/admin228c4ef56/filemanager/execute.php

https://gitlab.com/staging06/myproject · PHP · 207 lines · 194 code · 13 blank · 0 comment · 83 complexity · 1234f304fd4e6d80aa64523e48228591 MD5 · raw file 

    

  1. <?php
    2. 

  2. include('config/config.php');
    3. 

  3. if ($_SESSION['verify'] != 'RESPONSIVEfilemanager') {
    4. 

  4.     die('forbiden');
    5. 

  5. }
    6. 

  6. include('include/utils.php');
    7. 

  7. 

  8. $_POST['path_thumb'] = $thumbs_base_path.$_POST['path_thumb'];
    9. 

  9. if (!isset($_POST['path_thumb']) && trim($_POST['path_thumb']) == '') {
    10. 

  10.     die('wrong path');
    11. 

  11. }
    12. 

  12. 

  13. $thumb_pos = strpos($_POST['path_thumb'], $thumbs_base_path);
    14. 

  14. if ($thumb_pos === false
    15. 

  15.     || preg_match('/\.{1,2}[\/|\\\]/', $_POST['path_thumb']) !== 0
    16. 

  16.     || preg_match('/\.{1,2}[\/|\\\]/', $_POST['path']) !== 0
    17. 

  17. ) {
    18. 

  18.     die('wrong path');
    19. 

  19. }
    20. 

  20. 

  21. $language_file = 'lang/en.php';
    22. 

  22. if (isset($_GET['lang']) && $_GET['lang'] != 'undefined' && $_GET['lang'] != '') {
    23. 

  23.     $path_parts = pathinfo($_GET['lang']);
    24. 

  24.     if (is_readable('lang/'.$path_parts['basename'].'.php')) {
    25. 

  25.         $language_file = 'lang/'.$path_parts['basename'].'.php';
    26. 

  26.     }
    27. 

  27. }
    28. 

  28. require_once $language_file;
    29. 

  29. 

  30. $base = $current_path;
    31. 

  31. 

  32. if (isset($_POST['path'])) {
    33. 

  33.     $path = $current_path.str_replace("\0", "", $_POST['path']);
    34. 

  34. } else {
    35. 

  35.     $path = $current_path;
    36. 

  36. }
    37. 

  37. 

  38. $cycle = true;
    39. 

  39. $max_cycles = 50;
    40. 

  40. $i = 0;
    41. 

  41. while ($cycle && $i < $max_cycles) {
    42. 

  42.     $i++;
    43. 

  43.     if ($path == $base) {
    44. 

  44.         $cycle = false;
    45. 

  45.     }
    46. 

  46. 

  47.     if (file_exists($path.'config.php')) {
    48. 

  48.         require_once($path.'config.php');
    49. 

  49.         $cycle = false;
    50. 

  50.     }
    51. 

  51.     $path = fix_dirname($path).'/';
    52. 

  52.     $cycle = false;
    53. 

  53. }
    54. 

  54. 

  55. $path = $current_path.str_replace("\0", "", $_POST['path']);
    56. 

  56. $path_thumb = $_POST['path_thumb'];
    57. 

  57. if (isset($_POST['name'])) {
    58. 

  58.     $name = $_POST['name'];
    59. 

  59.     if (preg_match('/\.{1,2}[\/|\\\]/', $name) !== 0) {
    60. 

  60.         die('wrong name');
    61. 

  61.     }
    62. 

  62. }
    63. 

  63. 

  64. $info = pathinfo($path);
    65. 

  65. if (isset($info['extension']) && !(isset($_GET['action']) && $_GET['action'] == 'delete_folder') && !in_array(strtolower($info['extension']), $ext)) {
    66. 

  66.     die('wrong extension');
    67. 

  67. }
    68. 

  68. 

  69. if (isset($_GET['action'])) {
    70. 

  70.     switch ($_GET['action']) {
    71. 

  71.         case 'delete_file':
    72. 

  72.             if ($delete_files) {
    73. 

  73.                 unlink($path);
    74. 

  74.                 if (file_exists($path_thumb)) {
    75. 

  75.                     unlink($path_thumb);
    76. 

  76.                 }
    77. 

  77. 

  78.                 $info = pathinfo($path);
    79. 

  79.                 if ($relative_image_creation) {
    80. 

  80.                     foreach ($relative_path_from_current_pos as $k => $path) {
    81. 

  81.                         if ($path != '' && $path[strlen($path) - 1] != '/') {
    82. 

  82.                             $path .= '/';
    83. 

  83.                         }
    84. 

  84.                         if (file_exists($info['dirname'].'/'.$path.$relative_image_creation_name_to_prepend[$k].$info['filename'].$relative_image_creation_name_to_append[$k].'.'.$info['extension'])) {
    85. 

  85.                             unlink($info['dirname'].'/'.$path.$relative_image_creation_name_to_prepend[$k].$info['filename'].$relative_image_creation_name_to_append[$k].'.'.$info['extension']);
    86. 

  86.                         }
    87. 

  87.                     }
    88. 

  88.                 }
    89. 

  89. 

  90.                 if ($fixed_image_creation) {
    91. 

  91.                     foreach ($fixed_path_from_filemanager as $k => $path) {
    92. 

  92.                         if ($path != '' && $path[strlen($path) - 1] != '/') {
    93. 

  93.                             $path .= '/';
    94. 

  94.                         }
    95. 

  95.                         $base_dir = $path.substr_replace($info['dirname'].'/', '', 0, strlen($current_path));
    96. 

  96.                         if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension'])) {
    97. 

  97.                             unlink($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension']);
    98. 

  98.                         }
    99. 

  99.                     }
    100. 

  100.                 }
    101. 

  101.             }
    102. 

  102.             break;
    103. 

  103.         case 'delete_folder':
    104. 

