litefm fix

This commit is contained in:
Frank Harris 2026-06-10 19:14:48 -04:00
parent 751874ea8c
commit 68d2113c76
5 changed files with 48 additions and 12 deletions

View file

@ -481,9 +481,9 @@ function exec_ogp_module()
echo empty($home_cfg['home_name']) ? get_lang("not_available") : htmlentities($home_cfg['home_name']); echo empty($home_cfg['home_name']) ? get_lang("not_available") : htmlentities($home_cfg['home_name']);
echo "</h2>"; echo "</h2>";
$_SESSION['fm_files_'.$home_id] = array(); $_SESSION['fm_files_'.$home_id] = array();
$show_path = (isset($_SESSION['fm_cwd_'.$home_id])) ? clean_path($_SESSION['fm_cwd_'.$home_id]) : "/"; $show_path = litefm_display_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
if($isAdmin) if ($show_path === false)
$show_path = clean_path($home_cfg['home_path'].$show_path); $show_path = clean_path($home_cfg['home_path']);
echo "<table class='center'><tr><td><a href='?m=gamemanager&amp;p=game_monitor&amp;home_id=".$home_cfg['home_id']."'><< ". get_lang("back") ."</a></td></tr></table>"; echo "<table class='center'><tr><td><a href='?m=gamemanager&amp;p=game_monitor&amp;home_id=".$home_cfg['home_id']."'><< ". get_lang("back") ."</a></td></tr></table>";
if ($remote->rfile_exists($path)) if ($remote->rfile_exists($path))
{ {

View file

@ -60,9 +60,9 @@ function exec_ogp_module()
if (litefm_check($home_id) === FALSE) if (litefm_check($home_id) === FALSE)
return; return;
$show_path = (isset($_SESSION['fm_cwd_'.$home_id])) ? clean_path($_SESSION['fm_cwd_'.$home_id]) : "/"; $show_path = litefm_display_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
if($isAdmin) if ($show_path === false)
$show_path = clean_path($home_cfg['home_path'].$show_path); $show_path = clean_path($home_cfg['home_path']);
echo "<table class='center' style='width:100%;'>".show_back($home_id)."</table>"; echo "<table class='center' style='width:100%;'>".show_back($home_id)."</table>";
echo "<table class='center' style='width:100%;' ><tr>\n". echo "<table class='center' style='width:100%;' ><tr>\n".
"<td colspan='3' ><h3>$show_path</h3></td>". "<td colspan='3' ><h3>$show_path</h3></td>".
@ -71,7 +71,12 @@ function exec_ogp_module()
$remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']); $remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']);
$data = ""; $data = "";
$rel_path = isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id]:''; $rel_path = isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id]:'';
$filepath = clean_path($home_cfg['home_path']."/".$rel_path); $filepath = litefm_safe_join_home_path($home_cfg['home_path'], $rel_path);
if ($filepath === false)
{
print_failure(get_lang('unallowed_char'));
return;
}
$file_info = $remote->remote_readfile($filepath ,$data); $file_info = $remote->remote_readfile($filepath ,$data);
if ( $file_info === 0 ) if ( $file_info === 0 )
{ {
@ -101,7 +106,7 @@ function exec_ogp_module()
editor.setTheme("ace/theme/tomorrow"); editor.setTheme("ace/theme/tomorrow");
(function () { (function () {
var modelist = ace.require("ace/ext/modelist"); var modelist = ace.require("ace/ext/modelist");
var filePath = "<?php echo $rel_path; ?>"; var filePath = "<?php echo htmlspecialchars($rel_path, ENT_QUOTES, 'UTF-8'); ?>";
var mode = modelist.getModeForPath(filePath).mode; var mode = modelist.getModeForPath(filePath).mode;
console.log(mode); console.log(mode);
editor.session.setMode(mode); editor.session.setMode(mode);

