10 files changed, 539 insertions, 406 deletions
diff --git a/config/filemgr/rbfminc/config.php b/config/filemgr/rbfminc/config.php
new file mode 100644
index 00000000..776abf58
--- /dev/null
+++ b/config/filemgr/rbfminc/config.php
@@ -0,0 +1,123 @@
+<?php
+/*
+	config.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+// Initial folder
+$initial_folder = "/";
+// 0 = you can browse all files on the server;
+// 1= you can browse only the $initial_folder and below
+$only_below = 0;
+
+// Login info {Please change the initial username and password}
+$username = 'admin';
+$password = 'admin';
+
+/* ==================================== */
+/* BEGIN Protect against GLOBALS tricks */
+if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])) {
+	die("Hacking attempt");
+}
+
+if (isset($_SESSION) && !is_array($_SESSION)) {
+	die("Hacking attempt");
+}
+
+if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') {
+	$not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES');
+
+	if (!isset($_SESSION) || !is_array($_SESSION)) {
+		$_SESSION = array();
+	}
+	$input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES);
+
+	unset($input['input']);
+	unset($input['not_unset']);
+
+	while (list($var,) = @each($input)) {
+		if (in_array($var, $not_unset)) {
+			die('Hacking attempt!');
+		}
+		unset($$var);
+	}
+
+	unset($input);
+}
+
+if (!get_magic_quotes_gpc()) {
+	if (is_array($_GET)) {
+		while (list($k, $v) = each($_GET)) {
+			if (is_array($_GET[$k])) {
+				while (list($k2, $v2) = each($_GET[$k])) {
+					$_GET[$k][$k2] = addslashes($v2);
+				}
+				@reset($_GET[$k]);
+			} else {
+				$_GET[$k] = addslashes($v);
+			}
+		}
+		@reset($_GET);
+	}
+
+	if (is_array($_POST)) {
+		while (list($k, $v) = each($_POST)) {
+			if (is_array($_POST[$k])) {
+				while (list($k2, $v2) = each($_POST[$k])) {
+					$_POST[$k][$k2] = addslashes($v2);
+				}
+				@reset($_POST[$k]);
+			} else {
+				$_POST[$k] = addslashes($v);
+			}
+		}
+		@reset($_POST);
+	}
+
+	if (is_array($_COOKIE)) {
+		while (list($k, $v) = each($_COOKIE)) {
+			if (is_array($_COOKIE[$k])) {
+				while (list($k2, $v2) = each($_COOKIE[$k])) {
+					$_COOKIE[$k][$k2] = addslashes($v2);
+				}
+				@reset($_COOKIE[$k]);
+			} else {
+				$_COOKIE[$k] = addslashes($v);
+			}
+		}
+		@reset($_COOKIE);
+	}
+}
+/*  END Protect against GLOBALS tricks  */
+/* ==================================== */
+
+/*
+if ($username == 'admin' and $password == 'admin') {
+	$security_issues = "<div align=\"center\" style=\"color: red;\"><strong>Security issue</strong>: Please change your username or password</div>";
+}
+*/
+$security_issues = "<br />";
+?>
diff --git a/config/filemgr/rbfminc/config.tmp b/config/filemgr/rbfminc/config.tmp
deleted file mode 100644
index 405514f8..00000000
--- a/config/filemgr/rbfminc/config.tmp
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-
-
-$initial_folder = "/"; //initial folder
-$only_below = 0; // 0=you can brows all server; 1=you can brows only the $initial_folder and below
-
-//Login info {Please change the initial username and password}
-$username = 'admin';
-$password = 'admin';
-
-
-
-/***********************************/
-// Protect against GLOBALS tricks
-if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])){
-	die("Hacking attempt");
-}
-
-if (isset($_SESSION) && !is_array($_SESSION)){
-	die("Hacking attempt");
-}
-
-if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){
-	$not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES');
-
-	if (!isset($_SESSION) || !is_array($_SESSION)){
-		$_SESSION = array();
-	}
-	$input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES);
