github
/
KodExplorer
mirror of https://github.com/kalcaddle/KodExplorer
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge d948b13911 into 13f460da87

pull/50/merge
Ben Khlifa Fahmi 2016-07-28 21:31:01 +00:00 committed by GitHub
parent 13f460da87 d948b13911
commit 9ef0203d84
9 changed files with 1382 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -60,3 +60,7 @@
## desktop
![](https://cloud.githubusercontent.com/assets/3761968/2583348/1b260572-b9d0-11e3-8f3e-3004dbbc63c9.png)
#### *Security :
#####This Application has been fixed and secured by Ben Khlifa Fahmi (https://www.benkhlifa.com/) , From the Tunisian Whitehats Security Team.

24
controller/app.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @Secured by Ben Khlifa Fahmi
*/
class app extends Controller{
@ -81,9 +82,13 @@ class app extends Controller{
* 添加
*/
public function add() {
$res=$this->sql->add(rawurldecode($this->in['name']),$this->_init());
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$res=$this->sql->add(rawurldecode($this->in['name']),$this->_init());
if($res) show_json($this->L['success']);
show_json($this->L['error_repeat'],false);
show_json($this->L['error_repeat'],false);}}else{
header('Location: 403.php');
}
}
/**
@ -91,21 +96,28 @@ class app extends Controller{
*/
public function edit() {
//查找到一条记录,修改为该数组
if($this->sql->replace_update(
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if($this->sql->replace_update(
rawurldecode($this->in['old_name']),
rawurldecode($this->in['name']),$this->_init())){
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
show_json($this->L['error_repeat'],false);}}else{
header('Location: 403.php');}
}
/**
* 删除
*/
public function del() {
if($this->sql->delete(rawurldecode($this->in['name']))){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if($this->sql->delete(rawurldecode($this->in['name']))){
show_json($this->L['success']);
}
show_json($this->L['error'],false);
show_json($this->L['error'],false);}}else{
header('Location: 403.php');
}
}
public function get_url_title(){

10
controller/editor.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @secured by Ben Khlifa Fahmi
*/
class editor extends Controller{
@ -43,7 +44,9 @@ class editor extends Controller{
show_json($data);
}
public function fileSave(){
$filestr = rawurldecode($this->in['filestr']);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$filestr = rawurldecode($this->in['filestr']);
$charset = $this->in['charset'];
$path =_DIR($this->in['path']);
if (!is_writable($path)) show_json($this->L['no_permission_write_file'],false);
@ -55,6 +58,9 @@ class editor extends Controller{
fwrite($fp,$filestr);
fclose($fp);
show_json($this->L['save_success']);
}}else{
header('Location: index.php');
}
}
/*
@ -120,4 +126,4 @@ class editor extends Controller{
if ($charset == 'ascii') $charset = 'utf-8';
return strtolower($charset);
}
}
}

53
controller/explorer.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @secured by Ben Khlifa Fahmi
*/
class explorer extends Controller{
@ -50,6 +51,10 @@ class explorer extends Controller{
}
public function pathChmod(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$info_list = json_decode($this->in['list'],true);
$mod = octdec('0'.$this->in['mod']);
$success=0;$error=0;
@ -67,6 +72,9 @@ class explorer extends Controller{
$info = $this->L['success'];
}
show_json($info,$state);
}}else{
header('Location: 403.php');
}
}
private function _pathAllow($path){
@ -79,7 +87,11 @@ class explorer extends Controller{
}
}
public function pathRname(){
if (!is_writable($this->path)) {
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
if (!is_writable($this->path)) {
show_json($this->L['no_permission_write_all'],false);
}
$rname_to=_DIR($this->in['rname_to']);
@ -89,6 +101,9 @@ class explorer extends Controller{
}
rename($this->path,$rname_to);
show_json($this->L['rname_success']);
}}else{
header('Location: 403.php');
}
}
public function pathList(){
load_class('history');
@ -249,7 +264,9 @@ class explorer extends Controller{
}
}
public function pathDelete(){
$list = json_decode($this->in['list'],true);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$list = json_decode($this->in['list'],true);
if (!is_writable(USER_RECYCLE)) show_json($this->L['no_permission_write'],false);
$success=0;$error=0;
foreach ($list as $val) {
@ -268,9 +285,15 @@ class explorer extends Controller{
$info = $this->L['remove_success'];
}
show_json($info,$state);
}}else{
header('Location: 403.php');
}
}
public function pathDeleteRecycle(){
if(!isset($this->in['list'])){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{ if(!isset($this->in['list'])){
if (!del_dir(USER_RECYCLE)) {
show_json($this->L['remove_fali'],false);
}else{
@ -297,10 +320,12 @@ class explorer extends Controller{
}else{
$code = $error==0?true:false;
show_json($this->L['remove_success'].$success.'success,'.$error.'error',$code);
}
} }}else{header('Location: 403.php');}
}
public function mkfile(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$new= rtrim($this->path,'/');
$this->_pathAllow($new);
if(touch($new)){
@ -311,10 +336,17 @@ class explorer extends Controller{
show_json($this->L['create_success'],true,get_path_this($new));
}else{
show_json($this->L['create_error'],false);
}
}}
}else{
header("Location: 403.php");
}
}
public function mkdir(){
$new = rtrim($this->path,'/');
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$new = rtrim($this->path,'/');
$this->_pathAllow($new);
if(mkdir($new,0777)){
chmod_path($new,0777);
@ -322,6 +354,9 @@ class explorer extends Controller{
}else{
show_json($this->L['create_error'],false);
}
}}else{
header('Location: 403.php');
}
}
public function pathCopy(){
session_start();//re start
@ -593,6 +628,8 @@ class explorer extends Controller{
// 远程下载
public function serverDownload() {
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$uuid = 'download_'.$this->in['uuid'];
if ($this->in['type'] == 'percent') {//获取下载进度
//show_json($_SESSION[$uuid]);
@ -643,6 +680,8 @@ class explorer extends Controller{
}
}else{
show_json($this->L['download_error_create'],false);
}}}else{
header('Location: 403.php');
}
}
@ -797,4 +836,4 @@ class explorer extends Controller{
_DIR_OUT($list);
return $list;
}
}
}

