From 784901be2f737f718283ccb17668f3011e616a5e Mon Sep 17 00:00:00 2001
From: iaretechnician <iaretechnician@gmail.com>
Date: Wed, 10 Jun 2026 19:39:39 -0400
Subject: [PATCH] litefm fixes

---
 Panel/modules/litefm/fm_dir.php   | 26 +++++++++++++++++++++++---
 Panel/modules/litefm/fm_read.php  | 16 ++++++++++++++--
 Panel/modules/litefm/fm_write.php | 18 ++++++++++++++++--
 Panel/modules/litefm/get_file.php | 19 ++++++++++++++++++-
 4 files changed, 71 insertions(+), 8 deletions(-)

diff --git a/Panel/modules/litefm/fm_dir.php b/Panel/modules/litefm/fm_dir.php
index 4b48847a..b10b9ab8 100644
--- a/Panel/modules/litefm/fm_dir.php
+++ b/Panel/modules/litefm/fm_dir.php
@@ -68,12 +68,32 @@ function exec_ogp_module()
 	if (!isset($_SESSION[$cwd_session_key]) || !is_string($_SESSION[$cwd_session_key])) {
 		$_SESSION[$cwd_session_key] = '';
 	}
+	
+	// Validate cached path and recover from bad cached paths
 	$path = litefm_safe_join_home_path($home_cfg['home_path'], $_SESSION[$cwd_session_key]);
 	if ($path === false)
 	{
-		print_failure(get_lang("unallowed_char"));
-		echo "<table class='center'><tr><td><a href='?m=gamemanager&amp;p=game_monitor&amp;home_id=".$home_cfg['home_id']."'><< ".get_lang('back')."</a></td></tr></table>";
-		return;
+		// If we had a cached path and it's invalid, reset it and try again with root
+		if ($_SESSION[$cwd_session_key] !== '')
+		{
+			print_success("Invalid saved path was reset to the server root.");
+			$_SESSION[$cwd_session_key] = '';
+			$path = litefm_safe_join_home_path($home_cfg['home_path'], '');
+			// If even root is invalid, that's a real error
+			if ($path === false)
+			{
+				print_failure("Could not access server home directory");
+				echo "<table class='center'><tr><td><a href='?m=gamemanager&amp;p=game_monitor&amp;home_id=".$home_cfg['home_id']."'><< ".get_lang('back')."</a></td></tr></table>";
+				return;
+			}
+		}
+		else
+		{
+			// Empty path but still invalid - real error
+			print_failure(get_lang("unallowed_char"));
+			echo "<table class='center'><tr><td><a href='?m=gamemanager&amp;p=game_monitor&amp;home_id=".$home_cfg['home_id']."'><< ".get_lang('back')."</a></td></tr></table>";
+			return;
+		}
 	}
 
 	$home_root = clean_path($home_cfg['home_path']);
diff --git a/Panel/modules/litefm/fm_read.php b/Panel/modules/litefm/fm_read.php
index b028b530..74f3c5cc 100644
--- a/Panel/modules/litefm/fm_read.php
+++ b/Panel/modules/litefm/fm_read.php
@@ -60,7 +60,19 @@ function exec_ogp_module()
 	if (litefm_check($home_id) === FALSE)
 		return;
 	
-	$show_path = litefm_display_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
+	// Validate and recover from bad cached paths
+	$cwd_session_key = 'fm_cwd_' . $home_id;
+	if (isset($_SESSION[$cwd_session_key]) && $_SESSION[$cwd_session_key] !== '')
+	{
+		$testPath = litefm_safe_join_home_path($home_cfg['home_path'], $_SESSION[$cwd_session_key]);
+		if ($testPath === false)
+		{
+			print_success("Invalid saved path was reset to the server root.");
+			$_SESSION[$cwd_session_key] = '';
+		}
+	}
+	
+	$show_path = litefm_display_home_path($home_cfg['home_path'], isset($_SESSION[$cwd_session_key]) ? $_SESSION[$cwd_session_key] : '');
 	if ($show_path === false)
 		$show_path = clean_path($home_cfg['home_path']);
 	echo "<table class='center' style='width:100%;'>".show_back($home_id)."</table>";
@@ -70,7 +82,7 @@ function exec_ogp_module()
 	//Logic to open the file we're editing
 	$remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']);
 	$data = "";
-	$rel_path = isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id]:'';
+	$rel_path = isset($_SESSION[$cwd_session_key]) ? $_SESSION[$cwd_session_key]:'';
 	$filepath = litefm_safe_join_home_path($home_cfg['home_path'], $rel_path);
 	if ($filepath === false)
 	{
diff --git a/Panel/modules/litefm/fm_write.php b/Panel/modules/litefm/fm_write.php
index 9bbd5668..fe27bfea 100644
--- a/Panel/modules/litefm/fm_write.php
+++ b/Panel/modules/litefm/fm_write.php
@@ -55,12 +55,26 @@ function exec_ogp_module()
 		return;
 	}
 
