diff options
Diffstat (limited to 'config/filemgr/file_manager.php')
| -rw-r--r-- | config/filemgr/file_manager.php | 497 |
1 files changed, 497 insertions, 0 deletions
diff --git a/config/filemgr/file_manager.php b/config/filemgr/file_manager.php new file mode 100644 index 00000000..5e858591 --- /dev/null +++ b/config/filemgr/file_manager.php @@ -0,0 +1,497 @@ +<?php +/* + file_manager.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +include("rbfminc/config.php"); +//include("rbfminc/session.php"); +require_once('config.inc'); +require("guiconfig.inc"); + +$closehead = false; +include("head.inc"); + +global $config; +if ('ok' == 'ok') { + set_time_limit(1800); //30 min + include("rbfminc/functions.php"); + + clearstatcache(); + $_GET['p'] = urldecode($_GET['p']); + + if ($_COOKIE['current_folder']) { + $initial_folder_cookie = $_COOKIE['current_folder']; + } + + if ($_GET['url_field']) { + setcookie('url_field', $_GET['url_field']); + $url_field = $_GET['url_field']; + } else { + $url_field = $_COOKIE['url_field']; + } + + if ($_GET['p']) { + if (substr($_GET['p'], -1) != "/") { + $_GET['p'] = $_GET['p']."/"; + } + $current_folder = $_GET['p']; + } elseif (($initial_folder_cookie) && (file_exists($initial_folder_cookie))) { + if (substr($initial_folder_cookie, -1) != "/") { + $initial_folder_cookie = $initial_folder_cookie."/"; + } + $current_folder = $initial_folder_cookie; + } elseif (($initial_folder) && (file_exists($initial_folder))) { + if (substr($initial_folder, -1) != "/") { + $initial_folder = $initial_folder."/"; + } + $current_folder = $initial_folder; + } else { + $current_folder = $_SERVER['DOCUMENT_ROOT']."/"; + } + + if (($only_below) && (strlen($current_folder) < strlen($initial_folder))) { + setcookie('current_folder', '', time()-3600); + header("Location: file_manager.php"); + exit(); + } + + //setcookie('current_folder', $current_folder); + + if (substr($current_folder, 0, strlen($_SERVER['DOCUMENT_ROOT'])) == $_SERVER['DOCUMENT_ROOT']) { + $url_path = "http://" . $_SERVER['HTTP_HOST'] . "/" . substr($current_folder, strlen($_SERVER['DOCUMENT_ROOT'])); + } + + if (($_POST['save_file'] == 'save_file') && ($_GET['f'])) { + if ($handle = fopen($current_folder.$_GET['f'] , 'w')) { + if (fwrite($handle, stripslashes($_POST['file_content'])) === FALSE) { + $alert_info .= "Cannot write to file ({$current_folder}{$_GET['f']})"; + } else { + $alert_info .= "File ({$current_folder}{$_GET['f']}) successfully saved"; + $redirect = "file_manager.php?p=".urlencode($current_folder); + } + } else { + $alert_info .= "Invalid file!!!"; + } + } + + + if ($_POST['upload_file'] == 'upload_file') { + if ($_FILES['file']['error'] == 8) { + $alert_info .= "File upload stopped by extension!!!"; + } + if ($_FILES['file']['error'] == 7) { + $alert_info .= "Failed to write file to disk!!!"; + } + if ($_FILES['file']['error'] == 6) { + $alert_info .= "Missing a temporary folder!!!"; + } + if ($_FILES['file']['error'] == 4) { + $alert_info .= "No image was uploaded!!!"; + } + if ($_FILES['file']['error'] == 3) { + $alert_info .= "The uploaded file was only partially uploaded!!!"; + } + if ($_FILES['file']['error'] == 2) { + $alert_info .= "The uploaded file exceeds the MAX_FILE_SIZE!!!"; + } + if ($_FILES['file']['error'] == 1) { + $alert_info .= "The uploaded file exceeds the upload_max_filesize!!!"; + } + + + if (!$alert_info) { + if ((file_exists($current_folder.$_FILES['file']['name'])) && (!$_POST['replace_file'])) { + $alert_info .= "A file with the same name already exist in this folder\\nTo replace this file check \"Replace existing file\" in upload form!"; + $redirect = "file_manager.php?p=".urlencode($current_folder); + } else { + if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $current_folder.$_FILES['file']['name'])) { + $alert_info .= "Failed to upload file!!!"; + } else { + $alert_info .= "File successfully uploaded!"; + $redirect = "file_manager.php?p=".urlencode($current_folder); + } + } + } + } + + if (($_GET['do'] == 'delete') && ($_GET['file']) && ($_GET['type'] == 'file')) { + if (file_exists($current_folder.$_GET['file'])) { + if (!@unlink($current_folder.$_GET['file'])) { + $alert_info = "You cannot delete this file\\nThe relevant permissions must permit this."; + } else { + $alert_info = "File deleted"; + $redirect = "file_manager.php?p=".urlencode($current_folder); + } + } else { + $alert_info = "You cannot delete this file\\nInvalid file"; + } + } + + if (($_GET['do'] == 'delete') && ($_GET['file']) && ($_GET['type'] == 'directory')) { + if (file_exists($current_folder.