-
-	unset($input['input']);
-	unset($input['not_unset']);
-
-	while (list($var,) = @each($input)){
-		if (in_array($var, $not_unset)){
-			die('Hacking attempt!');
-		}
-		unset($$var);
-	}
-
-	unset($input);
-}
-
-if( !get_magic_quotes_gpc() ){
-	if( is_array($_GET) ){
-		while( list($k, $v) = each($_GET) ){
-			if( is_array($_GET[$k]) )
-			{
-				while( list($k2, $v2) = each($_GET[$k]) ){
-					$_GET[$k][$k2] = addslashes($v2);
-				}
-				@reset($_GET[$k]);
-			}else{
-				$_GET[$k] = addslashes($v);
-			}
-		}
-		@reset($_GET);
-	}
-
-	if( is_array($_POST) ){
-		while( list($k, $v) = each($_POST) ){
-			if( is_array($_POST[$k]) )
-			{
-				while( list($k2, $v2) = each($_POST[$k]) ){
-					$_POST[$k][$k2] = addslashes($v2);
-				}
-				@reset($_POST[$k]);
-			}else{
-				$_POST[$k] = addslashes($v);
-			}
-		}
-		@reset($_POST);
-	}
-
-	if( is_array($_COOKIE) ){
-		while( list($k, $v) = each($_COOKIE) ){
-			if( is_array($_COOKIE[$k]) ){
-				while( list($k2, $v2) = each($_COOKIE[$k]) ){
-					$_COOKIE[$k][$k2] = addslashes($v2);
-				}
-				@reset($_COOKIE[$k]);
-			}else{
-				$_COOKIE[$k] = addslashes($v);
-			}
-		}
-		@reset($_COOKIE);
-	}
-}
-//END Protect against GLOBALS tricks
-/***********************************/
-//if($username == 'admin' and $password == 'admin'){
-	//$security_issues = "<div align=\"center\" style=\"color: red;\"><b>Security issue</b>: Please change your username or password</div>";
-//}
-$security_issues = "<br />";
-?>
diff --git a/config/filemgr/rbfminc/download.php b/config/filemgr/rbfminc/download.php
new file mode 100644
index 00000000..88ff1788
--- /dev/null
+++ b/config/filemgr/rbfminc/download.php
@@ -0,0 +1,69 @@
+<?php
+/*
+	download.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+include_once("auth.inc");
+include("functions.php");
+
+// Set the cache policy
+ob_end_clean();
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// Gets the parameters
+$_GET['file_name'] = urldecode($_GET['file_name']);
+$_GET['p'] = urldecode($_GET['p']);
+
+// Check Authentication
+$candownload = false;
+$candownload = session_auth();
+if ($candownload) {
+	if (($_GET['file_name']) && ($_GET['p'])) {
+		$filepath = $_GET['p'].$_GET['file_name'];
+		if (file_exists($filepath)) {
+			$type = wp_check_filetype($_GET['file_name']);
+			header('Content-type: ' . $type[$_GET['file_name']]);
+			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
+			header('Content-Length: ' . filesize($filepath));
+			header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
+			flush();
+			readfile($filepath);
+			exit;
+		} else {
+			echo "File not found";
+		}
+	} else {
+		echo "File Unknown";
+	}
+} else {
+	echo "Session Expired";
+}
+
+?>
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
deleted file mode 100644
index badc6d19..00000000
--- a/config/filemgr/rbfminc/download.tmp
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-include_once("auth.inc");
-include "functions.php";
-//Set the cache policy
-ob_end_clean();
-header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
-header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
-header("Cache-Control: post-check=0, pre-check=0", false);
-header("Pragma: no-cache");	
-//Gets the parameters
-$_GET['file_name'] = urldecode($_GET['file_name']);
-$_GET['p'] = urldecode($_GET['p']);
-//Check Authentication
-$candownload = false;
-if (function_exists("session_auth"))
-	{//pfSense 2.X
-	$candownload = session_auth();}
-else
-	{//pfSense 1.2.3
-	$candownload = htpasswd_backed_basic_auth();}
-if ($candownload)
-{
-	if($_GET['file_name'] and $_GET['p']){
