github
/
KodExplorer
mirror of https://github.com/kalcaddle/KodExplorer
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge d948b13911 into 13f460da87

pull/50/merge
Ben Khlifa Fahmi 2016-07-28 21:31:01 +00:00 committed by GitHub
parent 13f460da87 d948b13911
commit 9ef0203d84
9 changed files with 1382 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -60,3 +60,7 @@
## desktop ## desktop
![](https://cloud.githubusercontent.com/assets/3761968/2583348/1b260572-b9d0-11e3-8f3e-3004dbbc63c9.png) ![](https://cloud.githubusercontent.com/assets/3761968/2583348/1b260572-b9d0-11e3-8f3e-3004dbbc63c9.png)
#### *Security :
#####This Application has been fixed and secured by Ben Khlifa Fahmi (https://www.benkhlifa.com/) , From the Tunisian Whitehats Security Team.

24
controller/app.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
* @Secured by Ben Khlifa Fahmi
*/ */
class app extends Controller{ class app extends Controller{
@ -81,9 +82,13 @@ class app extends Controller{
* 添加 * 添加
*/ */
public function add() { public function add() {
$res=$this->sql->add(rawurldecode($this->in['name']),$this->_init()); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$res=$this->sql->add(rawurldecode($this->in['name']),$this->_init());
if($res) show_json($this->L['success']); if($res) show_json($this->L['success']);
show_json($this->L['error_repeat'],false); show_json($this->L['error_repeat'],false);}}else{
header('Location: 403.php');
}
} }
/** /**
@ -91,21 +96,28 @@ class app extends Controller{
*/ */
public function edit() { public function edit() {
//查找到一条记录,修改为该数组 //查找到一条记录,修改为该数组
if($this->sql->replace_update( if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if($this->sql->replace_update(
rawurldecode($this->in['old_name']), rawurldecode($this->in['old_name']),
rawurldecode($this->in['name']),$this->_init())){ rawurldecode($this->in['name']),$this->_init())){
show_json($this->L['success']); show_json($this->L['success']);
} }
show_json($this->L['error_repeat'],false); show_json($this->L['error_repeat'],false);}}else{
header('Location: 403.php');}
} }
/** /**
* 删除 * 删除
*/ */
public function del() { public function del() {
if($this->sql->delete(rawurldecode($this->in['name']))){ if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if($this->sql->delete(rawurldecode($this->in['name']))){
show_json($this->L['success']); show_json($this->L['success']);
} }
show_json($this->L['error'],false); show_json($this->L['error'],false);}}else{
header('Location: 403.php');
}
} }
public function get_url_title(){ public function get_url_title(){

8
controller/editor.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
* @secured by Ben Khlifa Fahmi
*/ */
class editor extends Controller{ class editor extends Controller{
@ -43,7 +44,9 @@ class editor extends Controller{
show_json($data); show_json($data);
} }
public function fileSave(){ public function fileSave(){
$filestr = rawurldecode($this->in['filestr']); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$filestr = rawurldecode($this->in['filestr']);
$charset = $this->in['charset']; $charset = $this->in['charset'];
$path =_DIR($this->in['path']); $path =_DIR($this->in['path']);
if (!is_writable($path)) show_json($this->L['no_permission_write_file'],false); if (!is_writable($path)) show_json($this->L['no_permission_write_file'],false);
@ -55,6 +58,9 @@ class editor extends Controller{
fwrite($fp,$filestr); fwrite($fp,$filestr);
fclose($fp); fclose($fp);
show_json($this->L['save_success']); show_json($this->L['save_success']);
}}else{
header('Location: index.php');
}
} }
/* /*

