systemClass = new System();
}
public function check() {
global $file, $fileOrig, $docRoot, $iceRoot, $fileLoc, $fileName, $error, $errorStr, $errorMsg;
// Replace pipes with slashes, then establish the actual name as we may have HTML entities in filename
// Infact we may have &lt; which when decoded is < and decoded again is original < so decoding twice is needed
$file = html_entity_decode(html_entity_decode(str_replace("|", "/", $file)));
// Put the original $file var aside for use
$fileOrig = $file;
// Trim any +'s or spaces from the end of file
$file = rtrim(rtrim($file, '+'), ' ');
// Also remove [NEW] from $file, we can consider $_GET['action'] or $fileOrig to pick that up
$file = preg_replace('/\[NEW\]$/', '', $file);
// Make each path in $file a full path (; separated list)
$allFiles = explode(";", $file);
for ($i = 0; $i < count($allFiles); $i++) {
if (false === strpos($allFiles[$i],$docRoot) && "getRemoteFile" !== $_GET['action']) {
$allFiles[$i] = str_replace("|", "/", $docRoot . $iceRoot . $allFiles[$i]);
}
};
$file = implode(";", $allFiles);
// Establish the $fileLoc and $fileName (used in single file cases, eg opening. Multiple file cases, eg deleting, is worked out in that loop)
$fileLoc = substr(str_replace($docRoot, "", $file), 0, strrpos(str_replace($docRoot, "", $file), "/"));
$fileName = basename($file);
// Check through all files to make sure they're valid/safe
$allFiles = explode(";", $file);
for ($i = 0; $i < count($allFiles); $i++) {
// Uncomment to alert and console.log the action and file, useful for debugging
// echo ";alert('" . xssClean($_GET['action'], "html") . " : " . $allFiles[$i] . "');console.log('" . xssClean($_GET['action'], "html") . " : " . $allFiles[$i] . "');";
$bannedFileFound = false;
for ($j = 0; $j < count($_SESSION['bannedFiles']); $j++) {
$thisFile = str_replace("*", "", $_SESSION['bannedFiles'][$j]);
if ("" != $thisFile && false !== strpos($allFiles[$i], $thisFile)) {
$bannedFileFound = true;
}
}
// Die if the file requested isn't something we expect
if (
// On the banned file/dir list
($bannedFileFound) ||
// A local folder that isn't the doc root or starts with the doc root
("getRemoteFile" !== $_GET['action'] &&
rtrim($allFiles[$i], "/") !== rtrim($docRoot, "/") &&
true === realpath(rtrim(dirname($allFiles[$i]), "/")) &&
0 !== strpos(realpath(rtrim(dirname($allFiles[$i]), "/")), realpath(rtrim($docRoot, "/")))
) ||
// Or a remote URL that doesn't start http
("getRemoteFile" === $_GET['action'] && 0 !== strpos($allFiles[$i], "http"))
) {
$error = true;
$errorStr = "true";
$errorMsg = "Sorry! - problem with file requested";
};
}
}
public function updateUI() {
global $fileLoc, $fileName;
$doNext = "";
// Reload file manager, rename tab & remove old file highlighting if it was a new file
if (isset($_POST['newFileName']) && "" != $_POST['newFileName']) {
$doNext .= 'ICEcoder.selectedFiles=[];';
$doNext .= 'ICEcoder.updateFileManagerList(\'add\', \'' . $fileLoc . '\', \'' . $fileName . '\', false, false, false, \'file\');';
$doNext .= 'ICEcoder.renameTab(ICEcoder.selectedTab, \'' . $fileLoc . "/" . $fileName . '\');';
}
return $doNext;
}
public function updateFileManager($action, $fileLoc, $fileName, $perms, $oldFile, $uploaded, $fileOrFolder) {
global $doNext;
$doNext .= "ICEcoder.updateFileManagerList('" .
$action . "', '" .
$fileLoc . "', '" .
$fileName . "', '" .
$perms . "', '" .
$oldFile . "', '" .
$uploaded . "', '" .
$fileOrFolder . "');";
return $doNext;
}
public function load() {
global $file, $fileLoc, $fileName, $t, $lineNumber;
echo 'action="load";';
$lineNumber = max(isset($_GET['lineNumber']) ? intval($_GET['lineNumber']) : 1, 1);
// Check this file isn't on the banned list at all
$canOpen = true;
for ($i = 0; $i < count($_SESSION['bannedFiles']); $i++) {
if ("" !== str_replace("*", "", $_SESSION['bannedFiles'][$i]) && false !== strpos($file, str_replace("*", "", $_SESSION['bannedFiles'][$i]))) {
$canOpen = false;
}
}
if (false === $canOpen) {
echo 'fileType="nothing"; parent.parent.ICEcoder.message(\'' . $t['Sorry, could not...'] . ' ' . $fileLoc . "/" . $fileName . '\');';
} elseif (file_exists($file)) {
$finfo = "text";
// Determine what to do based on mime type
if (function_exists('finfo_open')) {
$finfoMIME = finfo_open(FILEINFO_MIME);
$finfo = finfo_file($finfoMIME, $file);
finfo_close($finfoMIME);
} else {
$fileExt = explode(" ", pathinfo($file, PATHINFO_EXTENSION));
$fileExt = $fileExt[0];
if (false !== array_search($fileExt, ["gif", "jpg", "jpeg", "png"])) {
$finfo = "image";
};
if (false !== array_search($fileExt, ["doc", "docx", "ppt", "rtf", "pdf", "zip", "tar", "gz", "swf", "asx", "asf", "midi", "mp3", "wav", "aiff", "mov", "qt", "wmv", "mp4", "odt", "odg", "odp"])) {
$finfo = "other";
};
}
if (0 === strpos($finfo, "text") || 0 === strpos($finfo, "application/json") || 0 === strpos($finfo, "application/xml") || false !== strpos($finfo, "empty")) {
echo 'fileType="text";';
// Get data from file
$loadedFile = toUTF8noBOM(getData($file), true);
$encoding = ini_get("default_charset");
if ("" == $encoding) {
$encoding = "UTF-8";
}
// Get content and set HTML entities on it according to encoding
$loadedFile = htmlentities($loadedFile, ENT_COMPAT, $encoding);
// Remove \r chars and replace \n with carriage return HTML entity char
$loadedFile = preg_replace('/\\r/', '', $loadedFile);
$loadedFile = preg_replace('/\\n/', '
', $loadedFile);
echo '