-		$filepath = $_GET['p'].$_GET['file_name'];
-		if(file_exists($filepath)){
-			$type = wp_check_filetype($_GET['file_name']);	
-			header('Content-type: ' . $type[$_GET['file_name']]);
-			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
-			header('Content-Length: ' . filesize($filepath));
-			header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
-			flush();
-			readfile($filepath);
-			exit;
-		}
-		else
-		{
-			echo("File not found");
-		}
-	}
-	else
-	{
-		echo("File Unknown");
-	}
-}
-else
-{
-	echo("Session Expired");
-}
-?>
-\ No newline at end of file
diff --git a/config/filemgr/rbfminc/functions.php b/config/filemgr/rbfminc/functions.php
new file mode 100644
index 00000000..bab912a7
--- /dev/null
+++ b/config/filemgr/rbfminc/functions.php
@@ -0,0 +1,221 @@
+<?php
+/*
+	functions.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+function RecursiveFolderDelete($folderPath) {
+	if (is_dir($folderPath )) {
+		foreach (scandir($folderPath) as $value) {
+			if ($value != "." && $value != "..") {
+				$value = $folderPath . "/" . $value;
+				if (is_dir($value)) {
+					RecursiveFolderDelete($value);
+				} elseif (is_file($value)) {
+					@unlink($value);
+				}
+			}
+		}
+		if (!@rmdir($folderPath)) {
+			return FALSE;
+		} else {
+			return TRUE;
+		}
+	} else {
+		return FALSE;
+	}
+}
+
+
+function GetFilePerms($file) {
+	$perms = fileperms($file);
+	
+	if (($perms & 0xC000) == 0xC000) {
+		// Socket
+		$info = 's';
+	} elseif (($perms & 0xA000) == 0xA000) {
+		// Symbolic Link
+		$info = 'l';
+	} elseif (($perms & 0x8000) == 0x8000) {
+		// Regular
+		$info = '-';
+	} elseif (($perms & 0x6000) == 0x6000) {
+		// Block special
+		$info = 'b';
+	} elseif (($perms & 0x4000) == 0x4000) {
+		// Directory
+		$info = 'd';
+	} elseif (($perms & 0x2000) == 0x2000) {
+		// Character special
+		$info = 'c';
+	} elseif (($perms & 0x1000) == 0x1000) {
+		// FIFO pipe
+		$info = 'p';
+	} else {
+		// Unknown
+		$info = '?';
+	}
+
+	// Owner
+	$info .= " " . (($perms & 0x0100) ? 'r' : '-');
+	$info .= (($perms & 0x0080) ? 'w' : '-');
+	$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
+	// Group
+	$info .= " " . (($perms & 0x0020) ? 'r' : '-');
+	$info .= (($perms & 0x0010) ? 'w' : '-');
+	$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
+	// World
+	$info .= " ".(($perms & 0x0004) ? 'r' : '-');
+	$info .= (($perms & 0x0002) ? 'w' : '-');
+	$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
+
+	$info = "[" . substr(sprintf('%o', fileperms($file)), -4) . "] " . $info;
+	return $info;
+}
+
+
+function merge_filters($tag) {
+	global $wp_filter, $merged_filters;
+
+	if (isset($wp_filter['all']) && is_array($wp_filter['all'])) {
+		$wp_filter[$tag] = array_merge($wp_filter['all'], (array) $wp_filter[$tag]);
+	}
+
+	if (isset($wp_filter[$tag])) {
+		reset($wp_filter[$tag]);
+		uksort($wp_filter[$tag], "strnatcasecmp");
+	}
+	$merged_filters[$tag] = true;
+}
+
+
+function apply_filters($tag, $string) {
+	global $wp_filter, $merged_filters;
+
+	if (!isset($merged_filters[$tag])) {
+		merge_filters($tag);
+	}
+
+	if (!isset($wp_filter[$tag])) {
+		return $string;
+	}
+
+	reset($wp_filter[$tag]);
+
+	$args = func_get_args();
+
+	do {
+		foreach ((array)current($wp_filter[$tag]) as $the_) {
+			if (!is_null($the_['function'])) {
+				$args[1] = $string;
+				$string = call_user_func_array($the_['function'], array_slice($args, 1, (int) $the_['accepted_args']));
+			}
+		}
+
+	} while (next($wp_filter[$tag]) !== false);
+
+	return $string;
+} 
+
+
+function wp_check_filetype($filename, $mimes = null) {
+	// Accepted MIME types are set here as PCRE unless provided.
