleted'] . '</b></span><br /><br />'; |
|
326
|
|
|
} |
|
327
|
|
|
} |
|
328
|
|
|
|
|
329
|
|
|
// Create folder here |
|
330
|
|
|
if ($_REQUEST['mode'] == 'newfolder') { |
|
331
|
|
|
$old_umask = umask(0); |
|
332
|
|
|
$foldername = str_replace('..\\', '', str_replace('../', '', $_REQUEST['name'])); |
|
333
|
|
|
if (!mkdirs("{$startpath}/{$foldername}", 0777)) { |
|
334
|
|
|
echo '<span class="warning"><b>', $_lang['file_folder_not_created'], '</b></span><br /><br />'; |
|
335
|
|
|
} else { |
|
336
|
|
|
if (!@chmod($startpath . '/' . $foldername, $newfolderaccessmode)) { |
|
337
|
|
|
echo '<span class="warning"><b>' . $_lang['file_folder_chmod_error'] . '</b></span><br /><br />'; |
|
338
|
|
|
} else { |
|
339
|
|
|
echo '<span class="success"><b>' . $_lang['file_folder_created'] . '</b></span><br /><br />'; |
|
340
|
|
|
} |
|
341
|
|
|
} |
|
342
|
|
|
umask($old_umask); |
|
343
|
|
|
} |
|
344
|
|
|
// Create file here |
|
345
|
|
|
if ($_REQUEST['mode'] == 'newfile') { |
|
346
|
|
|
$old_umask = umask(0); |
|
347
|
|
|
$filename = str_replace('..\\', '', str_replace('../', '', $_REQUEST['name'])); |
|
348
|
|
|
$filename = $modx->db->escape($filename); |
|
349
|
|
|
|
|
350
|
|
|
if (!checkExtension($filename)) { |
|
351
|
|
|
echo '<span class="warning"><b>' . $_lang['files_filetype_notok'] . '</b></span><br /><br />'; |
|
352
|
|
|
} elseif (preg_match('@(\\\\|\/|\:|\;|\,|\*|\?|\"|\<|\>|\||\?)@', $filename) !== 0) { |
|
353
|
|
|
echo $_lang['files.dynamic.php3']; |
|
354
|
|
|
} else { |
|
355
|
|
|
$rs = file_put_contents("{$startpath}/{$filename}", ''); |
|
356
|
|
|
if ($rs === false) { |
|
357
|
|
|
echo '<span class="warning"><b>', $_lang['file_folder_not_created'], '</b></span><br /><br />'; |
|
358
|
|
|
} else { |
|
359
|
|
|
echo $_lang['files.dynamic.php4']; |
|
360
|
|
|
} |
|
361
|
|
|
umask($old_umask); |
|
362
|
|
|
} |
|
363
|
|
|
} |
|
364
|
|
|
// Duplicate file here |
|
365
|
|
|
if ($_REQUEST['mode'] == 'duplicate') { |
|
366
|
|
|
$old_umask = umask(0); |
|
367
|
|
|
$filename = $_REQUEST['path']; |
|
368
|
|
|
$filename = $modx->db->escape($filename); |
|
369
|
|
|
$newFilename = str_replace('..\\', '', str_replace('../', '', $_REQUEST['newFilename'])); |
|
370
|
|
|
$newFilename = $modx->db->escape($newFilename); |
|
371
|
|
|
|
|
372
|
|
View Code Duplication |
if (!checkExtension($newFilename)) { |
|
373
|
|
|
echo '<span class="warning"><b>' . $_lang['files_filetype_notok'] . '</b></span><br /><br />'; |
|
374
|
|
|
} elseif (preg_match('@(\\\\|\/|\:|\;|\,|\*|\?|\"|\<|\>|\||\?)@', $newFilename) !== 0) { |
|
375
|
|
|
