From 9239a1477d2e309e6638f0789865a3b4107c917e Mon Sep 17 00:00:00 2001 From: Maxim Stewart Date: Mon, 19 Nov 2018 17:32:16 -0600 Subject: [PATCH] Added some checks for security and improved comparison check security. --- index.html | 3 ++- resources/css/main.css | 5 +++- resources/js/filesystemActions.js | 6 ----- resources/js/uiActions.js | 15 +++++++++++ resources/js/uiEvents.js | 42 +++++++++++++++++++---------- resources/php/config.php | 7 ++--- resources/php/filesystemActions.php | 20 +++++++++++--- resources/php/lockedFolders.php | 2 +- 8 files changed, 71 insertions(+), 29 deletions(-) diff --git a/index.html b/index.html index fe18942..69e969e 100644 --- a/index.html +++ b/index.html @@ -16,7 +16,8 @@ - + + diff --git a/resources/css/main.css b/resources/css/main.css index 5cb0460..257d9cc 100644 --- a/resources/css/main.css +++ b/resources/css/main.css @@ -45,8 +45,10 @@ background-color: rgba(7, 150, 159, 0.8); position: fixed; font-size: 2em; - overflow: auto; + overflow-x: auto; + overflow-y: scroll; padding: 1.5em; + max-height: 632px; } #favesList > li:hover { @@ -125,6 +127,7 @@ height: 5em; overflow-y: scroll; width: 100%; + background-color: rgba(0,0,0,0.64); } /* Classes */ diff --git a/resources/js/filesystemActions.js b/resources/js/filesystemActions.js index 738ef03..935e73f 100644 --- a/resources/js/filesystemActions.js +++ b/resources/js/filesystemActions.js @@ -1,4 +1,3 @@ -var itemObj = undefined; var binary = null; var pathNodes = []; @@ -87,11 +86,6 @@ function createItem(type) { "createItem=true&item=" + fullPth + "&type=" + type); } -function startDeleteItem(item) { - // Get the item name - itemObj = item; -} - function deleteItem() { var path = document.getElementById("path").innerHTML; // Clicked yes to delete and there is an item diff --git a/resources/js/uiActions.js b/resources/js/uiActions.js index c39e8fb..8f4a266 100644 --- a/resources/js/uiActions.js +++ b/resources/js/uiActions.js @@ -79,6 +79,21 @@ function clearDirCookie() { getDir("/"); } +function downloadItem() { + var partialPath = document.getElementById("path").innerHTML; + var brTag = document.createElement("BR"); + var aTag = document.createElement("A"); + var text = document.createTextNode(itemObj); + var fullPath = partialPath + itemObj; + aTag.setAttribute("href", fullPath); + aTag.setAttribute("target", "_blank"); + aTag.setAttribute("id", itemObj); + aTag.append(text); + + document.getElementById("serverMsgView").append(aTag, brTag); + aTag.click(); +} + function clearDlList() { document.getElementById("CLEARBTTN").click(); } function onloadSetBG() { updateBG("resources/images/backgrounds/000.jpg"); } function updateBG(bgImg) { document.getElementById("bg").src = bgImg; } diff --git a/resources/js/uiEvents.js b/resources/js/uiEvents.js index 3e6dbcb..3cae3bc 100644 --- a/resources/js/uiEvents.js +++ b/resources/js/uiEvents.js @@ -1,6 +1,27 @@ -// ondblclick +var itemObj = undefined; + +document.onclick = function (event) { + var obj = event.target; + var callingID = obj.id; + var classNM = obj.className; + + // right-click detect + if (event.which == 3) { + if (callingID == "imageID") { + setSelectedItem(obj.alt); + } else if (callingID == "dirID" || callingID == "fileID" || + callingID == "movieID") { + var node = obj.parentNode; + setSelectedItem(node.children[1].value); + } else if (classNM == "fileStyle" || classNM == "dirStyle" || + classNM == "movieStyle") { + setSelectedItem(obj.children[1].value); + } + } +} + document.ondblclick = function (event) { - var obj = event.target; + var obj = event.target; var callingID = obj.id; var classNM = obj.className; @@ -33,18 +54,6 @@ document.ondblclick = function (event) { } else if (callingID == "titleID") { enableEdit(obj); } - // Right click detect - } else if (event.which == 3) { - if (callingID == "imageID") { - startDeleteItem(obj.alt); - } else if (callingID == "dirID" || callingID == "fileID" || - callingID == "movieID") { - var node = obj.parentNode; - startDeleteItem(node.children[1].value); - } else if (classNM == "fileStyle" || classNM == "dirStyle" || - classNM == "movieStyle") { - startDeleteItem(obj.children[1].value); - } } } @@ -62,6 +71,11 @@ document.onkeydown = function (event) { } } +function setSelectedItem(item) { + // Get the item name + itemObj = item; +} + // Drage event for the poped out image and media container function dragContainer(elmnt) { var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0; diff --git a/resources/php/config.php b/resources/php/config.php index 326c5f5..7eaa1bb 100644 --- a/resources/php/config.php +++ b/resources/php/config.php @@ -7,9 +7,10 @@ $PDFVIEWER = "evince"; $TEXTVIEWER = "leafpad"; $FILEMANAGER = "spacefm"; - // NOTE: Split folders with :::: - $LOCKEDFOLDERS = "./dirLockCheck/"; $LOCKPASSWORD = "1234"; - $UNLOCKTIME = 60; // Every ~3 sec this ticks down + $UNLOCKTIME = 80; // Every ~3 sec this ticks down // Ex: 3*60 == 180 sec or 3 minutes + // NOTE: Split folders with :::: + $LOCKEDFOLDERS = "./MEGA_Sync/333_Movies-Music/Other/::::./MEGA_Sync/000_General/"; + ?> diff --git a/resources/php/filesystemActions.php b/resources/php/filesystemActions.php index 37424ac..27f6a0d 100644 --- a/resources/php/filesystemActions.php +++ b/resources/php/filesystemActions.php @@ -7,11 +7,15 @@ function createItem($FILE, $TYPE) { $FILE = trim($FILE); $FILE = preg_replace('/\.*$/','',$FILE); // removing dot . after file extension - if ($TYPE == "dir"){ + if ($TYPE === "dir"){ mkdir($FILE, 0755); - } else if ($TYPE == "file") { + } else if ($TYPE === "file") { $myfile = fopen($FILE, "w"); fclose($myfile); + } else { + $message = "Server: [Error] --> Failed to create folder or file!"; + serverMessage("error", $message); + return; } $message = "Server: [Success] --> The file " . $FILE . " has been created."; @@ -30,6 +34,10 @@ function deleteItem($FILE) { rmdir($FILE); } else if (is_file($FILE)) { unlink($FILE); + } else { + $message = "Server: [Error] --> Failed to delete item! Not a folder or file!"; + serverMessage("error", $message); + return; } $message = "Server: [Success] --> The file(s) has/have been deleted."; @@ -48,9 +56,15 @@ function renameItem($OLDFILE, $NEWNAME, $PATH) { // Uploader function uploadFiles($targetDir) { $numberOfFiles = count($_FILES['filesToUpload']['name']); + + if ($numberOfFiles === 0) { + $message = "Server: [Error] --> No files were uploaded!"; + serverMessage("error", $message); + return; + } + $type = ""; $message = ""; - for ($i=0; $i < $numberOfFiles; $i++) { $uploadOk = 1; $fileName = $_FILES['filesToUpload']['name'][$i]; diff --git a/resources/php/lockedFolders.php b/resources/php/lockedFolders.php index 16818ff..dbdde2c 100644 --- a/resources/php/lockedFolders.php +++ b/resources/php/lockedFolders.php @@ -12,7 +12,7 @@ for ($i = 0; $i < $size; $i++) { if (strpos($NEWPATH, $LOCKS[$i]) !== false) { - if ($PASSWD == $LOCKPASSWORD) { + if ($PASSWD === $LOCKPASSWORD) { $_SESSION["unlockTime"] = $UNLOCKTIME; return false; } else {