+	$home_id = $home_cfg['home_id'];
+	
+	// Validate and recover from bad cached paths early
+	$cwd_session_key = 'fm_cwd_' . $home_id;
+	if (isset($_SESSION[$cwd_session_key]) && $_SESSION[$cwd_session_key] !== '')
+	{
+		$testPath = litefm_safe_join_home_path($home_cfg['home_path'], $_SESSION[$cwd_session_key]);
+		if ($testPath === false)
+		{
+			print_success("Invalid saved path was reset to the server root.");
+			$_SESSION[$cwd_session_key] = '';
+		}
+	}
+	
 	if ( isset($_REQUEST['save_file']) )
 	{
 		$_REQUEST['file_content'] = strip_real_escape_string($_REQUEST['file_content']);
 
 		$remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']);
-		$target_path = litefm_safe_join_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '');
+		$target_path = litefm_safe_join_home_path($home_cfg['home_path'], isset($_SESSION[$cwd_session_key]) ? $_SESSION[$cwd_session_key] : '');
 		if ($target_path === false)
 		{
 			print_failure(get_lang('unallowed_char'));
@@ -70,7 +84,7 @@ function exec_ogp_module()
 		if ( $file_info === 1 )
 		{
 			print_success(get_lang('wrote_changes'));
-			$db->logger(get_lang('wrote_changes')." ( ".$home_cfg['home_name']." - ".litefm_display_home_path($home_cfg['home_path'], isset($_SESSION['fm_cwd_'.$home_id]) ? $_SESSION['fm_cwd_'.$home_id] : '')." )");
+			$db->logger(get_lang('wrote_changes')." ( ".$home_cfg['home_name']." - ".litefm_display_home_path($home_cfg['home_path'], isset($_SESSION[$cwd_session_key]) ? $_SESSION[$cwd_session_key] : '')." )");
 		}
 		else if ( $file_info === 0 )
 			print_failure(get_lang('failed_write'));
diff --git a/Panel/modules/litefm/get_file.php b/Panel/modules/litefm/get_file.php
index b5aadf4e..79eb2e8d 100644
--- a/Panel/modules/litefm/get_file.php
+++ b/Panel/modules/litefm/get_file.php
@@ -45,6 +45,17 @@ function exec_ogp_module()
 	if ( preg_match("/f/",$home_cfg['access_rights']) != 1 )
 		return;
 	
+	// Validate and recover from bad cached paths early
+	$cwd_session_key = 'fm_cwd_' . $home_id;
+	if (isset($_SESSION[$cwd_session_key]) && $_SESSION[$cwd_session_key] !== '')
+	{
+		$testPath = litefm_safe_join_home_path($home_cfg['home_path'], $_SESSION[$cwd_session_key]);
+		if ($testPath === false)
+		{
+			$_SESSION[$cwd_session_key] = '';
+		}
+	}
+	
 	$downloads_folder = "modules/litefm/downloads";
 	
 	if(isset($_GET['remove_did']))
@@ -82,7 +93,13 @@ function exec_ogp_module()
 	set_time_limit(0);
 	$remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']);
 	$fp = fopen("$downloads_folder/$did", "w");
-	$_SESSION['download'][$did]['offset'] = $remote->remote_get_file_part($home_cfg['home_path']."/".$_SESSION['download'][$did]['fileph'], $_SESSION['download'][$did]['offset'], $data);
+	$filePath = litefm_safe_join_home_path($home_cfg['home_path'], isset($_SESSION['download'][$did]['fileph']) ? $_SESSION['download'][$did]['fileph'] : '');
+	if ($filePath === false)
+	{
+		print_failure("Invalid file path");
+		return;
+	}
+	$_SESSION['download'][$did]['offset'] = $remote->remote_get_file_part($filePath, $_SESSION['download'][$did]['offset'], $data);
 	if($_SESSION['download'][$did]['offset'] != -1)
 		fwrite($fp,$data);
 	fclose($fp);