51
controller/explorer.class.php
View File

@ -4,6 +4,7 @@
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
* @secured by Ben Khlifa Fahmi
*/ */
class explorer extends Controller{ class explorer extends Controller{
@ -50,6 +51,10 @@ class explorer extends Controller{
} }
public function pathChmod(){ public function pathChmod(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$info_list = json_decode($this->in['list'],true); $info_list = json_decode($this->in['list'],true);
$mod = octdec('0'.$this->in['mod']); $mod = octdec('0'.$this->in['mod']);
$success=0;$error=0; $success=0;$error=0;
@ -67,6 +72,9 @@ class explorer extends Controller{
$info = $this->L['success']; $info = $this->L['success'];
} }
show_json($info,$state); show_json($info,$state);
}}else{
header('Location: 403.php');
}
} }
private function _pathAllow($path){ private function _pathAllow($path){
@ -79,7 +87,11 @@ class explorer extends Controller{
} }
} }
public function pathRname(){ public function pathRname(){
if (!is_writable($this->path)) { if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
if (!is_writable($this->path)) {
show_json($this->L['no_permission_write_all'],false); show_json($this->L['no_permission_write_all'],false);
} }
$rname_to=_DIR($this->in['rname_to']); $rname_to=_DIR($this->in['rname_to']);
@ -89,6 +101,9 @@ class explorer extends Controller{
} }
rename($this->path,$rname_to); rename($this->path,$rname_to);
show_json($this->L['rname_success']); show_json($this->L['rname_success']);
}}else{
header('Location: 403.php');
}
} }
public function pathList(){ public function pathList(){
load_class('history'); load_class('history');
@ -249,7 +264,9 @@ class explorer extends Controller{
} }
} }
public function pathDelete(){ public function pathDelete(){
$list = json_decode($this->in['list'],true); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$list = json_decode($this->in['list'],true);
if (!is_writable(USER_RECYCLE)) show_json($this->L['no_permission_write'],false); if (!is_writable(USER_RECYCLE)) show_json($this->L['no_permission_write'],false);
$success=0;$error=0; $success=0;$error=0;
foreach ($list as $val) { foreach ($list as $val) {
@ -268,9 +285,15 @@ class explorer extends Controller{
$info = $this->L['remove_success']; $info = $this->L['remove_success'];
} }
show_json($info,$state); show_json($info,$state);
}}else{
header('Location: 403.php');
}
} }
public function pathDeleteRecycle(){ public function pathDeleteRecycle(){
if(!isset($this->in['list'])){ if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{ if(!isset($this->in['list'])){
if (!del_dir(USER_RECYCLE)) { if (!del_dir(USER_RECYCLE)) {
show_json($this->L['remove_fali'],false); show_json($this->L['remove_fali'],false);
}else{ }else{
@ -297,10 +320,12 @@ class explorer extends Controller{
}else{ }else{
$code = $error==0?true:false; $code = $error==0?true:false;
show_json($this->L['remove_success'].$success.'success,'.$error.'error',$code); show_json($this->L['remove_success'].$success.'success,'.$error.'error',$code);
} } }}else{header('Location: 403.php');}
} }
public function mkfile(){ public function mkfile(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$new= rtrim($this->path,'/'); $new= rtrim($this->path,'/');
$this->_pathAllow($new); $this->_pathAllow($new);
if(touch($new)){ if(touch($new)){
@ -311,10 +336,17 @@ class explorer extends Controller{
show_json($this->L['create_success'],true,get_path_this($new)); show_json($this->L['create_success'],true,get_path_this($new));
}else{ }else{
show_json($this->L['create_error'],false); show_json($this->L['create_error'],false);
} }}
}else{
header("Location: 403.php");
}
} }
public function mkdir(){ public function mkdir(){
$new = rtrim($this->path,'/'); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$new = rtrim($this->path,'/');
$this->_pathAllow($new); $this->_pathAllow($new);
if(mkdir($new,0777)){ if(mkdir($new,0777)){
chmod_path($new,0777); chmod_path($new,0777);
@ -322,6 +354,9 @@ class explorer extends Controller{
}else{ }else{
show_json($this->L['create_error'],false); show_json($this->L['create_error'],false);
} }
}}else{
header('Location: 403.php');
}
} }
public function pathCopy(){ public function pathCopy(){
session_start();//re start session_start();//re start
@ -593,6 +628,8 @@ class explorer extends Controller{
// 远程下载 // 远程下载
public function serverDownload() { public function serverDownload() {
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$uuid = 'download_'.$this->in['uuid']; $uuid = 'download_'.$this->in['uuid'];
if ($this->in['type'] == 'percent') {//获取下载进度 if ($this->in['type'] == 'percent') {//获取下载进度
//show_json($_SESSION[$uuid]); //show_json($_SESSION[$uuid]);
@ -643,6 +680,8 @@ class explorer extends Controller{
} }
}else{ }else{
show_json($this->L['download_error_create'],false); show_json($this->L['download_error_create'],false);
}}}else{
header('Location: 403.php');
} }
} }

