Version 9.9.6

- fixed a security vulnerability - code refactoring removed thumb path to ajax calls - improve file/folder permission layout and fixed a error - fixed a problem with image editor - added vitnamese language
trippo · Aug 18, 2015 · 00a12c5 · 00a12c5
1 parent b181212
commit 00a12c5
Show file tree

Hide file tree

Showing 6 changed files with 2,314 additions and 72 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,14 @@
 Responsive Filemanager Changelog 
 
+*********************************************************
+*  RFM 9.9.6
+*********************************************************
+- fixed a security vulnerability
+- code refactoring removed thumb path to ajax calls
+- improve file/folder permission layout and fixed a error
+- fixed a problem with image editor
+- added vitnamese language
+
 
 *********************************************************
 *  RFM 9.9.5

diff --git a/filemanager/ajax_calls.php b/filemanager/ajax_calls.php
@@ -305,7 +305,7 @@
 				exit;
 			}
 
-			if (trim($_POST['path']) == '' || trim($_POST['path_thumb']) == '')
+			if (trim($_POST['path']) == '')
 			{
 				response('no path', 400)->send();
 				exit;
@@ -353,7 +353,6 @@
 			}
 
 			$_SESSION['RF']['clipboard']['path'] = $_POST['path'];
-			$_SESSION['RF']['clipboard']['path_thumb'] = $_POST['path_thumb'];
 			$_SESSION['RF']['clipboard_action'] = $_POST['sub_action'];
 			break;
 		case 'clear_clipboard':

diff --git a/filemanager/dialog.php b/filemanager/dialog.php
@@ -741,9 +741,9 @@ function extensionSort($x, $y) {
 				    <?php } ?>
 				    <div class='file-extension'><?php echo trans('Type_dir'); ?></div>
 				    <figcaption>
-					    <a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_folders && !$file_prevent_rename) echo "rename-folder"; ?>" title="<?php echo trans('Rename')?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>" data-thumb="<?php echo $thumbs_path.$subdir.$file; ?>">
+					    <a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_folders && !$file_prevent_rename) echo "rename-folder"; ?>" title="<?php echo trans('Rename')?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>"">
 					    <i class="icon-pencil <?php if(!$rename_folders || $file_prevent_rename) echo 'icon-white'; ?>"></i></a>
-					    <a href="javascript:void('')" class="tip-left erase-button <?php if($delete_folders && !$file_prevent_delete) echo "delete-folder"; ?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_Folder_del'); ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>"  data-thumb="<?php echo $thumbs_path.$subdir .$file; ?>">
+					    <a href="javascript:void('')" class="tip-left erase-button <?php if($delete_folders && !$file_prevent_delete) echo "delete-folder"; ?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_Folder_del'); ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>" >
 					    <i class="icon-trash <?php if(!$delete_folders || $file_prevent_delete) echo 'icon-white'; ?>"></i>
 					    </a>
 				    </figcaption>
@@ -923,10 +923,10 @@ function extensionSort($x, $y) {
 				    <?php }else{ ?>
 				    <a class="preview disabled"><i class="icon-eye-open icon-white"></i></a>
 				    <?php } ?>
-				    <a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_files && !$file_prevent_rename) echo "rename-file"; ?>" title="<?php echo trans('Rename')?>" data-path="<?php echo $rfm_subfolder.$subdir .$file; ?>" data-thumb="<?php echo $thumbs_path.$subdir .$file; ?>">
+				    <a href="javascript:void('')" class="tip-left edit-button rename-file-paths <?php if($rename_files && !$file_prevent_rename) echo "rename-file"; ?>" title="<?php echo trans('Rename')?>" data-path="<?php echo $rfm_subfolder.$subdir .$file; ?>">
  				    <i class="icon-pencil <?php if(!$rename_files || $file_prevent_rename) echo 'icon-white'; ?>"></i></a>
 
