initial commit of file from CVS for smeserver-webshare on Sat Sep 7 21:15:27 AEST 2024

2024-09-07 21:15:27 +10:00
parent 609e015cb7
commit e4661a6aa1
90 changed files with 5344 additions and 2 deletions
--- a/root/opt/webshare-tools/phpfm/incl/libfile.php
+++ b/root/opt/webshare-tools/phpfm/incl/libfile.php
@@ -0,0 +1,50 @@
+<?php
+
+if (!@include_once("./incl/auth.inc.php"))
+ include_once("../incl/auth.inc.php");
+
+include("../conf/config.inc.php");
+include("../incl/functions.inc.php");
+include("../lang/$language.inc.php");
+
+if (isset($_GET['action']) && $_GET['action'] == "download")
+{
+    session_cache_limiter("public, post-check=50");
+    header("Cache-Control: private");
+}
+if (isset($session_save_path)) session_save_path($session_save_path);
+
+if (isset($_GET['path'])) $path = validate_path($_GET['path']);
+if (!isset($path)) $path = FALSE;
+if ($path == "./" || $path == ".\\" || $path == "/" || $path == "\\") $path = FALSE;
+
+if (isset($_GET['filename'])) $filename = basename(stripslashes($_GET['filename']));
+
+if ($AllowDownload || $AllowView)
+{
+ if (isset($_GET['filename']) && isset($_GET['action']) && is_file($home_directory.$path.$filename) || is_file("../".$home_directory.$path.$filename))
+ {
+  if (is_file($home_directory.$path.$filename) && !strstr($home_directory, "./") && !strstr($home_directory, ".\\"))
+   $fullpath = $home_directory.$path.$filename;
+  else if (is_file("../".$home_directory.$path.$filename))
+   $fullpath = "../".$home_directory.$path.$filename;
+
+  if (!$AllowDownload && $AllowView && !is_viewable_file($filename))
+  {
+   print "<font color='#CC0000'>$StrAccessDenied</font>";
+   exit();
+  }
+
+  header("Pragma:");
+  header("Content-Type: ".get_mimetype($filename));
+  header("Content-Length: ".filesize($fullpath));
+  if ($_GET['action'] == "download");
+   header("Content-Disposition: attachment; filename=\"$filename\"");
+
+  readfile($fullpath);
+ }
+ else
+  print "<font color='#CC0000'>$StrDownloadFail</font>";
+}
+
+?>