+	$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array(
+		'jpg|jpeg|jpe' => 'image/jpeg',
+		'gif' => 'image/gif',
+		'png' => 'image/png',
+		'bmp' => 'image/bmp',
+		'tif|tiff' => 'image/tiff',
+		'ico' => 'image/x-icon',
+		'asf|asx|wax|wmv|wmx' => 'video/asf',
+		'avi' => 'video/avi',
+		'mov|qt' => 'video/quicktime',
+		'mpeg|mpg|mpe' => 'video/mpeg',
+		'txt|c|cc|h' => 'text/plain',
+		'rtx' => 'text/richtext',
+		'css' => 'text/css',
+		'htm|html' => 'text/html',
+		'php|php3|' => 'application/php',
+		'mp3|mp4' => 'audio/mpeg',
+		'ra|ram' => 'audio/x-realaudio',
+		'wav' => 'audio/wav',
+		'ogg' => 'audio/ogg',
+		'mid|midi' => 'audio/midi',
+		'wma' => 'audio/wma',
+		'rtf' => 'application/rtf',
+		'js' => 'application/javascript',
+		'pdf' => 'application/pdf',
+		'doc' => 'application/msword',
+		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+		'wri' => 'application/vnd.ms-write',
+		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+		'mdb' => 'application/vnd.ms-access',
+		'mpp' => 'application/vnd.ms-project',
+		'swf' => 'application/x-shockwave-flash',
+		'class' => 'application/java',
+		'tar' => 'application/x-tar',
+		'zip' => 'application/zip',
+		'gz|gzip' => 'application/x-gzip',
+		'exe' => 'application/x-msdownload',
+		// openoffice formats
+		'odt' => 'application/vnd.oasis.opendocument.text',
+		'odp' => 'application/vnd.oasis.opendocument.presentation',
+		'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
+		'odg' => 'application/vnd.oasis.opendocument.graphics',
+		'odc' => 'application/vnd.oasis.opendocument.chart',
+		'odb' => 'application/vnd.oasis.opendocument.database',
+		'odf' => 'application/vnd.oasis.opendocument.formula',
+
+	));
+
+	$type = false;
+	$ext = false;
+
+	foreach ($mimes as $ext_preg => $mime_match) {
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
+		if (preg_match($ext_preg, $filename, $ext_matches)) {
+			$type = $mime_match;
+			$ext = $ext_matches[1];
+			break;
+		}
+	}
+
+	return compact('ext', 'type');
+}
+
+
+
+function roundsize($size) {
+	$i=0;
+	$iec = array("B", "Kb", "Mb", "Gb", "Tb");
+	while (($size/1024)>1) {
+		$size=$size/1024;
+		$i++;
+	}
+	return(round($size, 1) . " " . $iec[$i]);
+}
+
+?>
diff --git a/config/filemgr/rbfminc/functions.tmp b/config/filemgr/rbfminc/functions.tmp
deleted file mode 100644
index f06ee69c..00000000
--- a/config/filemgr/rbfminc/functions.tmp
+++ /dev/null
@@ -1,189 +0,0 @@
-<?php
-function RecursiveFolderDelete ( $folderPath )
-{
-	if ( is_dir ( $folderPath ) )
-	{
-		foreach ( scandir ( $folderPath )  as $value )
-		{
-			if ( $value != "." && $value != ".." )
-			{
-				$value = $folderPath . "/" . $value;
-				if ( is_dir ( $value ) )