View file

@ -60,11 +60,17 @@ function exec_ogp_module()
$_REQUEST['file_content'] = strip_real_escape_string($_REQUEST['file_content']); $_REQUEST['file_content'] = strip_real_escape_string($_REQUEST['file_content']);
$remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']); $remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']);
$file_info = $remote->remote_writefile($home_cfg['home_path']."/".$_SESSION['fm_cwd_'.$home_id], $_REQUEST['file_content']); $target_path = litefm_safe_join_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
if ($target_path === false)
{
print_failure(get_lang('unallowed_char'));
return;
}
$file_info = $remote->remote_writefile($target_path, $_REQUEST['file_content']);
if ( $file_info === 1 ) if ( $file_info === 1 )
{ {
print_success(get_lang('wrote_changes')); print_success(get_lang('wrote_changes'));
$db->logger(get_lang('wrote_changes')." ( ".$home_cfg['home_name']." - ".$home_cfg['home_path'].$_SESSION['fm_cwd_'.$home_id]." )"); $db->logger(get_lang('wrote_changes')." ( ".$home_cfg['home_name']." - ".litefm_display_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '')." )");
} }
else if ( $file_info === 0 ) else if ( $file_info === 0 )
print_failure(get_lang('failed_write')); print_failure(get_lang('failed_write'));

View file

@ -75,7 +75,7 @@ function exec_ogp_module()
if (litefm_check($home_id) === FALSE) if (litefm_check($home_id) === FALSE)
return; return;
$_SESSION['download'][$did]['fileph'] = $_SESSION['fm_cwd_'.$home_id]; $_SESSION['download'][$did]['fileph'] = $_SESSION['fm_cwd_'.$home_id];
$_SESSION['fm_cwd_'.$home_id] = dirname($_SESSION['fm_cwd_'.$home_id]); $_SESSION['fm_cwd_'.$home_id] = litefm_parent_relative_path(isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
$_SESSION['download'][$did]['offset'] = 0; $_SESSION['download'][$did]['offset'] = 0;
} }

View file

@ -92,6 +92,31 @@ function litefm_safe_join_home_path($homePath, $relativePath)
return $fullPath; return $fullPath;
} }
function litefm_display_home_path($homePath, $relativePath)
{
$normalizedRel = litefm_normalize_relative_path($relativePath);
if ($normalizedRel === false) {
return false;
}
if ($normalizedRel === '') {
return clean_path((string)$homePath);
}
return clean_path(rtrim((string)$homePath, '/') . '/' . $normalizedRel);
}
function litefm_parent_relative_path($relativePath)
{
$normalizedRel = litefm_normalize_relative_path($relativePath);
if ($normalizedRel === false || $normalizedRel === '') {
return '';
}
$lastSlash = strrpos($normalizedRel, '/');
if ($lastSlash === false) {
return '';
}
return substr($normalizedRel, 0, $lastSlash);
}
function do_progress($kbytes,$totalsize) function do_progress($kbytes,$totalsize)
{ {
if( $totalsize != 0 ) if( $totalsize != 0 )
@ -170,7 +195,7 @@ function litefm_check($home_id)
// To go back a dir, we just use dirname to strip the last directory or file off the path // To go back a dir, we just use dirname to strip the last directory or file off the path
if (isset($_GET['back']) and !isset($_GET['upload']) and !isset( $_POST['delete'] ) and !isset( $_POST['create_folder'] ) and !isset( $_POST['secureButton'] ) and !isset( $_POST['delete_check'] ) and !isset( $_POST['secure_check'] )) if (isset($_GET['back']) and !isset($_GET['upload']) and !isset( $_POST['delete'] ) and !isset( $_POST['create_folder'] ) and !isset( $_POST['secureButton'] ) and !isset( $_POST['delete_check'] ) and !isset( $_POST['secure_check'] ))
{ {
$_SESSION['fm_cwd_'.$home_id] = dirname( $_SESSION['fm_cwd_'.$home_id] ); $_SESSION['fm_cwd_'.$home_id] = litefm_parent_relative_path(isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
} }
return TRUE; return TRUE;