Головна сторінка Огляд Довідка
Реєстрація Увійти
scaniatm
/
TorrentFlux-b4rt-PHP7
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0
Дерево: d466a837d2
Гілки Теги
TorrentFlux-b4r...
/
html
/
inc
/
iid
/
move.php

move.php 4.6 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. <?php
    2. 

  2. 

  3. /* $Id: move.php 3082 2007-06-09 13:51:43Z danez $ */
    4. 

  4. 

  5. /*******************************************************************************
    6. 

  6. 

  7.  LICENSE
    8. 

  8. 

  9.  This program is free software; you can redistribute it and/or
    10. 

  10.  modify it under the terms of the GNU General Public License (GPL)
    11. 

  11.  as published by the Free Software Foundation; either version 2
    12. 

  12.  of the License, or (at your option) any later version.
    13. 

  13. 

  14.  This program is distributed in the hope that it will be useful,
    15. 

  15.  but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    17. 

  17.  GNU General Public License for more details.
    18. 

  18. 

  19.  To read the license please visit http://www.gnu.org/copyleft/gpl.html
    20. 

  20. 

  21. *******************************************************************************/
    22. 

  22. 

  23. // prevent direct invocation
    24. 

  24. if ((!isset($cfg['user'])) || (isset($_REQUEST['cfg']))) {
    25. 

  25. 	@ob_end_clean();
    26. 

  26. 	@header("location: ../../index.php");
    27. 

  27. 	exit();
    28. 

  28. }
    29. 

  29. 

  30. /******************************************************************************/
    31. 

  31. 

  32. // common functions
    33. 

  33. require_once('inc/functions/functions.common.php');
    34. 

  34. 

  35. // dir functions
    36. 

  36. require_once('inc/functions/functions.dir.php');
    37. 

  37. 

  38. // is enabled ?
    39. 

  39. if ($cfg["enable_move"] != 1) {
    40. 

  40. 	AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: ".$cfg["user"]." tried to use move");
    41. 

  41. 	@error("move is disabled. Action has been logged.", "", "");
    42. 

  42. }
    43. 

  43. 

  44. // init template-instance
    45. 

  45. tmplInitializeInstance($cfg["theme"], "page.move.tmpl");
    46. 

  46. 

  47. // set vars
    48. 

  48. if((isset($_REQUEST['start'])) && ($_REQUEST['start'] == true)) {
    49. 

  49. 	$path = stripslashes($_REQUEST['path']);
    50. 

  50. 	$dir = tfb_getRequestVar('path');
    51. 

  51. 	$source = $cfg["path"].$dir;
    52. 

  52. 	// only valid paths + entries with permission
    53. 

  53. 	if (!((tfb_isValidPath($source)) &&
    54. 

  54. 		(isValidEntry(basename($source))) &&
    55. 

  55. 		(hasPermission($dir, $cfg["user"], 'w')))) {
    56. 

  56. 		AuditAction($cfg["constants"]["error"], "ILLEGAL MOVE: ".$cfg["user"]." tried to move ".$dir);
    57. 

  57. 		@error("Illegal move. Action has been logged.", "", "");
    58. 

  58. 	}
    59. 

  59. 	//
    60. 

  60. 	$tmpl->setvar('is_start', 1);
    61. 

  61. 	$tmpl->setvar('path', $path);
    62. 

  62. 	$tmpl->setvar('_MOVE_STRING', $cfg['_MOVE_STRING']);
    63. 

  63. 	$tmpl->setvar('_MOVE_FILE', $cfg['_MOVE_FILE']);
    64. 

  64. 	if ((isset($cfg["move_paths"])) && (strlen($cfg["move_paths"]) > 0)) {
    65. 

  65. 		$tmpl->setvar('move_start', 1);
    66. 

  66. 		$dirs = explode(":", trim($cfg["move_paths"]));
    67. 

  67. 		$dir_list = array();
    68. 

  68. 		foreach ($dirs as $dir) {
    69. 

  69. 			$target = trim($dir);
    70. 

  70. 			if ((strlen($target) > 0) && ((substr($target, 0, 1)) != ";"))
    71. 

  71. 				array_push($dir_list, array('target' => $target));
    72. 

  72. 		}
    73. 

  73. 		$tmpl->setloop('dir_list', $dir_list);
    74. 

  74. 	} else {
    75. 