-				{
-					RecursiveFolderDelete ( $value );
-				}
-				elseif ( is_file ( $value ) )
-				{
-					@unlink ( $value );
-				}
-			}
-		}
-		if(!@rmdir ( $folderPath )){
-			return FALSE;
-		}else{
-			return TRUE;
-		}
-	}
-	else
-	{
-		return FALSE;
-	}
-}
-
-
-
-function GetFilePerms($file) {
-   $perms = fileperms($file);
-   if (($perms & 0xC000) == 0xC000) {$info = 's'; } // Socket
-   elseif (($perms & 0xA000) == 0xA000) {$info = 'l'; } // Symbolic Link
-   elseif (($perms & 0x8000) == 0x8000) {$info = '-'; } // Regular
-   elseif (($perms & 0x6000) == 0x6000) {$info = 'b'; } // Block special
-   elseif (($perms & 0x4000) == 0x4000) {$info = 'd'; } // Directory
-   elseif (($perms & 0x2000) == 0x2000) {$info = 'c'; } // Character special
-   elseif (($perms & 0x1000) == 0x1000) {$info = 'p'; } // FIFO pipe
-   else {$info = '?';} // Unknown
-   // Owner
-   $info .= " ".(($perms & 0x0100) ? 'r' : '-');
-   $info .= (($perms & 0x0080) ? 'w' : '-');
-   $info .= (($perms & 0x0040) ?
-  (($perms & 0x0800) ? 's' : 'x' ) :
-  (($perms & 0x0800) ? 'S' : '-'));
-   // Group
-   $info .= " ".(($perms & 0x0020) ? 'r' : '-');
-   $info .= (($perms & 0x0010) ? 'w' : '-');
-   $info .= (($perms & 0x0008) ?
-    (($perms & 0x0400) ? 's' : 'x' ) :
-    (($perms & 0x0400) ? 'S' : '-'));
-   // World
-   $info .= " ".(($perms & 0x0004) ? 'r' : '-');
-   $info .= (($perms & 0x0002) ? 'w' : '-');
-   $info .= (($perms & 0x0001) ?
-  (($perms & 0x0200) ? 't' : 'x' ) :
-  (($perms & 0x0200) ? 'T' : '-'));
- 
-  $info = "[".substr(sprintf('%o', fileperms($file)), -4)."] ".$info;
- 
- return $info;
-}
-
-
-
-function merge_filters($tag) {
-	global $wp_filter, $merged_filters;
-
-	if ( isset($wp_filter['all']) && is_array($wp_filter['all']) )
-		$wp_filter[$tag] = array_merge($wp_filter['all'], (array) $wp_filter[$tag]);
-
-	if ( isset($wp_filter[$tag]) ){
-		reset($wp_filter[$tag]);
-		uksort($wp_filter[$tag], "strnatcasecmp");
-	}
-	$merged_filters[ $tag ] = true;
-}
-
-
-
-function apply_filters($tag, $string) {
-	global $wp_filter, $merged_filters;
-
-	if ( !isset( $merged_filters[ $tag ] ) )
-		merge_filters($tag);
-
-	if ( !isset($wp_filter[$tag]) )
-		return $string;
-
-	reset( $wp_filter[ $tag ] );
-
-	$args = func_get_args();
-
-	do{
-		foreach( (array) current($wp_filter[$tag]) as $the_ )
-			if ( !is_null($the_['function']) ){
-				$args[1] = $string;
-				$string = call_user_func_array($the_['function'], array_slice($args, 1, (int) $the_['accepted_args']));
-			}
-
-	} while ( next($wp_filter[$tag]) !== false );
-
-	return $string;
-} 
-
-
-
-function wp_check_filetype($filename, $mimes = null) {
-	// Accepted MIME types are set here as PCRE unless provided.
