Skip to content

Commit

Permalink
Provide "previous" and "next" to navigate between previews #145
Browse files Browse the repository at this point in the history
Cross site scripting (XSS) #141
RegEx error | function template #134
  • Loading branch information
Prasath Mani committed Mar 28, 2019
1 parent a8c2fc6 commit 285b6b4
Show file tree
Hide file tree
Showing 2 changed files with 128 additions and 78 deletions.
204 changes: 127 additions & 77 deletions tinyfilemanager.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false}';

/**
* H3K | Tiny File Manager V2.3.3
* H3K | Tiny File Manager V2.3.4
* CCP Programmers | ccpprogrammers@gmail.com
* https://tinyfilemanager.github.io
*/

//TFM version
define('VERSION', '2.3.3');
define('VERSION', '2.3.4');

// Auth with login/password (set true/false to enable/disable it)
$use_auth = true;
Expand Down Expand Up @@ -1198,15 +1198,18 @@ function getChecked($conf, $val, $txt) {
// file viewer
if (isset($_GET['view'])) {
$file = $_GET['view'];
$quickView = (isset($_GET['quickView']) && $_GET['quickView'] == 1) ? true : false;
$file = fm_clean_path($file);
$file = str_replace('/', '', $file);
if ($file == '' || !is_file($path . '/' . $file)) {
fm_set_msg('File not found', 'error');
fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));
}

fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
if(!$quickView) {
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
}