-				    <a href="javascript:void('')" class="tip-left erase-button <?php if($delete_files && !$file_prevent_delete) echo "delete-file"; ?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_del'); ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>" data-thumb="<?php echo $thumbs_path.$subdir .$file; ?>">
+				    <a href="javascript:void('')" class="tip-left erase-button <?php if($delete_files && !$file_prevent_delete) echo "delete-file"; ?>" title="<?php echo trans('Erase')?>" data-confirm="<?php echo trans('Confirm_del'); ?>" data-path="<?php echo $rfm_subfolder.$subdir.$file; ?>">
  				    <i class="icon-trash <?php if(!$delete_files || $file_prevent_delete) echo 'icon-white'; ?>"></i>
 				    </a>
 				    </form>

diff --git a/filemanager/execute.php b/filemanager/execute.php
@@ -11,11 +11,7 @@
 	exit;
 }
 
-$thumb_pos  = strpos($_POST['path_thumb'], $thumbs_base_path);
-
-if ($thumb_pos !=0
-    || strpos($_POST['path_thumb'],'../',strlen($thumbs_base_path)+$thumb_pos)!==FALSE
-    || strpos($_POST['path'],'/')===0
+if (strpos($_POST['path'],'/')===0
     || strpos($_POST['path'],'../')!==FALSE
     || strpos($_POST['path'],'./')===0)
 {
@@ -54,7 +50,7 @@
 }
 
 $path = $current_path.$_POST['path'];
-$path_thumb = $_POST['path_thumb'];
+$path_thumb = $thumbs_base_path.$_POST['path'];
 if (isset($_POST['name']))
 {
     $name = fix_filename($_POST['name'],$transliteration,$convert_spaces, $replace_with);
@@ -197,25 +193,20 @@
 				exit;
             }
 
-            // correct paths
-            $path = str_replace($old_name, $name, $path);
-            $path_thumb = str_replace($old_name, $name, $path_thumb);
-
             // file already exists
-            if (file_exists($path)) {
+            if (file_exists($path.$name)) {
                 response(trans('Rename_existing_file'), 403)->send();
 				exit;
             }
 
             $content = $_POST['new_content'];
-
-            if (@file_put_contents($path, $content) === FALSE) {
+            if (@file_put_contents($path.$name, $content) === FALSE) {
                 response(trans('File_Save_Error'), 500)->send();
 				exit;
             }
             else {
                 if (is_function_callable('chmod') !== FALSE){
-                    chmod($path, 0644);
+                    chmod($path.$name, 0644);
                 }
                 response(trans('File_Save_OK'))->send();
 				exit;
@@ -295,10 +286,9 @@
             }
             break;
         case 'paste_clipboard':
-            if ( ! isset($_SESSION['RF']['clipboard_action'], $_SESSION['RF']['clipboard']['path'], $_SESSION['RF']['clipboard']['path_thumb'])
+            if ( ! isset($_SESSION['RF']['clipboard_action'], $_SESSION['RF']['clipboard']['path'])
                 || $_SESSION['RF']['clipboard_action'] == ''
-                || $_SESSION['RF']['clipboard']['path'] == ''
-                || $_SESSION['RF']['clipboard']['path_thumb'] == '')
+                || $_SESSION['RF']['clipboard']['path'] == '')
             {
                 response()->send();
 				exit;
@@ -307,6 +297,7 @@
             $action = $_SESSION['RF']['clipboard_action'];
             $data = $_SESSION['RF']['clipboard'];
             $data['path'] = $current_path.$data['path'];
+            $data['path_thumb'] = $thumbs_base_path.$data['path'];
             $pinfo = pathinfo($data['path']);
 
             // user wants to paste to the same dir. nothing to do here...
@@ -358,7 +349,6 @@
 
             // cleanup
             $_SESSION['RF']['clipboard']['path'] = NULL;
-            $_SESSION['RF']['clipboard']['path_thumb'] = NULL;
             $_SESSION['RF']['clipboard_action'] = NULL;
 
             break;