202
controller/group.class.php
View File

@ -4,85 +4,147 @@
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
* @secured : Ben Khlifa Fahmi
*/ */
class group extends Controller
class group extends Controller{ {
private $sql; private $sql;
function __construct() { function __construct()
parent::__construct(); {
$this->sql=new fileCache(USER_SYSTEM.'group.php'); parent::__construct();
} $this->sql = new fileCache(USER_SYSTEM . 'group.php');
}
public function get() { public
show_json($this->sql->get());
}
/**
* 用户添加
*/
public function add(){
$group = $this->_init_data();
if($this->sql->add($this->in['role'],$group)){
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
}
/** function get()
* 编辑 {
*/ show_json($this->sql->get());
public function edit(){ }
$group = $this->_init_data();
$role_old = $this->in['role_old'];
if (!$role_old) show_json($this->L["groupname_can_not_null"],false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'],false);
if ($this->sql->replace_update($role_old,$this->in['role'],$group)){ /**
$member = new fileCache(USER_SYSTEM.'member.php'); * 用户添加
if ($member -> update('role',$this->in['role'],$role_old)) { */
show_json($this->L['success']); public
}
show_json($this->L['group_move_user_error'],false);
}
show_json($this->L['error_repeat'],false);
}
/** function add()
* 删除 {
*/ if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
public function del() { {
$role = $this->in['role']; if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
if (!$role) show_json($this->L["groupname_can_not_null"],false); {
if ($role == 'root') show_json($this->L['default_group_can_not_do'],false); $group = $this->_init_data();
if($this->sql->delete($role)){ if ($this->sql->add($this->in['role'], $group))
$member = new fileCache(USER_SYSTEM.'member.php'); {
$member -> update('role','',$role);//改组用户设置为空 show_json($this->L['success']);
show_json($this->L['success']); }
}
show_json($this->L['error'],false);
}
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
//===========内部调用============ /**
/** * 编辑
* 初始化数据 get */
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname public
*/
private function _init_data(){
if (strlen($this->in['role'])<1) show_json($this->L["groupname_can_not_null"],false);
if (strlen($this->in['name'])<1) show_json($this->L["groupdesc_can_not_null"],false);
$role_arr = array('role'=>$this->in['role'],'name'=>$this->in['name']); function edit()
$role_arr['ext_not_allow'] = $this->in['ext_not_allow']; {
foreach ($this->config['role_setting'] as $key => $actions) { if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
foreach ($actions as $action) { {
$k = $key.':'.$action; if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
if (isset($this->in[$k])){ {
$role_arr[$k] = 1; $group = $this->_init_data();
}else{ $role_old = $this->in['role_old'];
$role_arr[$k] = 0; if (!$role_old) show_json($this->L["groupname_can_not_null"], false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->replace_update($role_old, $this->in['role'], $group))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
if ($member->update('role', $this->in['role'], $role_old))
{
show_json($this->L['success']);
}
show_json($this->L['group_move_user_error'], false);
}
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
/**
* 删除
*/
public
function del()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$role = $this->in['role'];
if (!$role) show_json($this->L["groupname_can_not_null"], false);
if ($role == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->delete($role))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
$member->update('role', '', $role); //改组用户设置为空
show_json($this->L['success']);
}
show_json($this->L['error'], false);
} }
} }
else
{
header('Location: 403.php');
}
} }
return $role_arr;
} // ===========内部调用============
}
/**
* 初始化数据 get
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname
*/
private
function _init_data()
{
if (strlen($this->in['role']) < 1) show_json($this->L["groupname_can_not_null"], false);
if (strlen($this->in['name']) < 1) show_json($this->L["groupdesc_can_not_null"], false);
$role_arr = array(
'role' => $this->in['role'],
'name' => $this->in['name']
);
$role_arr['ext_not_allow'] = $this->in['ext_not_allow'];
foreach($this->config['role_setting'] as $key => $actions)
{
foreach($actions as $action)
{
$k = $key . ':' . $action;
if (isset($this->in[$k]))
{
$role_arr[$k] = 1;
}
else
{
$role_arr[$k] = 0;
}
}
}
return $role_arr;
}
}

