1
|
|
|
<?php |
|
|
|
|
2
|
|
|
defined('PH7') or exit('Restricted access'); |
3
|
|
|
if (!\PH7\Admin::auth()) exit('Restricted access'); // Accessible only for admins |
4
|
|
|
|
5
|
|
|
/** |
6
|
|
|
* Default elFinder connector |
7
|
|
|
* |
8
|
|
|
* @author Dmitry (dio) Levashov |
9
|
|
|
**/ |
10
|
|
|
class elFinderConnector { |
11
|
|
|
/** |
12
|
|
|
* elFinder instance |
13
|
|
|
* |
14
|
|
|
* @var elFinder |
15
|
|
|
**/ |
16
|
|
|
protected $elFinder; |
17
|
|
|
|
18
|
|
|
/** |
19
|
|
|
* Options |
20
|
|
|
* |
21
|
|
|
* @var aray |
22
|
|
|
**/ |
23
|
|
|
protected $options = array(); |
24
|
|
|
|
25
|
|
|
/** |
26
|
|
|
* undocumented class variable |
27
|
|
|
* |
28
|
|
|
* @var string |
29
|
|
|
**/ |
30
|
|
|
protected $header = 'Content-Type: application/json'; |
31
|
|
|
|
32
|
|
|
/** |
33
|
|
|
* HTTP request method |
34
|
|
|
* |
35
|
|
|
* @var string |
36
|
|
|
*/ |
37
|
|
|
protected $reqMethod = ''; |
38
|
|
|
|
39
|
|
|
/** |
40
|
|
|
* Constructor |
41
|
|
|
* |
42
|
|
|
* @param $elFinder |
43
|
|
|
* @param bool $debug |
44
|
|
|
* @author Dmitry (dio) Levashov |
45
|
|
|
*/ |
46
|
|
|
public function __construct($elFinder, $debug=false) { |
|
|
|
|
47
|
|
|
|
48
|
|
|
$this->elFinder = $elFinder; |
49
|
|
|
$this->reqMethod = strtoupper($_SERVER["REQUEST_METHOD"]); |
50
|
|
|
if ($debug) { |
51
|
|
|
$this->header = 'Content-Type: text/html; charset=utf-8'; |
52
|
|
|
} |
53
|
|
|
} |
54
|
|
|
|
55
|
|
|
/** |
56
|
|
|
* Execute elFinder command and output result |
57
|
|
|
* |
58
|
|
|
* @return void |
59
|
|
|
* @author Dmitry (dio) Levashov |
60
|
|
|
**/ |
61
|
|
|
public function run() { |
|
|
|
|
62
|
|
|
$isPost = $this->reqMethod === 'POST'; |
63
|
|
|
$src = $isPost ? $_POST : $_GET; |
64
|
|
|
if ($isPost && !$src && $rawPostData = @file_get_contents('php://input')) { |
65
|
|
|
// for support IE XDomainRequest() |
66
|
|
|
$parts = explode('&', $rawPostData); |
67
|
|
|
foreach($parts as $part) { |
68
|
|
|
list($key, $value) = array_pad(explode('=', $part), 2, ''); |
69
|
|
|
$key = rawurldecode($key); |
70
|
|
|
if (substr($key, -2) === '[]') { |
71
|
|
|
$key = substr($key, 0, strlen($key) - 2); |
72
|
|
|
if (!isset($src[$key])) { |
73
|
|
|
$src[$key] = array(); |
74
|
|
|
} |
75
|
|
|
$src[$key][] = rawurldecode($value); |
76
|
|
|
} else { |
77
|
|
|
$src[$key] = rawurldecode($value); |
78
|
|
|
} |
79
|
|
|
} |
80
|
|
|
$_POST = $this->input_filter($src); |
81
|
|
|
$_REQUEST = $this->input_filter(array_merge_recursive($src, $_REQUEST)); |
82
|
|
|
} |
83
|
|
|
$cmd = isset($src['cmd']) ? $src['cmd'] : ''; |
84
|
|
|
$args = array(); |
85
|
|
|
|
86
|
|
|
if (!function_exists('json_encode')) { |
87
|
|
|
$error = $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_JSON); |
88
|
|
|
$this->output(array('error' => '{"error":["'.implode('","', $error).'"]}', 'raw' => true)); |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
if (!$this->elFinder->loaded()) { |
92
|
|
|
$this->output(array('error' => $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_VOL), 'debug' => $this->elFinder->mountErrors)); |