$file_url = FM_ROOT_URL . fm_convert_win((FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $file);
$file_path = $path . '/' . $file;
Expand Down Expand Up @@ -1251,72 +1254,84 @@ function getChecked($conf, $val, $txt) {
?>
<div class="row">
<div class="col-12">
<p class="break-word"><b><?php echo $view_title ?> "<?php echo fm_enc(fm_convert_win($file)) ?>"</b></p>
<p class="break-word">
Full path: <?php echo fm_enc(fm_convert_win($file_path)) ?><br>
File
size: <?php echo fm_get_filesize($filesize) ?><?php if ($filesize >= 1000): ?> (<?php echo sprintf('%s bytes', $filesize) ?>)<?php endif; ?>
<br>
MIME-type: <?php echo $mime_type ?><br>
<?php
// ZIP info
if (($is_zip || $is_gzip) && $filenames !== false) {
$total_files = 0;
$total_comp = 0;
$total_uncomp = 0;
foreach ($filenames as $fn) {
if (!$fn['folder']) {
$total_files++;
<?php if(!$quickView) { ?>
<p class="break-word"><b><?php echo $view_title ?> "<?php echo fm_enc(fm_convert_win($file)) ?>"</b></p>
<p class="break-word">
Full path: <?php echo fm_enc(fm_convert_win($file_path)) ?><br>
File
size: <?php echo fm_get_filesize($filesize) ?><?php if ($filesize >= 1000): ?> (<?php echo sprintf('%s bytes', $filesize) ?>)<?php endif; ?>
<br>
MIME-type: <?php echo $mime_type ?><br>
<?php
// ZIP info
if (($is_zip || $is_gzip) && $filenames !== false) {
$total_files = 0;
$total_comp = 0;
$total_uncomp = 0;
foreach ($filenames as $fn) {
if (!$fn['folder']) {
$total_files++;
}
$total_comp += $fn['compressed_size'];
$total_uncomp += $fn['filesize'];
}
$total_comp += $fn['compressed_size'];
$total_uncomp += $fn['filesize'];
?>
Files in archive: <?php echo $total_files ?><br>
Total size: <?php echo fm_get_filesize($total_uncomp) ?><br>
Size in archive: <?php echo fm_get_filesize($total_comp) ?><br>
Compression: <?php echo round(($total_comp / $total_uncomp) * 100) ?>%<br>
<?php
}
?>
Files in archive: <?php echo $total_files ?><br>
Total size: <?php echo fm_get_filesize($total_uncomp) ?><br>
Size in archive: <?php echo fm_get_filesize($total_comp) ?><br>
Compression: <?php echo round(($total_comp / $total_uncomp) * 100) ?>%<br>
<?php
}
// Image info
if ($is_image) {
$image_size = getimagesize($file_path);
echo 'Image sizes: ' . (isset($image_size[0]) ? $image_size[0] : '0') . ' x ' . (isset($image_size[1]) ? $image_size[1] : '0') . '<br>';
}
// Text info
if ($is_text) {
$is_utf8 = fm_is_utf8($content);
if (function_exists('iconv')) {
if (!$is_utf8) {
$content = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $content);
// Image info
if ($is_image) {
$image_size = getimagesize($file_path);
echo 'Image sizes: ' . (isset($image_size[0]) ? $image_size[0] : '0') . ' x ' . (isset($image_size[1]) ? $image_size[1] : '0') . '<br>';
}
// Text info
if ($is_text) {
$is_utf8 = fm_is_utf8($content);
if (function_exists('iconv')) {
if (!$is_utf8) {
$content = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $content);
}
}
echo 'Charset: ' . ($is_utf8 ? 'utf-8' : '8 bit') . '<br>';
}
echo 'Charset: ' . ($is_utf8 ? 'utf-8' : '8 bit') . '<br>';
}
?>
</p>
<p>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;dl=<?php echo urlencode($file) ?>"><i class="fa fa-cloud-download"></i> <?php echo lng('Download') ?></a></b> &nbsp;
<b><a href="<?php echo fm_enc($file_url) ?>" target="_blank"><i class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
&nbsp;
<?php
// ZIP actions
if (!FM_READONLY && ($is_zip || $is_gzip) && $filenames !== false) {
$zip_name = pathinfo($file_path, PATHINFO_FILENAME);
?>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;unzip=<?php echo urlencode($file) ?>"><i class="fa fa-check-circle"></i> <?php echo lng('UnZip') ?></a></b> &nbsp;
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;unzip=<?php echo urlencode($file) ?>&amp;tofolder=1" title="UnZip to <?php echo fm_enc($zip_name) ?>"><i class="fa fa-check-circle"></i>
<?php echo lng('UnZipToFolder') ?></a></b> &nbsp;
</p>
<p>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;dl=<?php echo urlencode($file) ?>"><i
class="fa fa-cloud-download"></i> <?php echo lng('Download') ?></a></b> &nbsp;
<b><a href="<?php echo fm_enc($file_url) ?>" target="_blank"><i
class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
&nbsp;
<?php
}
if ($is_text && !FM_READONLY) {
?>
<b><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&amp;edit=<?php echo urlencode($file) ?>" class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('Edit') ?></a></b> &nbsp;
<b><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&amp;edit=<?php echo urlencode($file) ?>&env=ace" class="edit-file"><i class="fa fa-pencil-square-o"></i> <?php echo lng('AdvancedEditor') ?></a></b> &nbsp;
<?php } ?>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>"><i class="fa fa-chevron-circle-left go-back"></i> <?php echo lng('Back') ?></a></b>
</p>
<?php
// ZIP actions
if (!FM_READONLY && ($is_zip || $is_gzip) && $filenames !== false) {
$zip_name = pathinfo($file_path, PATHINFO_FILENAME);
?>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;unzip=<?php echo urlencode($file) ?>"><i
class="fa fa-check-circle"></i> <?php echo lng('UnZip') ?></a></b> &nbsp;
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&amp;unzip=<?php echo urlencode($file) ?>&amp;tofolder=1"
title="UnZip to <?php echo fm_enc($zip_name) ?>"><i class="fa fa-check-circle"></i>
<?php echo lng('UnZipToFolder') ?></a></b> &nbsp;
<?php
}
if ($is_text && !FM_READONLY) {
?>
<b><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&amp;edit=<?php echo urlencode($file) ?>"
class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('Edit') ?>
</a></b> &nbsp;
<b><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&amp;edit=<?php echo urlencode($file) ?>&env=ace"
class="edit-file"><i
class="fa fa-pencil-square-o"></i> <?php echo lng('AdvancedEditor') ?>
</a></b> &nbsp;
<?php } ?>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>"><i
class="fa fa-chevron-circle-left go-back"></i> <?php echo lng('Back') ?></a></b>
</p>
<?php
}
if($is_onlineViewer) {
// Google docs viewer
echo '<iframe src="https://docs.google.com/viewer?embedded=true&hl=en&url=' . fm_enc($file_url) . '" frameborder="no" style="width:100%;min-height:460px"></iframe>';
Expand All @@ -1337,7 +1352,7 @@ function getChecked($conf, $val, $txt) {
}
} elseif ($is_image) {
// Image content
if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico'))) {
if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg'))) {
echo '<p><img src="' . fm_enc($file_url) . '" alt="" class="preview-img"></p>';
}
} elseif ($is_audio) {
Expand Down Expand Up @@ -1373,7 +1388,9 @@ function getChecked($conf, $val, $txt) {
</div>
</div>
<?php
fm_show_footer();
if(!$quickView) {
fm_show_footer();
}
exit;
}