151
controller/member.class.php
View File

@ -1,107 +1,138 @@
<?php <?php
/* /*
* @link http://www.kalcaddle.com/ * @link http://www.kalcaddle.com/
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
*/ * @Security : Ben Khlifa Fahmi - Tunisian Whitehats Security / https://www.benkhlifa.com/
*/
class member extends Controller{ class member extends Controller
{
private $sql; private $sql;
function __construct() { function __construct()
{
parent::__construct(); parent::__construct();
$this->tpl = TEMPLATE.'member/'; $this->tpl = TEMPLATE . 'member/';
$this->sql=new fileCache(USER_SYSTEM.'member.php'); $this->sql = new fileCache(USER_SYSTEM . 'member.php');
} }
/** /**
* 获取用户列表数据 * 获取用户列表数据
*/ */
public function get() { public function get()
{
show_json($this->sql->get()); show_json($this->sql->get());
} }
/** /**
* 用户添加 * 用户添加
*/ */
public function add(){ public function add()
if (!$this->in['name'] || {
!$this->in['password'] || if (!$this->in['name'] || !$this->in['password'] || !$this->in['role'])
!$this->in['role'] ) show_json($this->L["data_not_full"],false); show_json($this->L["data_not_full"], false);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
$this->in['name'] = rawurldecode($this->in['name']); if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$this->in['password'] = rawurldecode($this->in['password']); $this->in['name'] = rawurldecode($this->in['name']);
$user = array( $this->in['password'] = rawurldecode($this->in['password']);
'name' => rawurldecode($this->in['name']), $user = array(
'password' => md5(rawurldecode($this->in['password'])), 'name' => rawurldecode($this->in['name']),
'role' => $this->in['role'], 'password' => md5(rawurldecode($this->in['password'])),
'status' => 0, 'role' => $this->in['role'],
); 'status' => 0
if ($this->sql->add($this->in['name'],$user)) { );
$this->_initUser($this->in['name']); if ($this->sql->add($this->in['name'], $user)) {
show_json($this->L['success']); $this->_initUser($this->in['name']);
show_json($referer);
}
show_json($this->L['error_repeat'], false);
}
} else {
header('Location: 403.php');
} }
show_json($this->L['error_repeat'],false);
} }
/** /**
* 编辑 * 编辑
*/ */
public function edit() { public function edit()
if (!$this->in['name'] || {
!$this->in['name_to'] || if (!$this->in['name'] || !$this->in['name_to'] || !$this->in['role_to'])
!$this->in['role_to'] ) show_json($this->L["data_not_full"],false); show_json($this->L["data_not_full"], false);
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$this->in['name'] = rawurldecode($this->in['name']); $this->in['name'] = rawurldecode($this->in['name']);
$this->in['name_to'] = rawurldecode($this->in['name_to']); $this->in['name_to'] = rawurldecode($this->in['name_to']);
$this->in['password_to'] = rawurldecode($this->in['password_to']); $this->in['password_to'] = rawurldecode($this->in['password_to']);
if ($this->in['name'] == 'admin') show_json($this->L['default_user_can_not_do'],false); if ($this->in['name'] == 'admin')
show_json($this->L['default_user_can_not_do'], false);
//查找到一条记录,修改为该数组 //查找到一条记录,修改为该数组
$user = $this->sql->get($this->in['name']); $user = $this->sql->get($this->in['name']);
$user['name'] = $this->in['name_to']; $user['name'] = $this->in['name_to'];
$user['role'] = $this->in['role_to']; $user['role'] = $this->in['role_to'];
if (strlen($this->in['password_to'])>=1) { if (strlen($this->in['password_to']) >= 1) {
$user['password'] = md5($this->in['password_to']); $user['password'] = md5($this->in['password_to']);
}
if ($this->sql->replace_update($this->in['name'], $user['name'], $user)) {
rename(USER_PATH . $this->in['name'], USER_PATH . $this->in['name_to']);
show_json($this->L['success']);
}
show_json($this->L['error_repeat'], false);
}
} else {
header('Location: 403.php');
} }
if($this->sql->replace_update($this->in['name'],$user['name'],$user)){
rename(USER_PATH.$this->in['name'],USER_PATH.$this->in['name_to']);
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
} }
/** /**
* 删除 * 删除
*/ */
public function del() { public function del()
{
$name = $this->in['name']; $name = $this->in['name'];
if (!$name) show_json($this->L["username_can_not_null"],false); if (!$name)
if ($name == 'admin') show_json($this->L['default_user_can_not_do'],false); show_json($this->L["username_can_not_null"], false);
if($this->sql->delete($name)){ if ($name == 'admin')
del_dir(USER_PATH.$name.'/'); show_json($this->L['default_user_can_not_do'], false);
show_json($this->L['success']); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if ($this->sql->delete($name)) {
del_dir(USER_PATH . $name . '/');
show_json($this->L['success']);
}
show_json($this->L['error'], false);
}
} else {
header('Location: 403.html');
} }
show_json($this->L['error'],false);
} }
//============内部处理函数============= //============内部处理函数=============
/** /**
*初始化用户数据和配置。 *初始化用户数据和配置。
*/ */
public function _initUser($name){ public function _initUser($name)
$root = array('home','recycle','data'); {
$root = array(
'home',
'recycle',
'data'
);
$new_user_folder = $this->config['setting_system']['new_user_folder']; $new_user_folder = $this->config['setting_system']['new_user_folder'];
$home = explode(',',$new_user_folder); $home = explode(',', $new_user_folder);
$user_path = USER_PATH.$name.'/'; $user_path = USER_PATH . $name . '/';
mk_dir($user_path); mk_dir($user_path);
foreach ($root as $dir) { foreach ($root as $dir) {
mk_dir($user_path.$dir); mk_dir($user_path . $dir);
} }
foreach ($home as $dir) { foreach ($home as $dir) {
mk_dir($user_path.'home/'.$dir); mk_dir($user_path . 'home/' . $dir);
} }
fileCache::save($user_path.'data/config.php',$this->config['setting_default']); fileCache::save($user_path . 'data/config.php', $this->config['setting_default']);
} }
} }

