itdominator/WebFM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added some checks for security and improved comparison check security.

Browse Source
This commit is contained in:
Maxim Stewart 2018-11-19 17:32:16 -06:00
parent fc03202bf3
commit 9239a1477d
8 changed files with 71 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
index.html
View File

@ -16,7 +16,8 @@
<menuitem label="Home Directory" onclick="clearDirCookie()"></menuitem> <menuitem label="Home Directory" onclick="clearDirCookie()"></menuitem>
<menuitem label="Show Server Messages" onclick="tgglElmView('serverMsgView')"></menuitem> <menuitem label="Show Server Messages" onclick="tgglElmView('serverMsgView')"></menuitem>
<menuitem label="Clear Upload List" onclick="clearDlList()"></menuitem> <menuitem label="Clear Upload List" onclick="clearDlList()"></menuitem>
<menuitem label="Delete File/Directory" onclick="deleteItem()"></menuitem> <menuitem label="Download" onclick="downloadItem()"></menuitem>
<menuitem label="Delete" onclick="deleteItem()"></menuitem>
</menu> </menu>
<!-- Uploader --> <!-- Uploader -->

5
resources/css/main.css
View File

@ -45,8 +45,10 @@
background-color: rgba(7, 150, 159, 0.8); background-color: rgba(7, 150, 159, 0.8);
position: fixed; position: fixed;
font-size: 2em; font-size: 2em;
overflow: auto; overflow-x: auto;
overflow-y: scroll;
padding: 1.5em; padding: 1.5em;
max-height: 632px;
} }
#favesList > li:hover { #favesList > li:hover {
@ -125,6 +127,7 @@
height: 5em; height: 5em;
overflow-y: scroll; overflow-y: scroll;
width: 100%; width: 100%;
background-color: rgba(0,0,0,0.64);
} }
/* Classes */ /* Classes */

6
resources/js/filesystemActions.js
View File

@ -1,4 +1,3 @@
var itemObj = undefined;
var binary = null; var binary = null;
var pathNodes = []; var pathNodes = [];
@ -87,11 +86,6 @@ function createItem(type) {
"createItem=true&item=" + fullPth + "&type=" + type); "createItem=true&item=" + fullPth + "&type=" + type);
} }
function startDeleteItem(item) {
// Get the item name
itemObj = item;
}
function deleteItem() { function deleteItem() {
var path = document.getElementById("path").innerHTML; var path = document.getElementById("path").innerHTML;
// Clicked yes to delete and there is an item // Clicked yes to delete and there is an item

15
resources/js/uiActions.js
View File

@ -79,6 +79,21 @@ function clearDirCookie() {
getDir("/"); getDir("/");
} }
function downloadItem() {
var partialPath = document.getElementById("path").innerHTML;
var brTag = document.createElement("BR");
var aTag = document.createElement("A");
var text = document.createTextNode(itemObj);
var fullPath = partialPath + itemObj;
aTag.setAttribute("href", fullPath);
aTag.setAttribute("target", "_blank");
aTag.setAttribute("id", itemObj);
aTag.append(text);
document.getElementById("serverMsgView").append(aTag, brTag);
aTag.click();
}
function clearDlList() { document.getElementById("CLEARBTTN").click(); } function clearDlList() { document.getElementById("CLEARBTTN").click(); }
function onloadSetBG() { updateBG("resources/images/backgrounds/000.jpg"); } function onloadSetBG() { updateBG("resources/images/backgrounds/000.jpg"); }
function updateBG(bgImg) { document.getElementById("bg").src = bgImg; } function updateBG(bgImg) { document.getElementById("bg").src = bgImg; }

40
resources/js/uiEvents.js
View File

@ -1,4 +1,25 @@
// ondblclick var itemObj = undefined;
document.onclick = function (event) {
var obj = event.target;
var callingID = obj.id;
var classNM = obj.className;
// right-click detect
if (event.which == 3) {
if (callingID == "imageID") {
setSelectedItem(obj.alt);
} else if (callingID == "dirID" || callingID == "fileID" ||
callingID == "movieID") {
var node = obj.parentNode;
setSelectedItem(node.children[1].value);
} else if (classNM == "fileStyle" || classNM == "dirStyle" ||
classNM == "movieStyle") {
setSelectedItem(obj.children[1].value);
}
}
}
document.ondblclick = function (event) { document.ondblclick = function (event) {
var obj = event.target; var obj = event.target;
var callingID = obj.id; var callingID = obj.id;
@ -33,18 +54,6 @@ document.ondblclick = function (event) {
} else if (callingID == "titleID") { } else if (callingID == "titleID") {
enableEdit(obj); enableEdit(obj);
} }
// Right click detect
} else if (event.which == 3) {
if (callingID == "imageID") {
startDeleteItem(obj.alt);
} else if (callingID == "dirID" || callingID == "fileID" ||
callingID == "movieID") {
var node = obj.parentNode;
startDeleteItem(node.children[1].value);
} else if (classNM == "fileStyle" || classNM == "dirStyle" ||
classNM == "movieStyle") {
startDeleteItem(obj.children[1].value);
}
} }
} }
@ -62,6 +71,11 @@ document.onkeydown = function (event) {
} }
} }
function setSelectedItem(item) {
// Get the item name
itemObj = item;
}
// Drage event for the poped out image and media container // Drage event for the poped out image and media container
function dragContainer(elmnt) { function dragContainer(elmnt) {
var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0; var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0;