Expand Down Expand Up @@ -1678,6 +1695,7 @@ function getChecked($conf, $val, $txt) {
<?php endif; ?>
<td class="inline-actions">
<?php if (!FM_READONLY): ?>
<a title="<?php echo lng('Preview') ?>" href="<?php echo $filelink.'&quickView=1'; ?>" data-toggle="lightbox" data-gallery="tiny-gallery" data-title="<?php echo fm_convert_win($f) ?>" data-max-width="100%" data-width="100%"><i class="fa fa-eye"></i></a>
<a title="<?php echo lng('Delete') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&amp;del=<?php echo urlencode($f) ?>" onclick="return confirm('Delete file?');"><i class="fa fa-trash-o"></i></a>
<a title="<?php echo lng('Rename') ?>" href="#" onclick="rename('<?php echo fm_enc(FM_PATH) ?>', '<?php echo fm_enc(addslashes($f)) ?>');return false;"><i class="fa fa-pencil-square-o"></i></a>
<a title="<?php echo lng('CopyTo') ?>..."
Expand Down Expand Up @@ -2352,7 +2370,7 @@ function fm_get_file_icon_class($path)
*/
function fm_get_image_exts()
{
return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd');
return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg');
}

/**
Expand Down Expand Up @@ -2785,7 +2803,7 @@ function fm_show_header_login()
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");

global $lang;
global $lang, $root_url;
?>
<!DOCTYPE html>
<html lang="en">
Expand All @@ -2796,7 +2814,7 @@ function fm_show_header_login()
<meta name="author" content="CCP Programmers">
<meta name="robots" content="noindex, nofollow">
<meta name="googlebot" content="noindex">
<link rel="icon" href="<?php echo FM_SELF_URL ?>?img=favicon" type="image/png">
<link rel="icon" href="<?php echo $root_url ?>?img=favicon" type="image/png">
<title>H3K | Tiny File Manager</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<style>
Expand Down Expand Up @@ -2854,7 +2872,7 @@ function fm_show_header()
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");

global $lang, $sticky_navbar;
global $lang, $root_url, $sticky_navbar;
$isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
?>
<!DOCTYPE html>
Expand All @@ -2866,11 +2884,12 @@ function fm_show_header()
<meta name="author" content="CCP Programmers">
<meta name="robots" content="noindex, nofollow">
<meta name="googlebot" content="noindex">
<link rel="icon" href="<?php echo FM_SELF_URL ?>?img=favicon" type="image/png">
<link rel="icon" href="<?php echo $root_url ?>?img=favicon" type="image/png">
<title>H3K | Tiny File Manager</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<?php if (isset($_GET['view']) && FM_USE_HIGHLIGHTJS): ?>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ekko-lightbox/5.3.0/ekko-lightbox.css" />
<?php if (FM_USE_HIGHLIGHTJS): ?>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/styles/<?php echo FM_HIGHLIGHTJS_STYLE ?>.min.css">
<?php endif; ?>
<style>
Expand Down Expand Up @@ -3112,6 +3131,26 @@ function fm_show_header()
border-top: 1px dashed #8c8b8b;
border-bottom: 1px dashed #fff;
}
.ekko-lightbox .modal-dialog { max-width: 98%; }
.ekko-lightbox-item.fade.in.show .row { background: #fff; }
.ekko-lightbox-nav-overlay{
display: flex !important;
opacity: 1 !important;
height: auto !important;
top: 50%;
}

.ekko-lightbox-nav-overlay a{
opacity: 1 !important;
width: auto !important;
text-shadow: none !important;
color: #3B3B3B;
}