206
controller/group.class.php
View File

@ -4,85 +4,147 @@
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @secured : Ben Khlifa Fahmi
*/
class group extends Controller
class group extends Controller{
private $sql;
function __construct() {
parent::__construct();
$this->sql=new fileCache(USER_SYSTEM.'group.php');
}
public function get() {
show_json($this->sql->get());
}
/**
* 用户添加
*/
public function add(){
$group = $this->_init_data();
if($this->sql->add($this->in['role'],$group)){
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
}
{
private $sql;
function __construct()
{
parent::__construct();
$this->sql = new fileCache(USER_SYSTEM . 'group.php');
}
/**
* 编辑
*/
public function edit(){
$group = $this->_init_data();
$role_old = $this->in['role_old'];
if (!$role_old) show_json($this->L["groupname_can_not_null"],false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'],false);
public
if ($this->sql->replace_update($role_old,$this->in['role'],$group)){
$member = new fileCache(USER_SYSTEM.'member.php');
if ($member -> update('role',$this->in['role'],$role_old)) {
show_json($this->L['success']);
}
show_json($this->L['group_move_user_error'],false);
}
show_json($this->L['error_repeat'],false);
}
function get()
{
show_json($this->sql->get());
}
/**
* 删除
*/
public function del() {
$role = $this->in['role'];
if (!$role) show_json($this->L["groupname_can_not_null"],false);
if ($role == 'root') show_json($this->L['default_group_can_not_do'],false);
if($this->sql->delete($role)){
$member = new fileCache(USER_SYSTEM.'member.php');
$member -> update('role','',$role);//改组用户设置为空
show_json($this->L['success']);
}
show_json($this->L['error'],false);
}
/**
* 用户添加
*/
public
function add()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$group = $this->_init_data();
if ($this->sql->add($this->in['role'], $group))
{
show_json($this->L['success']);
}
//===========内部调用============
/**
* 初始化数据 get
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname
*/
private function _init_data(){
if (strlen($this->in['role'])<1) show_json($this->L["groupname_can_not_null"],false);
if (strlen($this->in['name'])<1) show_json($this->L["groupdesc_can_not_null"],false);
$role_arr = array('role'=>$this->in['role'],'name'=>$this->in['name']);
$role_arr['ext_not_allow'] = $this->in['ext_not_allow'];
foreach ($this->config['role_setting'] as $key => $actions) {
foreach ($actions as $action) {
$k = $key.':'.$action;
if (isset($this->in[$k])){
$role_arr[$k] = 1;
}else{
$role_arr[$k] = 0;
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
/**
* 编辑
*/
public
function edit()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$group = $this->_init_data();
$role_old = $this->in['role_old'];
if (!$role_old) show_json($this->L["groupname_can_not_null"], false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->replace_update($role_old, $this->in['role'], $group))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
if ($member->update('role', $this->in['role'], $role_old))
{
show_json($this->L['success']);
}
show_json($this->L['group_move_user_error'], false);
}
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
/**
* 删除
*/
public
function del()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$role = $this->in['role'];
if (!$role) show_json($this->L["groupname_can_not_null"], false);
if ($role == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->delete($role))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
$member->update('role', '', $role); //改组用户设置为空
show_json($this->L['success']);
}
show_json($this->L['error'], false);
}
}
else
{
header('Location: 403.php');
}
}
return $role_arr;
}
}
// ===========内部调用============
/**
* 初始化数据 get
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname
*/
private
function _init_data()
{
if (strlen($this->in['role']) < 1) show_json($this->L["groupname_can_not_null"], false);
if (strlen($this->in['name']) < 1) show_json($this->L["groupdesc_can_not_null"], false);
$role_arr = array(
'role' => $this->in['role'],
'name' => $this->in['name']
);
$role_arr['ext_not_allow'] = $this->in['ext_not_allow'];
foreach($this->config['role_setting'] as $key => $actions)
{
foreach($actions as $action)
{
$k = $key . ':' . $action;
if (isset($this->in[$k]))
{
$role_arr[$k] = 1;
}
else
{
$role_arr[$k] = 0;
}
}
}
return $role_arr;
}
}

