From 7d9d110d16f0c073c068f030b35b0e6964a76da9 Mon Sep 17 00:00:00 2001
From: Maxim Stewart <maximstewart1@gmail.com>
Date: Fri, 20 Apr 2018 05:51:39 -0500
Subject: [PATCH] Set additional video options plus secured against notn dir
 scan

---
 resources/js/ajax.js      | 12 ++++++--
 resources/php/open.php    |  2 +-
 resources/php/process.php | 64 ++++++++++++++++++++-------------------
 3 files changed, 43 insertions(+), 35 deletions(-)

diff --git a/resources/js/ajax.js b/resources/js/ajax.js
index e915fe9..188289d 100644
--- a/resources/js/ajax.js
+++ b/resources/js/ajax.js
@@ -35,7 +35,7 @@ function getDir(query) {
     // Create path from array of items
     for (pathNode of pathNodes) { path += pathNode; }
 
-    formULPTH.value    = path;                             // Used when upoading a file
+    formULPTH.value    = path;                             // Used when uploading a file
     path               = "dirQuery=" + path;
     process(path);
 }
@@ -48,7 +48,13 @@ function process(path) {
     xhttp.onreadystatechange = function() {
         if (this.readyState === 4 && this.status === 200) {
             // Send the returned data to further process
-            updatePage(this.responseXML);
+            if (this.responseXML != null) {
+                updatePage(this.responseXML);
+            } else {
+                document.getElementById('dynDiv').innerHTML =
+                "<p class=\"error\" style=\"width:100%;text-align:center;\"> "
+                + "No content returned. Check the folder path.</p>";
+            }
         }
     };
     xhttp.open("POST", "resources/php/process.php", true); // Open the connection
@@ -57,7 +63,7 @@ function process(path) {
     xhttp.send(path);                                      // Start the process
 
     // Use a cookie for persistence during browser session....
-    document.cookie = path  +"; path=" + document.URL;
+    document.cookie = path  +"; path=" + document.URL + "; expires=Sun, 31 Dec 2034 12:00:00 UTC";
 }
 
 function updatePage(returnData) {
diff --git a/resources/php/open.php b/resources/php/open.php
index eaa0cce..066dcbd 100644
--- a/resources/php/open.php
+++ b/resources/php/open.php
@@ -4,7 +4,7 @@ function openFile($FILE) {
     include 'config.php';
     $EXTNSN = strtolower(pathinfo($FILE, PATHINFO_EXTENSION));
 
-    if (preg_match('(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg)', $EXTNSN) === 1) {
+    if (preg_match('(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)', $EXTNSN) === 1) {
         shell_exec($MEDIAPLAYER . $MPLAYER_WH . "\"" . $FILE . "\" > /dev/null &");
     } else if (preg_match('(png|jpg|jpeg|gif)', $EXTNSN) === 1) {
         shell_exec($IMGVIEWER . ' "' . $FILE . '" > /dev/null &');
diff --git a/resources/php/process.php b/resources/php/process.php
index 9358550..1112b48 100644
--- a/resources/php/process.php
+++ b/resources/php/process.php
@@ -1,41 +1,43 @@
 <?php
  // Retrieve data
 function dirListing($PATH) {
-    $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
-                    . "<PATH_HEAD>" . $PATH . "</PATH_HEAD>";
+    if (is_dir($PATH)) {
+        $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
+                        . "<PATH_HEAD>" . $PATH . "</PATH_HEAD>";
 
-    $dirContents = scandir($PATH);
-    foreach ($dirContents as $fileName) {
-        $fullPath = $PATH . $fileName;
+        $dirContents = scandir($PATH);
+        foreach ($dirContents as $fileName) {
+            $fullPath = $PATH . $fileName;
 
-        if (is_dir($PATH . $fileName)) {
-           $GeneratedXML .= "<DIR>" . $fileName . "/</DIR>";
-       } elseif (preg_match('/^.*\.(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)$/i', strtolower($fileName))) {
-           $NAMEHASH = hash('sha256', $fileName);
-           if (!file_exists('resources/images/thumbnails/' . $NAMEHASH . '.jpg')) {
-               shell_exec('resources/ffmpegthumbnailer -t 65% -s 320 -c jpg -i "'
-                          . $fullPath . '" -o resources/images/thumbnails/'
-                          . $NAMEHASH . '.jpg');
+            if (is_dir($PATH . $fileName)) {
+               $GeneratedXML .= "<DIR>" . $fileName . "/</DIR>";
+           } elseif (preg_match('/^.*\.(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)$/i', strtolower($fileName))) {
+               $NAMEHASH = hash('sha256', $fileName);
+               if (!file_exists('resources/images/thumbnails/' . $NAMEHASH . '.jpg')) {
+                   shell_exec('resources/ffmpegthumbnailer -t 65% -s 320 -c jpg -i "'
+                              . $fullPath . '" -o resources/images/thumbnails/'
+                              . $NAMEHASH . '.jpg');
+               }
+               $GeneratedXML .=
+               "<VID_FILE>"
+                 . "<VID_IMG>/resources/images/thumbnails/" . $NAMEHASH . ".jpg</VID_IMG>"
+                 . "<VID_NAME>" . $fileName . "</VID_NAME>" .
+               "</VID_FILE>";
+           } elseif (preg_match('/^.*\.(png|jpg|gif|jpeg)$/i', strtolower($fileName))) {
+                $GeneratedXML .=
+                "<IMG_FILE>"
+                  . "<IMAGE_NAME>" . $fileName . "</IMAGE_NAME>"
+                  . "</IMG_FILE>";
+            } else {
+               $GeneratedXML .=
+               "<FILE>"
+                 . "<FILE_NAME>" . $fileName . "</FILE_NAME>"
+                 . "</FILE>";
            }
-           $GeneratedXML .=
-           "<VID_FILE>"
-             . "<VID_IMG>/resources/images/thumbnails/" . $NAMEHASH . ".jpg</VID_IMG>"
-             . "<VID_NAME>" . $fileName . "</VID_NAME>" .
-           "</VID_FILE>";
-       } elseif (preg_match('/^.*\.(png|jpg|gif|jpeg)$/i', strtolower($fileName))) {
-            $GeneratedXML .=
-            "<IMG_FILE>"
-              . "<IMAGE_NAME>" . $fileName . "</IMAGE_NAME>"
-              . "</IMG_FILE>";
-        } else {
-           $GeneratedXML .=
-           "<FILE>"
-             . "<FILE_NAME>" . $fileName . "</FILE_NAME>"
-             . "</FILE>";
-       }
+        }
+        $GeneratedXML .= "</DIR_LIST>";
+        echo $GeneratedXML;
     }
-    $GeneratedXML .= "</DIR_LIST>";
-    echo $GeneratedXML;
 }
 
 // Determin action