-	$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
-		'jpg|jpeg|jpe' => 'image/jpeg',
-		'gif' => 'image/gif',
-		'png' => 'image/png',
-		'bmp' => 'image/bmp',
-		'tif|tiff' => 'image/tiff',
-		'ico' => 'image/x-icon',
-		'asf|asx|wax|wmv|wmx' => 'video/asf',
-		'avi' => 'video/avi',
-		'mov|qt' => 'video/quicktime',
-		'mpeg|mpg|mpe' => 'video/mpeg',
-		'txt|c|cc|h' => 'text/plain',
-		'rtx' => 'text/richtext',
-		'css' => 'text/css',
-		'htm|html' => 'text/html',
-		'php|php3|' => 'application/php',
-		'mp3|mp4' => 'audio/mpeg',
-		'ra|ram' => 'audio/x-realaudio',
-		'wav' => 'audio/wav',
-		'ogg' => 'audio/ogg',
-		'mid|midi' => 'audio/midi',
-		'wma' => 'audio/wma',
-		'rtf' => 'application/rtf',
-		'js' => 'application/javascript',
-		'pdf' => 'application/pdf',
-		'doc' => 'application/msword',
-		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
-		'wri' => 'application/vnd.ms-write',
-		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
-		'mdb' => 'application/vnd.ms-access',
-		'mpp' => 'application/vnd.ms-project',
-		'swf' => 'application/x-shockwave-flash',
-		'class' => 'application/java',
-		'tar' => 'application/x-tar',
-		'zip' => 'application/zip',
-		'gz|gzip' => 'application/x-gzip',
-		'exe' => 'application/x-msdownload',
-		// openoffice formats
-		'odt' => 'application/vnd.oasis.opendocument.text',
-		'odp' => 'application/vnd.oasis.opendocument.presentation',
-		'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
-		'odg' => 'application/vnd.oasis.opendocument.graphics',
-		'odc' => 'application/vnd.oasis.opendocument.chart',
-		'odb' => 'application/vnd.oasis.opendocument.database',
-		'odf' => 'application/vnd.oasis.opendocument.formula',
-
-	));
-
-	$type = false;
-	$ext = false;
-
-	foreach ($mimes as $ext_preg => $mime_match) {
-		$ext_preg = '!\.(' . $ext_preg . ')$!i';
-		if ( preg_match($ext_preg, $filename, $ext_matches) ) {
-			$type = $mime_match;
-			$ext = $ext_matches[1];
-			break;
-		}
-	}
-
-	return compact('ext', 'type');
-}
-
-
-
-function roundsize($size){
-	$i=0;
-	$iec = array("B", "Kb", "Mb", "Gb", "Tb");
-	while (($size/1024)>1) {
-	$size=$size/1024;
-	$i++;}
-	return(round($size,1)." ".$iec[$i]);
-}
-
-?>
-\ No newline at end of file
diff --git a/config/filemgr/rbfminc/rename.php b/config/filemgr/rbfminc/rename.php
new file mode 100644
index 00000000..27553f18
--- /dev/null
+++ b/config/filemgr/rbfminc/rename.php
@@ -0,0 +1,68 @@
+<?php
+/*
+	rename.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+include("config.php");
+include("session.php");
+
+if ($user_login == 'ok') {
+	include("functions.php");
+?>
+
+<html>
+<head>
+<title>Rename</title>
+</head>
+<body>
+<script type="text/javascript">
+//<![CDATA[
+<?php
+if ($_POST['o'] != $_POST['n']) {
+	if (@rename($_POST['cf'].$_POST['o'], $_POST['cf'].$_POST['n'])) {
+		if ($_POST['t'] == 'd') {
+			echo "alert('Directory successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');";
+		} else {
+			echo "alert('File successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');";
+		}
+	} else {
+		echo <<<EOD
+		alert('Rename error');
+		window.parent.location.href = window.parent.location.href;
