diff options
Diffstat (limited to 'config/filemgr/rbfminc')
-rw-r--r-- | config/filemgr/rbfminc/config.php | 123 | ||||
-rw-r--r-- | config/filemgr/rbfminc/config.tmp | 95 | ||||
-rw-r--r-- | config/filemgr/rbfminc/download.php | 69 | ||||
-rw-r--r-- | config/filemgr/rbfminc/download.tmp | 49 | ||||
-rw-r--r-- | config/filemgr/rbfminc/functions.php | 221 | ||||
-rw-r--r-- | config/filemgr/rbfminc/functions.tmp | 189 | ||||
-rw-r--r-- | config/filemgr/rbfminc/rename.php | 68 | ||||
-rw-r--r-- | config/filemgr/rbfminc/rename.tmp | 41 | ||||
-rw-r--r-- | config/filemgr/rbfminc/session.php | 58 | ||||
-rw-r--r-- | config/filemgr/rbfminc/session.tmp | 32 |
10 files changed, 539 insertions, 406 deletions
diff --git a/config/filemgr/rbfminc/config.php b/config/filemgr/rbfminc/config.php new file mode 100644 index 00000000..776abf58 --- /dev/null +++ b/config/filemgr/rbfminc/config.php @@ -0,0 +1,123 @@ +<?php +/* + config.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +// Initial folder +$initial_folder = "/"; +// 0 = you can browse all files on the server; +// 1= you can browse only the $initial_folder and below +$only_below = 0; + +// Login info {Please change the initial username and password} +$username = 'admin'; +$password = 'admin'; + +/* ==================================== */ +/* BEGIN Protect against GLOBALS tricks */ +if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])) { + die("Hacking attempt"); +} + +if (isset($_SESSION) && !is_array($_SESSION)) { + die("Hacking attempt"); +} + +if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { + $not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES'); + + if (!isset($_SESSION) || !is_array($_SESSION)) { + $_SESSION = array(); + } + $input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)) { + if (in_array($var, $not_unset)) { + die('Hacking attempt!'); + } + unset($$var); + } + + unset($input); +} + +if (!get_magic_quotes_gpc()) { + if (is_array($_GET)) { + while (list($k, $v) = each($_GET)) { + if (is_array($_GET[$k])) { + while (list($k2, $v2) = each($_GET[$k])) { + $_GET[$k][$k2] = addslashes($v2); + } + @reset($_GET[$k]); + } else { + $_GET[$k] = addslashes($v); + } + } + @reset($_GET); + } + + if (is_array($_POST)) { + while (list($k, $v) = each($_POST)) { + if (is_array($_POST[$k])) { + while (list($k2, $v2) = each($_POST[$k])) { + $_POST[$k][$k2] = addslashes($v2); + } + @reset($_POST[$k]); + } else { + $_POST[$k] = addslashes($v); + } + } + @reset($_POST); + } + + if (is_array($_COOKIE)) { + while (list($k, $v) = each($_COOKIE)) { + if (is_array($_COOKIE[$k])) { + while (list($k2, $v2) = each($_COOKIE[$k])) { + $_COOKIE[$k][$k2] = addslashes($v2); + } + @reset($_COOKIE[$k]); + } else { + $_COOKIE[$k] = addslashes($v); + } + } + @reset($_COOKIE); + } +} +/* END Protect against GLOBALS tricks */ +/* ==================================== */ + +/* +if ($username == 'admin' and $password == 'admin') { + $security_issues = "<div align=\"center\" style=\"color: red;\"><strong>Security issue</strong>: Please change your username or password</div>"; +} +*/ +$security_issues = "<br />"; +?