$_GET['file'])) { + if (!RecursiveFolderDelete($current_folder.$_GET['file'])) { + $alert_info = "You cannot delete this directory\\nThe relevant permissions must permit this."; + } else { + $alert_info = "Folder deleted"; + $redirect = "file_manager.php?p=".urlencode($current_folder); + } + } else { + $alert_info = "You cannot delete this directory\\nInvalid directory"; + } + } + + if ($_POST['create_folder'] == "Create folder") { + if (@mkdir($current_folder.$_POST['folder_name'])) { + $alert_info = "Folder created successfully!"; + } else { + $alert_info = "Invalid folder name!"; + } + } + + + preg_match_all("/\//", $current_folder, $m); + if (count($m[0]) > 1) { + $up_one_level = " ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode(substr($current_folder, 0, strrpos(substr($current_folder, 0, -1), "/"))."/")."'\""; + } + + + if ($handle = @opendir($current_folder)) { + while (false !== ($folder_content = readdir($handle))) { + if ((is_dir($current_folder . '/' . $folder_content)) && ($folder_content != '.' && $folder_content != '..')) { + $folders[] = $folder_content; + } elseif ((!is_dir($current_folder . '/' . $folder_content)) && ($folder != '.') && ($folder_content != '..')) { + $files[] = $folder_content; + } + } + closedir($handle); + } else { + $error = "<h1 style=\"color:red\" align=\"center\">Invalid directory</h1>"; + } + + $container .= <<<EOF +<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\" class=\"list\" width=\"100%\" summary=\"file manager\"> + <tr> + <th style=\"padding:0;width:18px\"> </th> + <th>Name</th> + <th colspan=\"5\"> </th> + <th>Ext.</th> + <th>Size</th> + <th>Date</th> + <th>Attributes</th> + </tr> + <tr> + <td style=\"padding:0;width:18px\" title=\"UP one level\"><img width=\"16\" height=\"16\" src=\"rbfmimg/folder.png\" alt=\"F\" {$up_one_level} /></td> + <td colspan=\"11\"><b title=\"UP one level\"{$up_one_level}>[..]</b></td> + </tr> +EOF; + + $id = 1; + + if (is_array($folders)) { + array_multisort($folders, SORT_ASC, SORT_REGULAR); + foreach ($folders as $v) { + if ($v) { + $vf = $v.'/'; + $last_updated_time = date("Y.m.d H:i:s", filemtime($current_folder.$v)); + $fileperms = GetFilePerms($current_folder.$v); + + if ($url_path) { + $browser = "<a href=\"{$url_path}{$v}\" target=\"_blank\"><img src=\"rbfmimg/ico_open_as_web.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"W\" title=\"Open as web page\" /></a>"; + if ($url_field) { + $use_url = "<img src=\"rbfmimg/ico_use_file.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL ({$url_path}{$v})\" onclick=\"window.opener.document.getElementById('{$url_field}').value='{$url_path}{$v}'; window.close()\" style=\"cursor: pointer\" />"; + } else { + $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; + } + } else { + $browser = " "; + $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; + } + + + $container .= <<<EOF + <tr> + <td style=\"padding:0;width:18px\"> + <img width=\"16\" height=\"16\" src=\"rbfmimg/folder.png\" alt=\"Folder\" ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\" /> + </td> + <td> + <div style=\"padding-top:2px;\" id=\"f{$id}\" ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\"> + {$v} + </div> + + <form class=\"rename_field\" id=\"r{$id}\" name=\"r{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\"this.n.blur(); return false\"> + <input class=\"input_name rename_input\" name=\"n\" type=\"text\" value=\"{$v}\" id=\"rf{$id}\" onblur=\"document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;\" /> + <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> + <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> + <input name=\"t\" type=\"hidden\" value=\"d\" /> + <input name=\"submitS\" type=\"submit\" value=\"submitS\" style='display: none; width:0;height:0' /> + </form> + </td> + <!--<td>{$use_url}</td>--> + <td>{$browser}</td> + <td> </td> + <td> + <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_rename.png\" alt=\"Rename\" title=\"Rename\" onclick=\" document.getElementById('r{$id}').style.display = 'block'; document.getElementById('f{$id}').style.display = 'none'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()\" /> + </td> + <td> </td> + <td> + <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_delete.png\" alt=\"D\" title=\"Delete\" onclick=\"if(confirm('Delete folder "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this folder "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=directory'}\" /> + </td> + <td