93
|
|
|
} |
94
|
|
|
|
95
|
|
|
// telepat_mode: on |
96
|
|
|
if (!$cmd && $isPost) { |
97
|
|
|
$this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UPLOAD, elFinder::ERROR_UPLOAD_TOTAL_SIZE), 'header' => 'Content-Type: text/html')); |
98
|
|
|
} |
99
|
|
|
// telepat_mode: off |
100
|
|
|
|
101
|
|
|
if (!$this->elFinder->commandExists($cmd)) { |
102
|
|
|
$this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UNKNOWN_CMD))); |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
// collect required arguments to exec command |
106
|
|
|
$hasFiles = false; |
107
|
|
|
foreach ($this->elFinder->commandArgsList($cmd) as $name => $req) { |
108
|
|
|
if ($name === 'FILES') { |
109
|
|
|
if (isset($_FILES)) { |
110
|
|
|
$hasFiles = true; |
111
|
|
|
} elseif ($req) { |
112
|
|
|
$this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd))); |
113
|
|
|
} |
114
|
|
|
} else { |
115
|
|
|
$arg = isset($src[$name])? $src[$name] : ''; |
116
|
|
|
|
117
|
|
|
if (!is_array($arg) && $req !== '') { |
118
|
|
|
$arg = trim($arg); |
119
|
|
|
} |
120
|
|
|
if ($req && $arg === '') { |
121
|
|
|
$this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd))); |
122
|
|
|
} |
123
|
|
|
$args[$name] = $arg; |
124
|
|
|
} |
125
|
|
|
} |
126
|
|
|
|
127
|
|
|
$args['debug'] = isset($src['debug']) ? !!$src['debug'] : false; |
128
|
|
|
|
129
|
|
|
$args = $this->input_filter($args); |
130
|
|
|
if ($hasFiles) { |
131
|
|
|
$args['FILES'] = $_FILES; |
132
|
|
|
} |
133
|
|
|
|
134
|
|
|
$this->output($this->elFinder->exec($cmd, $args)); |
135
|
|
|
} |
136
|
|
|
|
137
|
|
|
/** |
138
|
|
|
* Output json |
139
|
|
|
* |
140
|
|
|
* @param array data to output |
141
|
|
|
* @return void |
142
|
|
|
* @author Dmitry (dio) Levashov |
143
|
|
|
**/ |
144
|
|
|
protected function output(array $data) { |
|
|
|
|
145
|
|
|
// clear output buffer |
146
|
|
|
while(ob_get_level() && ob_end_clean()){} |
|
|
|
|
147
|
|
|
|
148
|
|
|
$header = isset($data['header']) ? $data['header'] : $this->header; |
149
|
|
|
unset($data['header']); |
150
|
|
|
if ($header) { |
151
|
|
|
if (is_array($header)) { |
152
|
|
|
foreach ($header as $h) { |
153
|
|
|
header($h); |
154
|
|
|
} |
155
|
|
|
} else { |
156
|
|
|
header($header); |
157
|
|
|
} |
158
|
|
|
} |
159
|
|
|
|
160
|
|
|
if (isset($data['pointer'])) { |
161
|
|
|
$toEnd = true; |
162
|
|
|
$fp = $data['pointer']; |
163
|
|
|
if (($this->reqMethod === 'GET' || $this->reqMethod === 'HEAD') |
164
|
|
|
&& elFinder::isSeekableStream($fp) |
165
|
|
|
&& (array_search('Accept-Ranges: none', headers_list()) === false)) { |
166
|
|
|
header('Accept-Ranges: bytes'); |
167
|
|
|
$psize = null; |
168
|
|
|
if (!empty($_SERVER['HTTP_RANGE'])) { |
169
|
|
|
$size = $data['info']['size']; |
170
|
|
|
$start = 0; |
|
|
|
|
171
|
|
|
$end = $size - 1; |
172
|
|
|
if (preg_match('/bytes=(\d*)-(\d*)(,?)/i', $_SERVER['HTTP_RANGE'], $matches)) { |
173
|
|
|
if (empty($matches[3])) { |
174
|
|
|
if (empty($matches[1]) && $matches[1] !== '0') { |
175
|
|