  104.             if ($delete_folders) {
    105. 

  105.                 if (is_dir($path_thumb)) {
    106. 

  106.                     deleteDir($path_thumb);
    107. 

  107.                 }
    108. 

  108.                 if (is_dir($path)) {
    109. 

  109.                     deleteDir($path);
    110. 

  110.                     if ($fixed_image_creation) {
    111. 

  111.                         foreach ($fixed_path_from_filemanager as $k => $paths) {
    112. 

  112.                             if ($paths != '' && $paths[strlen($paths) - 1] != '/') {
    113. 

  113.                                 $paths .= '/';
    114. 

  114.                             }
    115. 

  115.                             $base_dir = $paths.substr_replace($path, '', 0, strlen($current_path));
    116. 

  116.                             if (is_dir($base_dir)) {
    117. 

  117.                                 deleteDir($base_dir);
    118. 

  118.                             }
    119. 

  119.                         }
    120. 

  120.                     }
    121. 

  121.                 }
    122. 

  122.             }
    123. 

  123.             break;
    124. 

  124.         case 'create_folder':
    125. 

  125.             if ($create_folders) {
    126. 

  126.                 create_folder(fix_path($path, $transliteration), fix_path($path_thumb, $transliteration));
    127. 

  127.             }
    128. 

  128.             break;
    129. 

  129.         case 'rename_folder':
    130. 

  130.             if ($rename_folders) {
    131. 

  131.                 $name = fix_filename($name, $transliteration);
    132. 

  132.                 $name = str_replace('.', '', $name);
    133. 

  133. 

  134.                 if (!empty($name)) {
    135. 

  135.                     if (!rename_folder($path, $name, $transliteration)) {
    136. 

  136.                         die(lang_Rename_existing_folder);
    137. 

  137.                     }
    138. 

  138.                     rename_folder($path_thumb, $name, $transliteration);
    139. 

  139.                     if ($fixed_image_creation) {
    140. 

  140.                         foreach ($fixed_path_from_filemanager as $k => $paths) {
    141. 

  141.                             if ($paths != '' && $paths[strlen($paths) - 1] != '/') {
    142. 

  142.                                 $paths .= '/';
    143. 

  143.                             }
    144. 

  144.                             $base_dir = $paths.substr_replace($path, '', 0, strlen($current_path));
    145. 

  145.                             rename_folder($base_dir, $name, $transliteration);
    146. 

  146.                         }
    147. 

  147.                     }
    148. 

  148.                 } else {
    149. 

  149.                     die(lang_Empty_name);
    150. 

  150.                 }
    151. 

  151.             }
    152. 

  152.             break;
    153. 

  153.         case 'rename_file':
    154. 

  154.             if ($rename_files) {
    155. 

  155.                 $name = fix_filename($name, $transliteration);
    156. 

  156.                 if (!empty($name)) {
    157. 

  157.                     if (!rename_file($path, $name, $transliteration)) {
    158. 

  158.                         die(lang_Rename_existing_file);
    159. 

  159.                     }
    160. 

  160.                     rename_file($path_thumb, $name, $transliteration);
    161. 

  161.                     if ($fixed_image_creation) {
    162. 

  162.                         $info = pathinfo($path);
    163. 

  163.                         foreach ($fixed_path_from_filemanager as $k => $paths) {
    164. 

  164.                             if ($paths != '' && $paths[strlen($paths) - 1] != '/') {
    165. 

  165.                                 $paths .= '/';
    166. 

  166.                             }
    167. 

  167.                             $base_dir = $paths.substr_replace($info['dirname'].'/', '', 0, strlen($current_path));
    168. 

  168.                             if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension'])) {
    169. 

  169.                                 rename_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension'], $fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k], $transliteration);
    170. 

  170.                             }
    171. 

  171.                         }
    172. 

  172.                     }
    173. 

  173.                 } else {
    174. 

  174.                     die(lang_Empty_name);
    175. 

  175.                 }
    176. 

  176.             }
    177. 

  177.             break;
    178. 

  178.         case 'duplicate_file':
    179. 

  179.             if ($duplicate_files) {
    180. 

  180.                 $name = fix_filename($name, $transliteration);
    181. 

  181.                 if (!empty($name)) {
    182. 

  182.                     if (!duplicate_file($path, $name)) {
    183. 

  183.                         die(lang_Rename_existing_file);
    184. 

  184.                     }
    185. 

  185.                     duplicate_file($path_thumb, $name);
    186. 

  186.                     if ($fixed_image_creation) {
    187. 

  187.                         $info = pathinfo($path);
    188. 

  188.                         foreach ($fixed_path_from_filemanager as $k => $paths) {
    189. 

  189.                             if ($paths != '' && $paths[strlen($paths) - 1] != '/') {
    190. 

  190.                                 $paths .= '/';
    191. 

  191.                             }
    192. 

  192.                             $base_dir = $paths.substr_replace($info['dirname'].'/', '', 0, strlen($current_path));
    193. 

  193.                             if (file_exists($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension'])) {
    194. 

  194.                                 duplicate_file($base_dir.$fixed_image_creation_name_to_prepend[$k].$info['filename'].$fixed_image_creation_to_append[$k].'.'.$info['extension'], $fixed_image_creation_name_to_prepend[$k].$name.$fixed_image_creation_to_append[$k]);
    195. 

  195.                             }
    196. 

  196.                         }
    197. 

  197.                     }
    198. 

  198.                 } else {
    199. 

  199.                     die(lang_Empty_name);
    200. 

  200.                 }
    201. 

  201.             }
    202. 

  202.             break;
    203. 

  203.         default:
    204. 

  204.             die('wrong action');
    205. 

  205.             break;
    206. 

  206.     }
    207. 

  207. }
    208.