7
resources/php/config.php
View File

@ -7,9 +7,10 @@
$PDFVIEWER = "evince"; $PDFVIEWER = "evince";
$TEXTVIEWER = "leafpad"; $TEXTVIEWER = "leafpad";
$FILEMANAGER = "spacefm"; $FILEMANAGER = "spacefm";
// NOTE: Split folders with ::::
$LOCKEDFOLDERS = "./dirLockCheck/";
$LOCKPASSWORD = "1234"; $LOCKPASSWORD = "1234";
$UNLOCKTIME = 60; // Every ~3 sec this ticks down $UNLOCKTIME = 80; // Every ~3 sec this ticks down
// Ex: 3*60 == 180 sec or 3 minutes // Ex: 3*60 == 180 sec or 3 minutes
// NOTE: Split folders with ::::
$LOCKEDFOLDERS = "./MEGA_Sync/333_Movies-Music/Other/::::./MEGA_Sync/000_General/";
?> ?>

20
resources/php/filesystemActions.php
View File

@ -7,11 +7,15 @@ function createItem($FILE, $TYPE) {
$FILE = trim($FILE); $FILE = trim($FILE);
$FILE = preg_replace('/\.*$/','',$FILE); // removing dot . after file extension $FILE = preg_replace('/\.*$/','',$FILE); // removing dot . after file extension
if ($TYPE == "dir"){ if ($TYPE === "dir"){
mkdir($FILE, 0755); mkdir($FILE, 0755);
} else if ($TYPE == "file") { } else if ($TYPE === "file") {
$myfile = fopen($FILE, "w"); $myfile = fopen($FILE, "w");
fclose($myfile); fclose($myfile);
} else {
$message = "Server: [Error] --> Failed to create folder or file!";
serverMessage("error", $message);
return;
} }
$message = "Server: [Success] --> The file " . $FILE . " has been created."; $message = "Server: [Success] --> The file " . $FILE . " has been created.";
@ -30,6 +34,10 @@ function deleteItem($FILE) {
rmdir($FILE); rmdir($FILE);
} else if (is_file($FILE)) { } else if (is_file($FILE)) {
unlink($FILE); unlink($FILE);
} else {
$message = "Server: [Error] --> Failed to delete item! Not a folder or file!";
serverMessage("error", $message);
return;
} }
$message = "Server: [Success] --> The file(s) has/have been deleted."; $message = "Server: [Success] --> The file(s) has/have been deleted.";
@ -48,9 +56,15 @@ function renameItem($OLDFILE, $NEWNAME, $PATH) {
// Uploader // Uploader
function uploadFiles($targetDir) { function uploadFiles($targetDir) {
$numberOfFiles = count($_FILES['filesToUpload']['name']); $numberOfFiles = count($_FILES['filesToUpload']['name']);
if ($numberOfFiles === 0) {
$message = "Server: [Error] --> No files were uploaded!";
serverMessage("error", $message);
return;
}
$type = ""; $type = "";
$message = ""; $message = "";
for ($i=0; $i < $numberOfFiles; $i++) { for ($i=0; $i < $numberOfFiles; $i++) {
$uploadOk = 1; $uploadOk = 1;
$fileName = $_FILES['filesToUpload']['name'][$i]; $fileName = $_FILES['filesToUpload']['name'][$i];

2
resources/php/lockedFolders.php
View File

@ -12,7 +12,7 @@
for ($i = 0; $i < $size; $i++) { for ($i = 0; $i < $size; $i++) {
if (strpos($NEWPATH, $LOCKS[$i]) !== false) { if (strpos($NEWPATH, $LOCKS[$i]) !== false) {
if ($PASSWD == $LOCKPASSWORD) { if ($PASSWD === $LOCKPASSWORD) {
$_SESSION["unlockTime"] = $UNLOCKTIME; $_SESSION["unlockTime"] = $UNLOCKTIME;
return false; return false;
} else { } else {