echo $_lang['files.dynamic.php3']; |
|
376
|
|
|
} else { |
|
377
|
|
|
if (!copy($filename, MODX_BASE_PATH . $newFilename)) { |
|
378
|
|
|
echo $_lang['files.dynamic.php5']; |
|
379
|
|
|
} |
|
380
|
|
|
umask($old_umask); |
|
381
|
|
|
} |
|
382
|
|
|
} |
|
383
|
|
|
// Rename folder here |
|
384
|
|
|
if ($_REQUEST['mode'] == 'renameFolder') { |
|
385
|
|
|
$old_umask = umask(0); |
|
386
|
|
|
$dirname = $_REQUEST['path'] . '/' . $_REQUEST['dirname']; |
|
387
|
|
|
$dirname = $modx->db->escape($dirname); |
|
388
|
|
|
$newDirname = str_replace(array( |
|
389
|
|
|
'..\\', |
|
390
|
|
|
'../', |
|
391
|
|
|
'\\', |
|
392
|
|
|
'/' |
|
393
|
|
|
), '', $_REQUEST['newDirname']); |
|
394
|
|
|
$newDirname = $modx->db->escape($newDirname); |
|
395
|
|
|
|
|
396
|
|
|
if (preg_match('@(\\\\|\/|\:|\;|\,|\*|\?|\"|\<|\>|\||\?)@', $newDirname) !== 0) { |
|
397
|
|
|
echo $_lang['files.dynamic.php3']; |
|
398
|
|
|
} else if (!rename($dirname, $_REQUEST['path'] . '/' . $newDirname)) { |
|
399
|
|
|
echo '<span class="warning"><b>', $_lang['file_folder_not_created'], '</b></span><br /><br />'; |
|
400
|
|
|
} |
|
401
|
|
|
umask($old_umask); |
|
402
|
|
|
} |
|
403
|
|
|
// Rename file here |
|
404
|
|
|
if ($_REQUEST['mode'] == 'renameFile') { |
|
405
|
|
|
$old_umask = umask(0); |
|
406
|
|
|
$path = dirname($_REQUEST['path']); |
|
407
|
|
|
$filename = $_REQUEST['path']; |
|
408
|
|
|
$filename = $modx->db->escape($filename); |
|
409
|
|
|
$newFilename = str_replace(array( |
|
410
|
|
|
'..\\', |
|
411
|
|
|
'../', |
|
412
|
|
|
'\\', |
|
413
|
|
|
'/' |
|
414
|
|
|
), '', $_REQUEST['newFilename']); |
|
415
|
|
|
$newFilename = $modx->db->escape($newFilename); |
|
416
|
|
|
|
|
417
|
|
View Code Duplication |
if (!checkExtension($newFilename)) { |
|
418
|
|
|
echo '<span class="warning"><b>' . $_lang['files_filetype_notok'] . '</b></span><br /><br />'; |
|
419
|
|
|
} elseif (preg_match('@(\\\\|\/|\:|\;|\,|\*|\?|\"|\<|\>|\||\?)@', $newFilename) !== 0) { |
|
420
|
|
|
echo $_lang['files.dynamic.php3']; |
|
421
|
|
|
} else { |
|
422
|
|
|
if (!rename($filename, $path . '/' . $newFilename)) { |
|
423
|
|
|
echo $_lang['files.dynamic.php5']; |
|
424
|
|
|
} |
|
425
|
|
|
umask($old_umask); |
|
426
|
|
|
} |
|
427
|
|
|
} |
|
428
|
|
|
} |
|
429
|
|
|
// End New Folder - Raymond |
|
430
|
|
|
|
|
431
|
|
|
$filesize = 0; |
|
432
|
|
|
$files = 0; |
|
433
|
|
|
$folders = 0; |
|
434
|
|
|
$dirs_array = array(); |
|
435
|
|
|
$files_array = array(); |
|
436
|
|
|
if (strlen(MODX_BASE_PATH) < strlen($filemanager_path)) { |
|
437
|
|
|
$len--; |
|
438
|
|
|
} |
|
439
|
|
|
|
|
440
|
|