> diff --git a/config/filemgr/rbfminc/config.tmp b/config/filemgr/rbfminc/config.tmp deleted file mode 100644 index 405514f8..00000000 --- a/config/filemgr/rbfminc/config.tmp +++ /dev/null @@ -1,95 +0,0 @@ -<?php - - -$initial_folder = "/"; //initial folder -$only_below = 0; // 0=you can brows all server; 1=you can brows only the $initial_folder and below - -//Login info {Please change the initial username and password} -$username = 'admin'; -$password = 'admin'; - - - -/***********************************/ -// Protect against GLOBALS tricks -if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])){ - die("Hacking attempt"); -} - -if (isset($_SESSION) && !is_array($_SESSION)){ - die("Hacking attempt"); -} - -if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){ - $not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES'); - - if (!isset($_SESSION) || !is_array($_SESSION)){ - $_SESSION = array(); - } - $input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES); - - unset($input['input']); - unset($input['not_unset']); - - while (list($var,) = @each($input)){ - if (in_array($var, $not_unset)){ - die('Hacking attempt!'); - } - unset($$var); - } - - unset($input); -} - -if( !get_magic_quotes_gpc() ){ - if( is_array($_GET) ){ - while( list($k, $v) = each($_GET) ){ - if( is_array($_GET[$k]) ) - { - while( list($k2, $v2) = each($_GET[$k]) ){ - $_GET[$k][$k2] = addslashes($v2); - } - @reset($_GET[$k]); - }else{ - $_GET[$k] = addslashes($v); - } - } - @reset($_GET); - } - - if( is_array($_POST) ){ - while( list($k, $v) = each($_POST) ){ - if( is_array($_POST[$k]) ) - { - while( list($k2, $v2) = each($_POST[$k]) ){ - $_POST[$k][$k2] = addslashes($v2); - } - @reset($_POST[$k]); - }else{ - $_POST[$k] = addslashes($v); - } - } - @reset($_POST); - } - - if( is_array($_COOKIE) ){ - while( list($k, $v) = each($_COOKIE) ){ - if( is_array($_COOKIE[$k]) ){ - while( list($k2, $v2) = each($_COOKIE[$k]) ){ - $_COOKIE[$k][$k2] = addslashes($v2); - } - @reset($_COOKIE[$k]); - }else{ - $_COOKIE[$k] = addslashes($v); - } - } - @reset($_COOKIE); - } -} -//END Protect against GLOBALS tricks -/***********************************/ -//if($username == 'admin' and $password == 'admin'){ - //$security_issues = "<div align=\"center\" style=\"color: red;\"><b>Security issue</b>: Please change your username or password</div>"; -//} -$security_issues = "<br />"; -?> diff --git a/config/filemgr/rbfminc/download.php b/config/filemgr/rbfminc/download.php new file mode 100644 index 00000000..88ff1788 --- /dev/null +++ b/config/filemgr/rbfminc/download.php @@ -0,0 +1,69 @@ +<?php +/* + download.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +include_once("auth.inc"); +include("functions.php"); + +// Set the cache policy +ob_end_clean(); +header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +// Gets the parameters +$_GET['file_name'] = urldecode($_GET['file_name']); +$_GET['p'] = urldecode($_GET['p']); + +// Check Authentication +$candownload = false; +$candownload = session_auth(); +if ($candownload) { + if (($_GET['file_name']) && ($_GET['p'])) { + $filepath = $_GET['p'].$_GET['file_name']; + if (file_exists($filepath)) { + $type = wp_check_filetype($_GET['file_name']); + header('Content-type: ' . $type[$_GET['file_name']]); + header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); + header('Content-Length: ' . filesize($filepath)); + header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200); + flush(); + readfile($filepath); + exit; + } else { + echo "File not found"; + } + } else { + echo "File Unknown"; + } +} else { + echo "Session Expired"; +} + +?> diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp deleted file mode 100644 index badc6d19..00000000 --- a/config/filemgr/rbfminc/download.tmp +++ /dev/null @@ -1,49 +0,0 @@ -<?php -include_once("auth.inc"); -include "functions.php"; -//Set the cache policy -ob_end_clean(); -header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); -//Gets the parameters -$_GET['file_name'] = urldecode($_GET['file_name']); -$_GET['p'] = urldecode($_GET['p']); -//Check Authentication -$candownload = false; -if (function_exists("session_auth")) - {//pfSense 2.X - $candownload = session_auth();} -else - {//pfSense 1.2.3 - $candownload = htpasswd_backed_basic_auth();} -if ($candownload) -{ - if($_GET['file_name'] and $_GET['p']){ - $filepath = $_GET['p'].