|
$start = $size - $matches[2]; |
176
|
|
|
} else { |
177
|
|
|
$start = intval($matches[1]); |
178
|
|
|
if (!empty($matches[2])) { |
179
|
|
|
$end = intval($matches[2]); |
180
|
|
|
if ($end >= $size) { |
181
|
|
|
$end = $size - 1; |
182
|
|
|
} |
183
|
|
|
$toEnd = ($end == ($size - 1)); |
184
|
|
|
} |
185
|
|
|
} |
186
|
|
|
$psize = $end - $start + 1; |
187
|
|
|
|
188
|
|
|
header('HTTP/1.1 206 Partial Content'); |
189
|
|
|
header('Content-Length: ' . $psize); |
190
|
|
|
header('Content-Range: bytes ' . $start . '-' . $end . '/' . $size); |
191
|
|
|
|
192
|
|
|
fseek($fp, $start); |
193
|
|
|
} |
194
|
|
|
} |
195
|
|
|
} |
196
|
|
|
if (is_null($psize)){ |
197
|
|
|
elFinder::rewind($fp); |
198
|
|
|
} |
199
|
|
|
} else { |
200
|
|
|
header('Accept-Ranges: none'); |
201
|
|
|
if (isset($data['info']) && ! $data['info']['size']) { |
202
|
|
|
if (function_exists('header_remove')) { |
203
|
|
|
header_remove('Content-Length'); |
204
|
|
|
} else { |
205
|
|
|
header('Content-Length:'); |
206
|
|
|
} |
207
|
|
|
} |
208
|
|
|
} |
209
|
|
|
|
210
|
|
|
// unlock session data for multiple access |
211
|
|
|
$this->elFinder->getSession()->close(); |
212
|
|
|
// client disconnect should abort |
213
|
|
|
ignore_user_abort(false); |
214
|
|
|
|
215
|
|
|
if ($reqMethod !== 'HEAD') { |
|
|
|
|
216
|
|
|
if ($toEnd) { |
217
|
|
|
fpassthru($fp); |
218
|
|
|
} else { |
219
|
|
|
$out = fopen('php://output', 'wb'); |
220
|
|
|
stream_copy_to_stream($fp, $out, $psize); |
|
|
|
|
221
|
|
|
fclose($out); |
222
|
|
|
} |
223
|
|
|
} |
224
|
|
|
|
225
|
|
|
if (!empty($data['volume'])) { |
226
|
|
|
$data['volume']->close($data['pointer'], $data['info']['hash']); |
227
|
|
|
} |
228
|
|
|
exit(); |
|
|
|
|
229
|
|
|
} else { |
230
|
|
|
if (!empty($data['raw']) && !empty($data['error'])) { |
231
|
|
|
echo $data['error']; |
232
|
|
|
} else { |
233
|
|
|
if (isset($data['debug']) && isset($data['debug']['phpErrors'])) { |
234
|
|
|
$data['debug']['phpErrors'] = array_merge($data['debug']['phpErrors'], elFinder::$phpErrors); |
235
|
|
|
} |
236
|
|
|
echo json_encode($data); |
237
|
|
|
} |
238
|
|
|
flush(); |
239
|
|
|
exit(0); |
|
|
|
|
240
|
|
|
} |
241
|
|
|
|
242
|
|
|
} |
243
|
|
|
|
244
|
|
|
/** |
245
|
|
|
* Remove null & stripslashes applies on "magic_quotes_gpc" |
246
|
|
|
* |
247
|
|
|
* @param mixed $args |
248
|
|
|
* @return mixed |
249
|
|
|
* @author Naoki Sawada |
250
|
|
|
*/ |
251
|
|
|
protected function input_filter($args) { |
252
|
|
|
static $magic_quotes_gpc = NULL; |
253
|
|
|
|
254
|
|
|
if ($magic_quotes_gpc === NULL) |
255
|
|
|
$magic_quotes_gpc = (version_compare(PHP_VERSION, '5.4', '<') && get_magic_quotes_gpc()); |
256
|
|
|
|
257
|
|
|
if (is_array($args)) { |
258
|
|
|
return array_map(array(& $this, 'input_filter'), $args); |
259
|
|
|
} |
260
|
|
|
$res = str_replace("\0", '', $args); |
261
|
|
|
$magic_quotes_gpc && ($res = stripslashes($res)); |
262
|
|
|
return $res; |
263
|
|
|
} |
264
|
|
|
}// END class |
265
|
|
|
|
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.