169
controller/member.class.php
View File

@ -1,107 +1,138 @@
<?php
/*
* @link http://www.kalcaddle.com/
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
*/
* @link http://www.kalcaddle.com/
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @Security : Ben Khlifa Fahmi - Tunisian Whitehats Security / https://www.benkhlifa.com/
*/
class member extends Controller{
class member extends Controller
{
private $sql;
function __construct() {
function __construct()
{
parent::__construct();
$this->tpl = TEMPLATE.'member/';
$this->sql=new fileCache(USER_SYSTEM.'member.php');
$this->tpl = TEMPLATE . 'member/';
$this->sql = new fileCache(USER_SYSTEM . 'member.php');
}
/**
* 获取用户列表数据
*/
public function get() {
public function get()
{
show_json($this->sql->get());
}
/**
* 用户添加
*/
public function add(){
if (!$this->in['name'] ||
!$this->in['password'] ||
!$this->in['role'] ) show_json($this->L["data_not_full"],false);
$this->in['name'] = rawurldecode($this->in['name']);
$this->in['password'] = rawurldecode($this->in['password']);
$user = array(
'name' => rawurldecode($this->in['name']),
'password' => md5(rawurldecode($this->in['password'])),
'role' => $this->in['role'],
'status' => 0,
);
if ($this->sql->add($this->in['name'],$user)) {
$this->_initUser($this->in['name']);
show_json($this->L['success']);
public function add()
{
if (!$this->in['name'] || !$this->in['password'] || !$this->in['role'])
show_json($this->L["data_not_full"], false);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$this->in['name'] = rawurldecode($this->in['name']);
$this->in['password'] = rawurldecode($this->in['password']);
$user = array(
'name' => rawurldecode($this->in['name']),
'password' => md5(rawurldecode($this->in['password'])),
'role' => $this->in['role'],
'status' => 0
);
if ($this->sql->add($this->in['name'], $user)) {
$this->_initUser($this->in['name']);
show_json($referer);
}
show_json($this->L['error_repeat'], false);
}
} else {
header('Location: 403.php');
}
show_json($this->L['error_repeat'],false);
}
/**
* 编辑
*/
public function edit() {
if (!$this->in['name'] ||
!$this->in['name_to'] ||
!$this->in['role_to'] ) show_json($this->L["data_not_full"],false);
$this->in['name'] = rawurldecode($this->in['name']);
$this->in['name_to'] = rawurldecode($this->in['name_to']);
$this->in['password_to'] = rawurldecode($this->in['password_to']);
if ($this->in['name'] == 'admin') show_json($this->L['default_user_can_not_do'],false);
//查找到一条记录,修改为该数组
$user = $this->sql->get($this->in['name']);
$user['name'] = $this->in['name_to'];
$user['role'] = $this->in['role_to'];
if (strlen($this->in['password_to'])>=1) {
$user['password'] = md5($this->in['password_to']);
public function edit()
{
if (!$this->in['name'] || !$this->in['name_to'] || !$this->in['role_to'])
show_json($this->L["data_not_full"], false);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$this->in['name'] = rawurldecode($this->in['name']);
$this->in['name_to'] = rawurldecode($this->in['name_to']);
$this->in['password_to'] = rawurldecode($this->in['password_to']);
if ($this->in['name'] == 'admin')
show_json($this->L['default_user_can_not_do'], false);
//查找到一条记录,修改为该数组
$user = $this->sql->get($this->in['name']);
$user['name'] = $this->in['name_to'];
$user['role'] = $this->in['role_to'];
if (strlen($this->in['password_to']) >= 1) {
$user['password'] = md5($this->in['password_to']);
}
if ($this->sql->replace_update($this->in['name'], $user['name'], $user)) {
rename(USER_PATH . $this->in['name'], USER_PATH . $this->in['name_to']);
show_json($this->L['success']);
}
show_json($this->L['error_repeat'], false);
}
} else {
header('Location: 403.php');
}
if($this->sql->replace_update($this->in['name'],$user['name'],$user)){
rename(USER_PATH.$this->in['name'],USER_PATH.$this->in['name_to']);
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
}
/**
* 删除
*/
public function del() {
public function del()
{
$name = $this->in['name'];
if (!$name) show_json($this->L["username_can_not_null"],false);
if ($name == 'admin') show_json($this->L['default_user_can_not_do'],false);
if($this->sql->delete($name)){
del_dir(USER_PATH.$name.'/');
show_json($this->L['success']);
if (!$name)
show_json($this->L["username_can_not_null"], false);
if ($name == 'admin')
show_json($this->L['default_user_can_not_do'], false);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if ($this->sql->delete($name)) {
del_dir(USER_PATH . $name . '/');
show_json($this->L['success']);
}
show_json($this->L['error'], false);
}
} else {
header('Location: 403.html');
}
show_json($this->L['error'],false);
}
//============内部处理函数=============
/**
*初始化用户数据和配置。
*/
public function _initUser($name){
$root = array('home','recycle','data');
*/
public function _initUser($name)
{
$root = array(
'home',
'recycle',
'data'
);
$new_user_folder = $this->config['setting_system']['new_user_folder'];
$home = explode(',',$new_user_folder);
$user_path = USER_PATH.$name.'/';
$home = explode(',', $new_user_folder);
$user_path = USER_PATH . $name . '/';
mk_dir($user_path);
foreach ($root as $dir) {
mk_dir($user_path.$dir);
mk_dir($user_path . $dir);
}
foreach ($home as $dir) {
mk_dir($user_path.'home/'.$dir);
mk_dir($user_path . 'home/' . $dir);
}
fileCache::save($user_path.'data/config.php',$this->config['setting_default']);
fileCache::save($user_path . 'data/config.php', $this->config['setting_default']);
}
}
}

