Set additional video options plus secured against notn dir scan

2018-04-20 05:51:39 -05:00 · 2018-04-20 05:51:39 -05:00 · 7d9d110d16
parent e0097e173e
commit 7d9d110d16
3 changed files with 43 additions and 35 deletions
--- a/resources/js/ajax.js
+++ b/resources/js/ajax.js
@ -35,7 +35,7 @@ function getDir(query) {
    // Create path from array of items
    for (pathNode of pathNodes) { path += pathNode; }
-    formULPTH.value    = path;                             // Used when upoading a file
+    formULPTH.value    = path;                             // Used when uploading a file
    path               = "dirQuery=" + path;
    process(path);
 }
@ -48,7 +48,13 @@ function process(path) {
    xhttp.onreadystatechange = function() {
        if (this.readyState === 4 && this.status === 200) {
            // Send the returned data to further process
-            updatePage(this.responseXML);
+            if (this.responseXML != null) {
                updatePage(this.responseXML);
            } else {
                document.getElementById('dynDiv').innerHTML =
                "<p class=\"error\" style=\"width:100%;text-align:center;\"> "
                + "No content returned. Check the folder path.</p>";
            }
        }
    };
    xhttp.open("POST", "resources/php/process.php", true); // Open the connection
@ -57,7 +63,7 @@ function process(path) {
    xhttp.send(path);                                      // Start the process
    // Use a cookie for persistence during browser session....
-    document.cookie = path  +"; path=" + document.URL;
+    document.cookie = path  +"; path=" + document.URL + "; expires=Sun, 31 Dec 2034 12:00:00 UTC";
 }
 function updatePage(returnData) {
--- a/resources/php/open.php
+++ b/resources/php/open.php
@ -4,7 +4,7 @@ function openFile($FILE) {
    include 'config.php';
    $EXTNSN = strtolower(pathinfo($FILE, PATHINFO_EXTENSION));
-    if (preg_match('(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg)', $EXTNSN) === 1) {
+    if (preg_match('(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)', $EXTNSN) === 1) {
        shell_exec($MEDIAPLAYER . $MPLAYER_WH . "\"" . $FILE . "\" > /dev/null &");
    } else if (preg_match('(png|jpg|jpeg|gif)', $EXTNSN) === 1) {
        shell_exec($IMGVIEWER . ' "' . $FILE . '" > /dev/null &');
--- a/resources/php/process.php
+++ b/resources/php/process.php
@ -1,41 +1,43 @@
 <?php
 // Retrieve data
 function dirListing($PATH) {
-    $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
+    if (is_dir($PATH)) {
-                    . "<PATH_HEAD>" . $PATH . "</PATH_HEAD>";
+        $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
                        . "<PATH_HEAD>" . $PATH . "</PATH_HEAD>";
-    $dirContents = scandir($PATH);
+        $dirContents = scandir($PATH);
-    foreach ($dirContents as $fileName) {
+        foreach ($dirContents as $fileName) {
-        $fullPath = $PATH . $fileName;
+            $fullPath = $PATH . $fileName;
-        if (is_dir($PATH . $fileName)) {
+            if (is_dir($PATH . $fileName)) {
-           $GeneratedXML .= "<DIR>" . $fileName . "/</DIR>";
+               $GeneratedXML .= "<DIR>" . $fileName . "/</DIR>";
-       } elseif (preg_match('/^.*\.(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)$/i', strtolower($fileName))) {
+           } elseif (preg_match('/^.*\.(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)$/i', strtolower($fileName))) {
-           $NAMEHASH = hash('sha256', $fileName);
+               $NAMEHASH = hash('sha256', $fileName);
-           if (!file_exists('resources/images/thumbnails/' . $NAMEHASH . '.jpg')) {
+               if (!file_exists('resources/images/thumbnails/' . $NAMEHASH . '.jpg')) {
-               shell_exec('resources/ffmpegthumbnailer -t 65% -s 320 -c jpg -i "'
+                   shell_exec('resources/ffmpegthumbnailer -t 65% -s 320 -c jpg -i "'
-                          . $fullPath . '" -o resources/images/thumbnails/'
+                              . $fullPath . '" -o resources/images/thumbnails/'
-                          . $NAMEHASH . '.jpg');
+                              . $NAMEHASH . '.jpg');
               }
               $GeneratedXML .=
               "<VID_FILE>"
                 . "<VID_IMG>/resources/images/thumbnails/" . $NAMEHASH . ".jpg</VID_IMG>"
                 . "<VID_NAME>" . $fileName . "</VID_NAME>" .
               "</VID_FILE>";
           } elseif (preg_match('/^.*\.(png|jpg|gif|jpeg)$/i', strtolower($fileName))) {
                $GeneratedXML .=
                "<IMG_FILE>"
                  . "<IMAGE_NAME>" . $fileName . "</IMAGE_NAME>"
                  . "</IMG_FILE>";
            } else {
               $GeneratedXML .=
               "<FILE>"
                 . "<FILE_NAME>" . $fileName . "</FILE_NAME>"
                 . "</FILE>";
           }
-           $GeneratedXML .=
+        }
-           "<VID_FILE>"
+        $GeneratedXML .= "</DIR_LIST>";
-             . "<VID_IMG>/resources/images/thumbnails/" . $NAMEHASH . ".jpg</VID_IMG>"
+        echo $GeneratedXML;
             . "<VID_NAME>" . $fileName . "</VID_NAME>" .
           "</VID_FILE>";
       } elseif (preg_match('/^.*\.(png|jpg|gif|jpeg)$/i', strtolower($fileName))) {
            $GeneratedXML .=
            "<IMG_FILE>"
              . "<IMAGE_NAME>" . $fileName . "</IMAGE_NAME>"
              . "</IMG_FILE>";
        } else {
           $GeneratedXML .=
           "<FILE>"
             . "<FILE_NAME>" . $fileName . "</FILE_NAME>"
             . "</FILE>";
       }
    }
    $GeneratedXML .= "</DIR_LIST>";
    echo $GeneratedXML;
 }
 // Determin action