20
controller/userShare.class.php
View File

@ -34,6 +34,9 @@ class userShare extends Controller{
* 编辑 * 编辑
*/ */
public function set(){ public function set(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$share_info = $this->_getData(); $share_info = $this->_getData();
//含有sid则为更新否则为插入 //含有sid则为更新否则为插入
@ -60,17 +63,26 @@ class userShare extends Controller{
show_json($this->L['error'],false); show_json($this->L['error'],false);
} }
show_json($this->L['error'],false); show_json($this->L['error'],false);
}}else{
header('Location: 403.php');
}
} }
/** /**
* 删除 * 删除
*/ */
public function del() { public function del() {
$list = json_decode($this->in['list'],true); if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
foreach ($list as $val) { if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$this->sql->delete($val['path']); $list = json_decode($this->in['list'],true);
foreach ($list as $val) {
$this->sql->delete($val['path']);
}
show_json($this->L['success'],true);
}
}else{
header('Location: 403.php');
} }
show_json($this->L['success'],true);
} }
public function _getData(){ public function _getData(){

1055
static/js/app/src/setting/main.js
View File

File diff suppressed because one or more lines are too long

4
template/share/file.php
View File

@ -52,12 +52,12 @@
</div><!-- / frame-main end--> </div><!-- / frame-main end-->
<?php include(TEMPLATE.'common/footer.html');?> <?php include(TEMPLATE.'common/footer.html');?>
<script src="<?php echo STATIC_PATH;?>js/lib/seajs/sea.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/seajs/sea.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="./index.php?share/common_js&user=<?php echo $_GET['user'];?>&sid=<?php echo $_GET['sid'];?>&#=<?php echo rand_string(8);?>"></script> <script src="./index.php?share/common_js&user=<?php echo htmlentities($_GET['user']);?>&sid=<?php echo htmlentities($_GET['sid']);?>&#=<?php echo rand_string(8);?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ace.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ace.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ext-static_highlight.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ext-static_highlight.js?ver=<?php echo KOD_VERSION;?>"></script>
<script type="text/javascript"> <script type="text/javascript">
AUTH = {'explorer:fileDownload':<?php echo $can_download;?>}; AUTH = {'explorer:fileDownload':<?php echo $can_download;?>};
G.user = "<?php echo $_GET['user'];?>"; G.user = "<?php echo htmlentities($_GET['user']);?>";
G.path = "<?php echo (isset($_GET['path'])?urlencode($_GET['path']):'') ;?>"; G.path = "<?php echo (isset($_GET['path'])?urlencode($_GET['path']):'') ;?>";
G.sid = "<?php echo $_GET['sid'];?>"; G.sid = "<?php echo $_GET['sid'];?>";
G.share_info = <?php echo json_encode($share_info);?>; G.share_info = <?php echo json_encode($share_info);?>;