$_GET['file_name']; - if(file_exists($filepath)){ - $type = wp_check_filetype($_GET['file_name']); - header('Content-type: ' . $type[$_GET['file_name']]); - header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); - header('Content-Length: ' . filesize($filepath)); - header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200); - flush(); - readfile($filepath); - exit; - } - else - { - echo("File not found"); - } - } - else - { - echo("File Unknown"); - } -} -else -{ - echo("Session Expired"); -} -?>
\ No newline at end of file diff --git a/config/filemgr/rbfminc/functions.php b/config/filemgr/rbfminc/functions.php new file mode 100644 index 00000000..bab912a7 --- /dev/null +++ b/config/filemgr/rbfminc/functions.php @@ -0,0 +1,221 @@ +<?php +/* + functions.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +function RecursiveFolderDelete($folderPath) { + if (is_dir($folderPath )) { + foreach (scandir($folderPath) as $value) { + if ($value != "." && $value != "..") { + $value = $folderPath . "/" . $value; + if (is_dir($value)) { + RecursiveFolderDelete($value); + } elseif (is_file($value)) { + @unlink($value); + } + } + } + if (!@rmdir($folderPath)) { + return FALSE; + } else { + return TRUE; + } + } else { + return FALSE; + } +} + + +function GetFilePerms($file) { + $perms = fileperms($file); + + if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; + } elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; + } elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; + } elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; + } elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; + } elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; + } elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; + } else { + // Unknown + $info = '?'; + } + + // Owner + $info .= " " . (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); + // Group + $info .= " " . (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); + // World + $info .= " ".(($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); + + $info = "[" . substr(sprintf('%o', fileperms($file)), -4) . "] " . $info; + return $info; +} + + +function merge_filters($tag) { + global $wp_filter, $merged_filters; + + if (isset($wp_filter['all']) && is_array($wp_filter['all'])) { + $wp_filter[$tag] = array_merge($wp_filter['all'], (array) $wp_filter[$tag]); + } + + if (isset($wp_filter[$tag])) { + reset($wp_filter[$tag]); + uksort($wp_filter[$tag], "strnatcasecmp"); + } + $merged_filters[$tag] = true; +} + + +function apply_filters($tag, $string) { + global $wp_filter, $merged_filters; + + if (!isset($merged_filters[$tag])) { + merge_filters($tag); + } + + if (!isset($wp_filter[$tag])) { + return $string; + } + + reset($wp_filter[$tag]); + + $args = func_get_args(); + + do { + foreach ((array)current($wp_filter[$tag]) as $the_) { + if (!is_null($the_['function'])) { + $args[1] = $string; + $string = call_user_func_array($the_['function'], array_slice($args, 1, (int) $the_['accepted_args'])); + } + } + + } while (next($wp_filter[$tag]) !