+EOD;
+	}
+}
+
+?>
+//]]>
+</script>
+</body>
+</html>
+
+<?php
+}
+?>
diff --git a/config/filemgr/rbfminc/rename.tmp b/config/filemgr/rbfminc/rename.tmp
deleted file mode 100644
index 266e38d4..00000000
--- a/config/filemgr/rbfminc/rename.tmp
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-include "config.php";
-include "session.php";
-
-if($user_login == 'ok'){
-
-	include "functions.php";
-
-?>
-<html>
-<head>
-<title>Rename</title>
-</head>
-<body>
-<script type="text/javascript">
-//<![CDATA[
-<?php
-//print_r($_POST);
-if($_POST['o'] != $_POST['n']){
-	if(@rename($_POST['cf'].$_POST['o'], $_POST['cf'].$_POST['n'])){
-		if($_POST['t'] == 'd'){
-			echo "alert('Directory successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');";
-		}else{
-			echo "alert('File successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');";
-		}
-	}else{
-		echo "
-		alert('Rename error');
-		window.parent.location.href = window.parent.location.href;
-		";
-	}
-}
-
-?>
-//]]>
-</script>
-</body>
-</html>
-<?php
-}
-?>
-\ No newline at end of file
diff --git a/config/filemgr/rbfminc/session.php b/config/filemgr/rbfminc/session.php
new file mode 100644
index 00000000..b616643f
--- /dev/null
+++ b/config/filemgr/rbfminc/session.php
@@ -0,0 +1,58 @@
+<?php
+/*
+	session.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+session_name("file_manager_session");
+
+// Create session
+session_start();
+if (($_POST['login'] == 'login') && ($_POST['username']) && ($_POST['password'])) {
+	$_SESSION = array();
+	$_SESSION['username'] = $_POST['username'];
+	$_SESSION['password'] = $_POST['password'];
+}
+
+if ($_GET['logout'] == "logout") {
+	setcookie('url_field', '', time()-3600);
+	setcookie('current_folder', '', time()-3600);
+	$_SESSION = array();
+	session_destroy();
+	session_unset();
+	header("Location: file_manager.php");
+}
+
+
+if (($_SESSION['username']) && ($_SESSION['password'])) {
+	if (($_SESSION['username'] == $username) && ($_SESSION['password'] == $password)) {
+		$user_login = 'ok';
+	} else {
+		$error_message = "Incorrect username or password!";
+	}
+}
+
+?>
diff --git a/config/filemgr/rbfminc/session.tmp b/config/filemgr/rbfminc/session.tmp
deleted file mode 100644
index 7cfc133d..00000000
--- a/config/filemgr/rbfminc/session.tmp
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-session_name("file_manager_session");
-
-session_start();
-
-/*************************************************************************************************/
-//create session
-if($_POST['login'] == 'login' and $_POST['username'] and $_POST['password']){
-	$_SESSION = array();
-	$_SESSION['username']=$_POST['username'];
-	$_SESSION['password']=$_POST['password'];
-}
-
-if($_GET['logout'] == "logout"){
-	setcookie('url_field', '', time()-3600);
-	setcookie('current_folder', '', time()-3600);
-	$_SESSION = array();
-	session_destroy();
-	session_unset();
-	header("Location: file_manager.php");
-}
-
-
-if($_SESSION['username'] and $_SESSION['password']){
-	if($_SESSION['username'] == $username and $_SESSION['password'] == $password){
-		$user_login = 'ok';
-	}else{
-		$error_message = "Incorect username or password!";
-	}
-}
-
-?>