class=\"srow\"> </td> + <td><b><DIR></b></td> + <td class=\"srow\">{$last_updated_time}</td> + <td class=\"fileperms\">{$fileperms}</td> + </tr> +EOF; + + $id++; + } + } + } + + if (is_array($files)) { + array_multisort($files, SORT_ASC, SORT_REGULAR); + foreach ($files as $v) { + if ($v) { + $extension = substr(strrchr($v, "."), 1); + + $file_image = "ico_file.png"; + if (($extension == 'php') || ($extension == 'php3')) { + $file_image = "ico_php.png"; + } + if (($extension == 'htm') || ($extension == 'HTM') || ($extension == 'html') || ($extension == 'HTML')) { + $file_image = "ico_html.png"; + } + if (($extension == 'jpg') || ($extension == 'JPG') || ($extension == 'jpeg') || ($extension == 'JPEG') || + ($extension == 'gif') || ($extension == 'GIF') || ($extension == 'png') || ($extension == 'PNG')) { + $file_image = "ico_picture.png"; + } + + $last_updated_time = date("Y.m.d H:i:s", filemtime($current_folder.$v)); + $file_size = roundsize(filesize($current_folder.$v)); + + if (($extension == 'txt') || ($extension == 'inc') || ($extension == 'sh') || ($extension == 'js') || ($extension == 'xml') || + ($extension == 'conf') || ($extension == 'config') || ($extension == 'ini') || ($extension == 'php') || ($extension == 'php3') || + ($extension == 'htm') || ($extension == 'HTM') || ($extension == 'html') || ($extension == 'HTML') || ($extension == 'css') || ($extension == 'CSS')) { + $edit_file_content = "<a href=\"file_manager.php?p=".urlencode($current_folder)."&f=".urlencode($v)."&do=edit#file_edit\"><img width=\"16\" height=\"16\" src=\"rbfmimg/ico_script_edit.png\" alt=\"Edit\" title=\"View/Edit\" border=\"0\" /></a>"; + } else { + $edit_file_content = " "; + } + + $fileperms = GetFilePerms($current_folder.$v); + + if ($url_path) { + $browser = "<a href=\"{$url_path}{$v}\" target=\"_blank\"><img src=\"rbfmimg/ico_open_as_web.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"W\" title=\"Open as web page\" /></a>"; + if ($url_field) { + $use_url = "<img src=\"rbfmimg/ico_use_file.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL ({$url_path}{$v})\" onclick=\"window.opener.document.getElementById('{$url_field}').value='{$url_path}{$v}'; window.close()\" style=\"cursor: pointer\" />"; + } else { + $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; + } + } else { + $browser = " "; + $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; + } + + $container .= <<<EOF + <tr> + <td style=\"padding:0;width:18px\"> + <img width=\"16\" height=\"16\" src=\"rbfmimg/{$file_image}\" alt=\"File\" ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\" /> + </td> + <td> + <div style=\"padding-top:2px;\" id=\"f{$id}\" ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\"> + {$v} + </div> + + <form class=\"rename_field\" id=\"r{$id}\" name=\"r{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\"this.n.blur(); return false\"> + <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> + <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> + <input name=\"t\" type=\"hidden\" value=\"f\" /> + <input class=\"input_name\" name=\"n\" type=\"text\" value=\"{$v}\" id=\"rf{$id}\" onblur=\"document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;\" /> + <input name=\"submitS\" type=\"submit\" value=\"submitS\" style=\"display: none; width:0;height:0\" /> + </form> + </td> + <!--<td>{$use_url}</td>--> + <td>{$browser}</td> + <td> + <a href=\"rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."\"><img width=\"16\" height=\"16\" src=\"rbfmimg/ico_download.png\" alt=\"Download\" title=\"Download\" border=\"0\"/></a> + </td> + <td> + <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_rename.png\" alt=\"Rename\" title=\"Rename\" onclick=\"document.getElementById('f{$id}').style.display = 'none'; document.getElementById('r{$id}').style.display = 'block'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()\" /> + </td> + <td>{$edit_file_content}</td> + <td> + <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_delete.png\" alt=\"D\" title=\"Delete\" onclick=\"if(confirm('Delete file "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this file "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=file'}\" /> + </td> + <td class=\"srow\">{$extension}</td> + <td>{$file_size}</td> + <td class=\"srow\">{$last_updated_time}</td> + <td class=\"fileperms\">{$fileperms}</td> + </tr> +EOF; + + $id++; + } + } + } + + $container .= "</table>"; + + $container = preg_replace("/\s+/m", " ", $container); + +?> + +<link href="rbfminc/file_editor_style.css" rel="stylesheet" type="text/css" /> +</head> + +<body> + + +<?php include("fbegin.inc"); ?