20
controller/userShare.class.php
View File

@ -34,6 +34,9 @@ class userShare extends Controller{
* 编辑
*/
public function set(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$share_info = $this->_getData();
//含有sid则为更新否则为插入
@ -60,17 +63,26 @@ class userShare extends Controller{
show_json($this->L['error'],false);
}
show_json($this->L['error'],false);
}}else{
header('Location: 403.php');
}
}
/**
* 删除
*/
public function del() {
$list = json_decode($this->in['list'],true);
foreach ($list as $val) {
$this->sql->delete($val['path']);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$list = json_decode($this->in['list'],true);
foreach ($list as $val) {
$this->sql->delete($val['path']);
}
show_json($this->L['success'],true);
}
}else{
header('Location: 403.php');
}
show_json($this->L['success'],true);
}
public function _getData(){

1055
static/js/app/src/setting/main.js
View File

File diff suppressed because one or more lines are too long

6
template/share/file.php
View File

@ -52,12 +52,12 @@
</div><!-- / frame-main end-->
<?php include(TEMPLATE.'common/footer.html');?>
<script src="<?php echo STATIC_PATH;?>js/lib/seajs/sea.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="./index.php?share/common_js&user=<?php echo $_GET['user'];?>&sid=<?php echo $_GET['sid'];?>&#=<?php echo rand_string(8);?>"></script>
<script src="./index.php?share/common_js&user=<?php echo htmlentities($_GET['user']);?>&sid=<?php echo htmlentities($_GET['sid']);?>&#=<?php echo rand_string(8);?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ace.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ext-static_highlight.js?ver=<?php echo KOD_VERSION;?>"></script>
<script type="text/javascript">
AUTH = {'explorer:fileDownload':<?php echo $can_download;?>};
G.user = "<?php echo $_GET['user'];?>";
G.user = "<?php echo htmlentities($_GET['user']);?>";
G.path = "<?php echo (isset($_GET['path'])?urlencode($_GET['path']):'') ;?>";
G.sid = "<?php echo $_GET['sid'];?>";
G.share_info = <?php echo json_encode($share_info);?>;
@ -72,4 +72,4 @@
seajs.use("app/src/share_index/main");
</script>
</body>
</html>
</html>