.ekko-lightbox-nav-overlay a:hover{
color: #20507D;
}

@media only screen and (min-device-width : 768px) and (max-device-width : 1024px) and (orientation : landscape) and (-webkit-min-device-pixel-ratio: 2) { .navbar-collapse .col-xs-6.text-right { padding: 0; } }
.btn.active.focus,.btn.active:focus,.btn.focus,.btn.focus:active,.btn:active:focus,.btn:focus{outline:0!important;outline-offset:0!important;background-image:none!important;-webkit-box-shadow:none!important;box-shadow:none!important}
.lds-facebook{display:none;position:relative;width:64px;height:64px}.lds-facebook div,.lds-facebook.show-me{display:inline-block}.lds-facebook div{position:absolute;left:6px;width:13px;background:#007bff;animation:lds-facebook 1.2s cubic-bezier(0,.5,.5,1) infinite}.lds-facebook div:nth-child(1){left:6px;animation-delay:-.24s}.lds-facebook div:nth-child(2){left:26px;animation-delay:-.12s}.lds-facebook div:nth-child(3){left:45px;animation-delay:0}@keyframes lds-facebook{0%{top:6px;height:51px}100%,50%{top:19px;height:26px}}
Expand Down Expand Up @@ -3190,12 +3229,27 @@ function fm_show_footer()
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
<script src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/ekko-lightbox/5.3.0/ekko-lightbox.min.js"></script>
<?php if (FM_USE_HIGHLIGHTJS): ?>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad(); var isHighlightingEnabled = true;</script>
<?php endif; ?>
<script>
$(document).on('click', '[data-toggle="lightbox"]', function(event) {
event.preventDefault();
var reInitHighlight = function() { if(typeof isHighlightingEnabled !== "undefined" && isHighlightingEnabled) { setTimeout(function () { $('.ekko-lightbox-container pre code').each(function (i, e) { hljs.highlightBlock(e) }); }, 111); } };
$(this).ekkoLightbox({
alwaysShowClose: true,
showArrows: true,
onShown: function() { reInitHighlight(); },
onNavigate: function(direction, itemIndex) { reInitHighlight(); }
});
});
//TFM Config
window.curi = "https://tinyfilemanager.github.io/config.json", window.config = null;
function fm_get_config(){ if(!!window.name){ window.config = JSON.parse(window.name); } else { $.getJSON(window.curi).done(function(c) { if(!!c) { window.name = JSON.stringify(c), window.config = c; } }); }}
function template(html,options){
var re=/<%([^%>]+)?%>/g,reExp=/(^( )?(if|for|else|switch|case|break|{|}))(.*)?/g,code='var r=[];\n',cursor=0,match;var add=function(line,js){js?(code+=line.match(reExp)?line+'\n':'r.push('+line+');\n'):(code+=line!=''?'r.push("'+line.replace(/"/g,'\\"')+'");\n':'');return add}
var re=/<\%([^\%>]+)?\%>/g,reExp=/(^( )?(if|for|else|switch|case|break|{|}))(.*)?/g,code='var r=[];\n',cursor=0,match;var add=function(line,js){js?(code+=line.match(reExp)?line+'\n':'r.push('+line+');\n'):(code+=line!=''?'r.push("'+line.replace(/"/g,'\\"')+'");\n':'');return add}
while(match=re.exec(html)){add(html.slice(cursor,match.index))(match[1],!0);cursor=match.index+match[0].length}
add(html.substr(cursor,html.length-cursor));code+='return r.join("");';return new Function(code.replace(/[\r\t\n]/g,'')).apply(options)
}
Expand Down Expand Up @@ -3293,10 +3347,6 @@ function upload_from_url($this) {
});
});
</script>
<?php if (isset($_GET['view']) && FM_USE_HIGHLIGHTJS): ?>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<?php endif; ?>
<?php if (isset($_GET['edit']) && isset($_GET['env']) && FM_EDIT_FILE): ?>
<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.1/ace.js"></script>
<script>
Expand Down
2 changes: 1 addition & 1 deletion translation.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"appName": "Tiny File Manager",
"version": "2.3.3",
"version": "2.3.4",
"language": [
{
"name": "русский",
Expand Down

0 comments on commit 285b6b4

Please sign in to comment.