> + +<?php echo $security_issues; ?> +<div class="file_editor"> + <div class="header"></div> + <form id="path" name="path" method="get" action="" class="path"> + <input name="p" type="text" id="location" value="<?php echo $current_folder; ?>" /> + <input name="go" type="image" id="go" value="Go" src="rbfmimg/go.png" style="width:35; height:18" /> + </form> + <div class="url_path"><br />URL path: <a href="/<?php echo $url_path; ?>" target="_blank"><?php echo $url_path; ?></a></div> + <div class="container"> <?php echo $container; ?> <?php echo $error; ?> </div> + <form action="" method="post" enctype="multipart/form-data" name="form_upload" id="form_upload" class="form_upload"> + Upload a file in current folder: + <input type="file" name="file" id="file" /> + + <input name="replace_file" type="checkbox" value="1" /> + Replace existing file + <input type="submit" name="upload" id="upload" value="Upload" /> + <input name="upload_file" type="hidden" id="upload_file" value="upload_file" /> + </form> + <form action="" method="post" enctype="multipart/form-data" name="form_create" id="form_create" class="form_create"> + Create new folder here; Folder name: + <input name="folder_name" type="text" style="width:290" /> + <input type="submit" name="create_folder" id="create_folder" value="Create folder" /> + </form> + <iframe name="results" frameborder="0" scrolling="auto" class='results'></iframe> + <div align="center" style="margin-top:5px"> [ <img src="rbfmimg/ico_open_as_web.png" width="16" height="16" align="middle" alt="open" /> OPEN IN BROWSER ] + [ <img src="rbfmimg/ico_download.png" width="16" height="16" align="middle" alt="download" /> DOWNLOAD ] + [ <img src="rbfmimg/ico_rename.png" width="16" height="16" align="middle" alt="rename" /> RENAME ] + [ <img src="rbfmimg/ico_script_edit.png" width="16" height="16" align="middle" alt="view" /> VIEW/EDIT ] + [ <img src="rbfmimg/ico_delete.png" width="16" height="16" align="middle" alt="delete" /> DELETE ] </div> + <?php + if ($_GET['do'] == 'edit') { + + $file_content = file_get_contents($current_folder.$_GET['f']); + echo <<<EOD +<form id=\"form_edit\" name=\"form_edit\" method=\"post\" action=\"\" style='width: 670px;margin: 10px auto 0;border-top: 1px #999999 solid'> + <a name=\"file_edit\"></a> + File: <b>{$current_folder}{$_GET['f']}</b><br /> + <textarea name=\"file_content\" id=\"file_content\" cols=\"1\" rows=\"1\" style=\"width: 99%; height: 400px\">".htmlentities ($file_content)."</textarea><br /> + <input name=\"save\" type=\"submit\" value=\"Save\" /> + <input name=\"close\" type=\"button\" value=\"Close file editor\" onclick=\"document.location = 'file_manager.php?f=".urlencode($current_folder)."'\" /> + <input name=\"save_file\" type=\"hidden\" value=\"save_file\" /> +</form> +EOD; + + } + +?> + <div class="footer"></div> +</div> +<small>Created by <a href="http://www.tomschaefer.org/pfsense">TomSchaefer</a></small> +<?php +if ($alert_info) { + echo <<<EOD + <script type=\"text/javascript\"> + //<![CDATA[ + alert('{$alert_info}'); + //]]> + </script> +EOD; +} + +if ($redirect) { + echo <<<EOD + <script type=\"text/javascript\"> + //<![CDATA[ + document.location = '{$redirect}'; + //]]> + </script> +EOD; +} +?> + +<?php include("fend.inc"); ?> +</body> +</html> + +<?php +} else { +?> + + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <title>Login</title> + <style type="text/css"> + /*<![CDATA[*/ + body,td,th,input { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + } + body { + background-color: #EEEEEE; + } + /*]]>*/ + </style> + </head> + <body> + <div class="login"><br /><br /><br /><br /> + <div style="color:red" align="center"><?php echo $error_message; ?></div> + <form id="login_form" name="login_form" method="post" action=""> + <table border="0" align="center" cellpadding="4" cellspacing="0" bgcolor="#FFFFFF" style="border:1px solid #999999; padding:10px" summary="login"> + <tr> + <td align="right">Username:</td> + <td><input type="text" name="username" id="username" class="login_input" style="width:230px" /></td> + </tr> + <tr> + <td align="right">Password:</td> + <td><input type="password" name="password" id="password" class="login_input" style="width:100px" /> + </td> + </tr> + <tr> + <td colspan="2" align="right"><input type="submit" name="button" id="button" value="Login »" /></td> + </tr> + </table> + <input name="login" type="hidden" value="login" /> + </form> + </div> + </body> + </html> + +<?php +} +?> |