|
?> |
|
441
|
|
|
<div class="table-responsive"> |
|
442
|
|
|
<table id="FilesTable" class="table data"> |
|
443
|
|
|
<thead> |
|
444
|
|
|
<tr> |
|
445
|
|
|
<th><?= $_lang['files_filename'] ?></th> |
|
446
|
|
|
<th style="width: 1%;"><?= $_lang['files_modified'] ?></th> |
|
447
|
|
|
<th style="width: 1%;"><?= $_lang['files_filesize'] ?></th> |
|
448
|
|
|
<th style="width: 1%;" class="text-nowrap"><?= $_lang['files_fileoptions'] ?></th> |
|
449
|
|
|
</tr> |
|
450
|
|
|
</thead> |
|
451
|
|
|
<?php |
|
452
|
|
|
ls($startpath); |
|
453
|
|
|
echo "\n\n\n"; |
|
454
|
|
|
if ($folders == 0 && $files == 0) { |
|
455
|
|
|
echo '<tr><td colspan="4"><i class="' . $_style['files_deleted_folder'] . ' FilesDeletedFolder"></i> <span style="color:#888;cursor:default;"> ' . $_lang['files_directory_is_empty'] . ' </span></td></tr>'; |
|
456
|
|
|
} |
|
457
|
|
|
?> |
|
458
|
|
|
</table> |
|
459
|
|
|
</div> |
|
460
|
|
|
|
|
461
|
|
|
<div class="container"> |
|
462
|
|
|
<p> |
|
463
|
|
|
<?php |
|
464
|
|
|
echo $_lang['files_directories'] . ': <b>' . $folders . '</b> '; |
|
465
|
|
|
echo $_lang['files_files'] . ': <b>' . $files . '</b> '; |
|
466
|
|
|
echo $_lang['files_data'] . ': <b><span dir="ltr">' . $modx->nicesize($filesizes) . '</span></b> '; |
|
467
|
|
|
echo $_lang['files_dirwritable'] . ' <b>' . (is_writable($startpath) == 1 ? $_lang['yes'] . '.' : $_lang['no']) . '.</b>' |
|
468
|
|
|
?> |
|
469
|
|
|
</p> |
|
470
|
|
|
|
|
471
|
|
|
<?php |
|
472
|
|
|
if (((@ini_get("file_uploads") == true) || get_cfg_var("file_uploads") == 1) && is_writable($startpath)) { |
|
473
|
|
|
@ini_set("upload_max_filesize", $upload_maxsize); // modified by raymond |
|
474
|
|
|
?> |
|
475
|
|
|
|
|
476
|
|
|
<form name="upload" enctype="multipart/form-data" action="index.php" method="post"> |
|
477
|
|
|
<input type="hidden" name="MAX_FILE_SIZE" value="<?= isset($upload_maxsize) ? $upload_maxsize : 3145728 ?>"> |
|
478
|
|
|
<input type="hidden" name="a" value="31"> |
|
479
|
|
|
<input type="hidden" name="path" value="<?= $startpath ?>"> |
|
480
|
|
|
|
|
481
|
|
|
<?php if (isset($information)) { |
|
482
|
|
|
echo $information; |
|
483
|
|
|
} ?> |
|
484
|
|
|
|
|
485
|
|
|
<div id="uploader"> |
|
486
|
|
|
<input type="file" name="userfile[]" onchange="document.upload.submit();" multiple> |
|
487
|
|
|
<a class="btn btn-secondary" href="javascript:;" onclick="document.upload.submit()"><?= $_lang['files_uploadfile'] ?></a> |
|
488
|
|
|
</div> |
|
489
|
|
|
</form> |
|
490
|
|
|
<?php |
|
491
|
|
|
} else { |
|
492
|
|
|
echo "<p>" . $_lang['files_upload_inhibited_msg'] . "</p>"; |