== false); + + return $string; +} + + +function wp_check_filetype($filename, $mimes = null) { + // Accepted MIME types are set here as PCRE unless provided. + $mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array( + 'jpg|jpeg|jpe' => 'image/jpeg', + 'gif' => 'image/gif', + 'png' => 'image/png', + 'bmp' => 'image/bmp', + 'tif|tiff' => 'image/tiff', + 'ico' => 'image/x-icon', + 'asf|asx|wax|wmv|wmx' => 'video/asf', + 'avi' => 'video/avi', + 'mov|qt' => 'video/quicktime', + 'mpeg|mpg|mpe' => 'video/mpeg', + 'txt|c|cc|h' => 'text/plain', + 'rtx' => 'text/richtext', + 'css' => 'text/css', + 'htm|html' => 'text/html', + 'php|php3|' => 'application/php', + 'mp3|mp4' => 'audio/mpeg', + 'ra|ram' => 'audio/x-realaudio', + 'wav' => 'audio/wav', + 'ogg' => 'audio/ogg', + 'mid|midi' => 'audio/midi', + 'wma' => 'audio/wma', + 'rtf' => 'application/rtf', + 'js' => 'application/javascript', + 'pdf' => 'application/pdf', + 'doc' => 'application/msword', + 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', + 'wri' => 'application/vnd.ms-write', + 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', + 'mdb' => 'application/vnd.ms-access', + 'mpp' => 'application/vnd.ms-project', + 'swf' => 'application/x-shockwave-flash', + 'class' => 'application/java', + 'tar' => 'application/x-tar', + 'zip' => 'application/zip', + 'gz|gzip' => 'application/x-gzip', + 'exe' => 'application/x-msdownload', + // openoffice formats + 'odt' => 'application/vnd.oasis.opendocument.text', + 'odp' => 'application/vnd.oasis.opendocument.presentation', + 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', + 'odg' => 'application/vnd.oasis.opendocument.graphics', + 'odc' => 'application/vnd.oasis.opendocument.chart', + 'odb' => 'application/vnd.oasis.opendocument.database', + 'odf' => 'application/vnd.oasis.opendocument.formula', + + )); + + $type = false; + $ext = false; + + foreach ($mimes as $ext_preg => $mime_match) { + $ext_preg = '!\.(' . $ext_preg . ')$!i'; + if (preg_match($ext_preg, $filename, $ext_matches)) { + $type = $mime_match; + $ext = $ext_matches[1]; + break; + } + } + + return compact('ext', 'type'); +} + + + +function roundsize($size) { + $i=0; + $iec = array("B", "Kb", "Mb", "Gb", "Tb"); + while (($size/1024)>1) { + $size=$size/1024; + $i++; + } + return(round($size, 1) . " " . $iec[$i]); +} + +?> diff --git a/config/filemgr/rbfminc/functions.tmp b/config/filemgr/rbfminc/functions.tmp deleted file mode 100644 index f06ee69c..00000000 --- a/config/filemgr/rbfminc/functions.tmp +++ /dev/null @@ -1,189 +0,0 @@ -<?php -function RecursiveFolderDelete ( $folderPath ) -{ - if ( is_dir ( $folderPath ) ) - { - foreach ( scandir ( $folderPath ) as $value ) - { - if ( $value != "." && $value != ".." ) - { - $value = $folderPath . "/" . $value; - if ( is_dir ( $value ) ) - { - RecursiveFolderDelete ( $value ); - } - elseif ( is_file ( $value ) ) - { - @unlink ( $value ); - } - } - } - if(!@rmdir ( $folderPath )){ - return FALSE; - }else{ - return TRUE; - } - } - else - { - return FALSE; - } -} - - - -function GetFilePerms($file) { - $perms = fileperms($file); - if (($perms & 0xC000) == 0xC000) {$info = 's'; } // Socket - elseif (($perms & 0xA000) == 0xA000) {$info = 'l'; } // Symbolic Link - elseif (($perms & 0x8000) == 0x8000) {$info = '-'; } // Regular - elseif (($perms & 0x6000) == 0x6000) {$info = 'b'; } // Block special - elseif (($perms & 0x4000) == 0x4000) {$info = 'd'; } // Directory - elseif (($perms & 0x2000) == 0x2000) {$info = 'c'; } // Character special - elseif (($perms & 0x1000) == 0x1000) {$info = 'p'; } // FIFO pipe - else {$info = '?';} // Unknown - // Owner - $info .= " ".(($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - // Group - $info .= " ".(($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - // World - $info .= " ".(($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - - $info = "[".substr(sprintf('%o', fileperms($file)), -4)."] ".