  75. 		$tmpl->setvar('move_start', 0);
    76. 

  76. 	}
    77. 

  77. } else {
    78. 

  78. 	$file = $_POST['file'];
    79. 

  79. 	$targetDir = "";
    80. 

  80. 	if (isset($_POST['dest'])) {
    81. 

  81. 		 $tempDir = trim(rawurldecode($_POST['dest']));
    82. 

  82. 		 if (strlen($tempDir) > 0) {
    83. 

  83. 			$targetDir = $tempDir;
    84. 

  84. 		 } else {
    85. 

  85. 			if (isset($_POST['selector']))
    86. 

  86. 				$targetDir = trim(urldecode($_POST['selector']));
    87. 

  87. 		 }
    88. 

  88. 	}
    89. 

  89. 	// only valid dirs + entries with permission
    90. 

  90. 	if (!((tfb_isValidPath($cfg["path"].$file)) &&
    91. 

  91. 		(tfb_isValidPath($targetDir)) &&
    92. 

  92. 		(isValidEntry(basename($cfg["path"].$file))) &&
    93. 

  93. 		(hasPermission($file, $cfg["user"], 'w')))) {
    94. 

  94. 		AuditAction($cfg["constants"]["error"], "ILLEGAL MOVE: ".$cfg["user"]." tried to move ".$file." to ".$targetDir);
    95. 

  95. 		@error("Illegal move. Action has been logged.", "", "");
    96. 

  96. 	}
    97. 

  97. 	// we need absolute paths or stuff will end up in docroot
    98. 

  98. 	// inform user .. don't move it into a fallback-dir which may be a hassle
    99. 

  99. 	$dirValid = true;
    100. 

  100. 	if (strlen($targetDir) <= 0) {
    101. 

  101. 		 $dirValid = false;
    102. 

  102. 	} else {
    103. 

  103. 		if ($targetDir{0} != '/') {
    104. 

  104. 			$tmpl->setvar('not_absolute', 1);
    105. 

  105. 			$dirValid = false;
    106. 

  106. 		} else {
    107. 

  107. 			$tmpl->setvar('not_absolute', 0);
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. 	$tmpl->setvar('is_start', 0);
    111. 

  111. 	$tmpl->setvar('targetDir', $targetDir);
    112. 

  112. 	// check dir
    113. 

  113. 	if (($dirValid) && (checkDirectory($targetDir, 0777))) {
    114. 

  114. 		$tmpl->setvar('is_valid', 1);
    115. 

  115. 		$targetDir = checkDirPathString($targetDir);
    116. 

  116. 		// Add slashes if magic_quotes off:
    117. 

  117. 		if (get_magic_quotes_gpc() !== 1)
    118. 

  118. 			$targetDir = addslashes($targetDir);
    119. 

  119. 		// Use single quote to escape mv args:
    120. 

  120. 		$cmd = "mv '".$cfg["path"].$file."' '".$targetDir."'";
    121. 

  121. 		$cmd .= ' 2>&1';
    122. 

  122. 		$handle = popen($cmd, 'r');
    123. 

  123. 		// get the output and print it.
    124. 

  124. 		$gotError = -1;
    125. 

  125. 		$buff= "";
    126. 

  126. 		while (!feof($handle)) {
    127. 

  127. 			$buff .= @fgets($handle,30);
    128. 

  128. 			$gotError = $gotError + 1;
    129. 

  129. 		}
    130. 

  130. 		$tmpl->setvar('messages', nl2br($buff));
    131. 

  131. 		pclose($handle);
    132. 

  132. 		if ($gotError <= 0) {
    133. 

  133. 			$tmpl->setvar('got_no_error', 1);
    134. 

  134. 			$tmpl->setvar('file', $file);
    135. 

  135. 		} else {
    136. 

  136. 			$tmpl->setvar('got_no_error', 0);
    137. 

  137. 		}
    138. 

  138. 	} else {
    139. 

  139. 		$tmpl->setvar('is_valid', 1);
    140. 

  140. 	}
    141. 

  141. }
    142. 

  142. 

  143. //
    144. 

  144. tmplSetTitleBar($cfg["pagetitle"]." - ".$cfg['_MOVE_FILE_TITLE'], false);
    145. 

  145. tmplSetIidVars();
    146. 

  146. 

  147. // parse template
    148. 

  148. $tmpl->pparse();
    149. 

  149. 

  150. ?>
    151.