|
493
|
|
|
} |
|
494
|
|
|
?> |
|
495
|
|
|
<div id="imageviewer"></div> |
|
496
|
|
|
</div> |
|
497
|
|
|
|
|
498
|
|
|
</div> |
|
499
|
|
|
<?php |
|
500
|
|
|
|
|
501
|
|
|
if ($_REQUEST['mode'] == "edit" || $_REQUEST['mode'] == "view") { |
|
502
|
|
|
?> |
|
503
|
|
|
|
|
504
|
|
|
<div class="section" id="file_editfile"> |
|
505
|
|
|
<div class="navbar navbar-editor"><?= $_REQUEST['mode'] == "edit" ? $_lang['files_editfile'] : $_lang['files_viewfile'] ?></div> |
|
506
|
|
|
<?php |
|
507
|
|
|
$filename = $_REQUEST['path']; |
|
508
|
|
|
$buffer = file_get_contents($filename); |
|
509
|
|
|
// Log the change |
|
510
|
|
|
logFileChange('view', $filename); |
|
511
|
|
|
if ($buffer === false) { |
|
512
|
|
|
$modx->webAlertAndQuit("Error opening file for reading."); |
|
513
|
|
|
} |
|
514
|
|
|
?> |
|
515
|
|
|
<form action="index.php" method="post" name="editFile"> |
|
516
|
|
|
<input type="hidden" name="a" value="31" /> |
|
517
|
|
|
<input type="hidden" name="mode" value="save" /> |
|
518
|
|
|
<input type="hidden" name="path" value="<?= $_REQUEST['path'] ?>" /> |
|
519
|
|
|
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
|
520
|
|
|
<tr> |
|
521
|
|
|
<td> |
|
522
|
|
|
<textarea dir="ltr" name="content" id="content" class="phptextarea"><?= htmlentities($buffer, ENT_COMPAT, $modx_manager_charset) ?></textarea> |
|
523
|
|
|
</td> |
|
524
|
|
|
</tr> |
|
525
|
|
|
</table> |
|
526
|
|
|
</form> |
|
527
|
|
|
</div> |
|
528
|
|
|
<?php |
|
529
|
|
|
$pathinfo = pathinfo($filename); |
|
530
|
|
|
switch ($pathinfo['extension']) { |
|
531
|
|
|
case "css": |
|
532
|
|
|
$contentType = "text/css"; |
|
533
|
|
|
break; |
|
534
|
|
|
case "js": |
|
535
|
|
|
$contentType = "text/javascript"; |
|
536
|
|
|
break; |
|
537
|
|
|
case "json": |
|
538
|
|
|
$contentType = "application/json"; |
|
539
|
|
|
break; |
|
540
|
|
|
case "php": |
|
541
|
|
|
$contentType = "application/x-httpd-php"; |
|
542
|
|
|
break; |
|
543
|
|
|
default: |
|
544
|
|
|
$contentType = 'htmlmixed'; |
|
545
|
|
|
}; |
|
546
|
|
|
$evtOut = $modx->invokeEvent('OnRichTextEditorInit', array( |
|
547
|
|
|
'editor' => 'Codemirror', |
|
548
|
|
|
'elements' => array( |
|
549
|
|
|
'content', |
|
550
|
|
|
), |
|
551
|
|
|
'contentType' => $contentType, |
|
552
|
|
|
'readOnly' => $_REQUEST['mode'] == 'edit' ? false : true |
|
553
|
|
|
)); |
|
554
|
|
|
if (is_array($evtOut)) { |
|
555
|
|
|
echo implode('', $evtOut); |
|
556
|
|
|
} |
|
557
|
|
|
|
|
558
|
|
|
} |
|
559
|
|
|
|
|
560
|
|
|
|
evolution-cms /
evolution
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.