$info; - - return $info; -} - - - -function merge_filters($tag) { - global $wp_filter, $merged_filters; - - if ( isset($wp_filter['all']) && is_array($wp_filter['all']) ) - $wp_filter[$tag] = array_merge($wp_filter['all'], (array) $wp_filter[$tag]); - - if ( isset($wp_filter[$tag]) ){ - reset($wp_filter[$tag]); - uksort($wp_filter[$tag], "strnatcasecmp"); - } - $merged_filters[ $tag ] = true; -} - - - -function apply_filters($tag, $string) { - global $wp_filter, $merged_filters; - - if ( !isset( $merged_filters[ $tag ] ) ) - merge_filters($tag); - - if ( !isset($wp_filter[$tag]) ) - return $string; - - reset( $wp_filter[ $tag ] ); - - $args = func_get_args(); - - do{ - foreach( (array) current($wp_filter[$tag]) as $the_ ) - if ( !is_null($the_['function']) ){ - $args[1] = $string; - $string = call_user_func_array($the_['function'], array_slice($args, 1, (int) $the_['accepted_args'])); - } - - } while ( next($wp_filter[$tag]) !== false ); - - return $string; -} - - - -function wp_check_filetype($filename, $mimes = null) { - // Accepted MIME types are set here as PCRE unless provided. - $mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array ( - 'jpg|jpeg|jpe' => 'image/jpeg', - 'gif' => 'image/gif', - 'png' => 'image/png', - 'bmp' => 'image/bmp', - 'tif|tiff' => 'image/tiff', - 'ico' => 'image/x-icon', - 'asf|asx|wax|wmv|wmx' => 'video/asf', - 'avi' => 'video/avi', - 'mov|qt' => 'video/quicktime', - 'mpeg|mpg|mpe' => 'video/mpeg', - 'txt|c|cc|h' => 'text/plain', - 'rtx' => 'text/richtext', - 'css' => 'text/css', - 'htm|html' => 'text/html', - 'php|php3|' => 'application/php', - 'mp3|mp4' => 'audio/mpeg', - 'ra|ram' => 'audio/x-realaudio', - 'wav' => 'audio/wav', - 'ogg' => 'audio/ogg', - 'mid|midi' => 'audio/midi', - 'wma' => 'audio/wma', - 'rtf' => 'application/rtf', - 'js' => 'application/javascript', - 'pdf' => 'application/pdf', - 'doc' => 'application/msword', - 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', - 'wri' => 'application/vnd.ms-write', - 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', - 'mdb' => 'application/vnd.ms-access', - 'mpp' => 'application/vnd.ms-project', - 'swf' => 'application/x-shockwave-flash', - 'class' => 'application/java', - 'tar' => 'application/x-tar', - 'zip' => 'application/zip', - 'gz|gzip' => 'application/x-gzip', - 'exe' => 'application/x-msdownload', - // openoffice formats - 'odt' => 'application/vnd.oasis.opendocument.text', - 'odp' => 'application/vnd.oasis.opendocument.presentation', - 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', - 'odg' => 'application/vnd.oasis.opendocument.graphics', - 'odc' => 'application/vnd.oasis.opendocument.chart', - 'odb' => 'application/vnd.oasis.opendocument.database', - 'odf' => 'application/vnd.oasis.opendocument.formula', - - )); - - $type = false; - $ext = false; - - foreach ($mimes as $ext_preg => $mime_match) { - $ext_preg = '!\.(' . $ext_preg . ')$!i'; - if ( preg_match($ext_preg, $filename, $ext_matches) ) { - $type = $mime_match; - $ext = $ext_matches[1]; - break; - } - } - - return compact('ext', 'type'); -} - - - -function roundsize($size){ - $i=0; - $iec = array("B", "Kb", "Mb", "Gb", "Tb"); - while (($size/1024)>1) { - $size=$size/1024; - $i++;} - return(round($size,1)." ".$iec[$i]); -} - -?>
\ No newline at end of file diff --git a/config/filemgr/rbfminc/rename.php b/config/filemgr/rbfminc/rename.php new file mode 100644 index 00000000..27553f18 --- /dev/null +++ b/config/filemgr/rbfminc/rename.php @@ -0,0 +1,68 @@ +<?php +/* + rename.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +include("config.php"); +include("session.php"); + +if ($user_login == 'ok') { + include("functions.php"); +?> + +<html> +<head> +<title>Rename</title> +</head> +<body> +<script type="text/javascript"> +//<![CDATA[ +<?php +if ($_POST['o'] != $_POST['n']) { + if (@rename($_POST['cf'].$_POST['o'], $_POST['cf'].$_POST['n'])) { + if ($_POST['t'] == 'd') { + echo "alert('Directory successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');"; + } else { + echo "alert('File successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');"; + } + } else { + echo <<<EOD + alert('Rename error'); + window.parent.location.href = window.parent.location.href; +EOD; + } +} + +?> +//]]> +</script> +</body> +</html> + +<?php +} +?> diff --git a/config/filemgr/rbfminc/rename.tmp b/config/filemgr/rbfminc/rename.tmp deleted file mode 100644 index 266e38d4..00000000 --- a/config/filemgr/rbfminc/rename.tmp +++ /dev/null @@ -1,41 +0,0 @@ -<?php -include "config.php"; -include "session.php"; - -if($user_login == 'ok'){ - - include "functions.php"; - -?> -<html> -<head> -<title>Rename</title> -</head> -<body> -<script type="text/javascript"> -//<![CDATA[ -<?php -//print_r($_POST); -if($_POST['o'] != $_POST['n']){ - if(@rename($_POST['cf'].$_POST['o'], $_POST['cf'].$_POST['n'])){ - if($_POST['t'] == 'd'){ - echo "alert('Directory successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');"; - }else{ - echo "alert('File successfuly renamed from \"{$_POST['o']}\" to \"{$_POST['n']}\"');"; - } - }else{ - echo " - alert('Rename error'); - window.parent.location.href = window.parent.location.href; - "; - } -} - -?> -//]]> -</script> -</body> -</html> -<?php -} -?>
\ No newline at end of file diff --git a/config/filemgr/rbfminc/session.php b/config/filemgr/rbfminc/session.php new file mode 100644 index 00000000..b616643f --- /dev/null +++ b/config/filemgr/rbfminc/session.php @@ -0,0 +1,58 @@ +<?php +/* + session.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +session_name("file_manager_session"); + +// Create session +session_start(); +if (($_POST['login'] == 'login') && ($_POST['username']) && ($_POST['password'])) { + $_SESSION = array(); + $_SESSION['username'] = $_POST['username']; + $_SESSION['password'] = $_POST['password']; +} + +if ($_GET['logout'] == "logout") { + setcookie('url_field', '', time()-3600); + setcookie('current_folder', '', time()-3600); + $_SESSION = array(); + session_destroy(); + session_unset(); + header("Location: file_manager.php"); +} + + +if (($_SESSION['username']) && ($_SESSION['password'])) { + if (($_SESSION['username'] == $username) && ($_SESSION['password'] == $password)) { + $user_login = 'ok'; + } else { + $error_message = "Incorrect username or password!"; + } +} + +?> diff --git a/config/filemgr/rbfminc/session.tmp b/config/filemgr/rbfminc/session.tmp deleted file mode 100644 index 7cfc133d..00000000 --- a/config/filemgr/rbfminc/session.tmp +++ /dev/null @@ -1,32 +0,0 @@ -<?php -session_name("file_manager_session"); - -session_start(); - -/*************************************************************************************************/ -//create session -if($_POST['login'] == 'login' and $_POST['username'] and $_POST['password']){ - $_SESSION = array(); - $_SESSION['username']=$_POST['username']; - $_SESSION['password']=$_POST['password']; -} - -if($_GET['logout'] == "logout"){ - setcookie('url_field', '', time()-3600); - setcookie('current_folder', '', time()-3600); - $_SESSION = array(); - session_destroy(); - session_unset(); - header("Location: file_manager.php"); -} - - -if($_SESSION['username'] and $_SESSION['password']){ - if($_SESSION['username'] == $username and $_SESSION['password'] == $password){ - $user_login = 'ok'; - }else{ - $error_message = "Incorect username or password!"; - } -} - -?> |