Allow admins to mkdir rmdir
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Mon, 27 Feb 2017 14:23:53 +0000 (03:23 +1300)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 9 Mar 2017 18:06:30 +0000 (18:06 +0000)
css/squasher.css
squasher.php
templates/index.tpl

index fcf96bf13b1bcd785b0768d98e548cf27fa3a40b..82fc6208706840343d9155ee754a41e925250038 100644 (file)
@@ -68,6 +68,20 @@ body {
        border-color:#E2EBD8;
 }
 
+.menu a.tool {
+       background:inherit;
+       border:inherit;
+       text-decoration:underline;
+       color:inherit;
+       margin-left: 40px;
+       font-size: 12px;
+       padding-top: 5px;
+       padding-bottom: 1px;
+}
+.menu a.tool:hover {
+       color:#FF6600;
+}
+
 /* main content container */
 .content {
        clear:left;
index eaa1b543b2a90d2c935f011aace7289d6a5c7a81..61d350dae4546a43ef27d04662025c62d5b271b1 100644 (file)
@@ -104,6 +104,31 @@ if (@$_GET['f']) {
                $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
        }
+
+} elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
+       $path = $_GET['path'];
+       $newname = $_POST['newname'];
+       $subs = explode('/', $path);
+       if (in_array('..', $subs))
+               die(); // Hard fails when trying to play above basedir
+       if ($squashweb->got_rights_array_admin($path) > 0) {
+               umask(002); // don't remove g+w
+               mkdir($basedir.'/'.$path.'/'.$newname);
+       }
+       header( 'Location: ?path='.$path.'/'.$newname) ;
+       
+} elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
+       $path = $_GET['path'];
+       $subs = explode('/', $path);
+       if (in_array('..', $subs))
+               die(); // Hard fails when trying to play above basedir
+       if ($squashweb->got_rights_array_admin($path) > 0) {
+               rmdir($basedir.$path);
+       }
+       array_pop($subs);
+       $path=implode("/", $subs);
+       header( 'Location: ?path='.$path) ;
+       
 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
 
        require_once(SQUASHER_SMARTY);
index 51afa03210e68ed1fb20e07487a3186c000ff227..cd5e8c7be4b7a12db56aa18d2babe7b0b12daf0e 100644 (file)
      aSelect.options[i].selected = true;
     }
    }
+   function deleteFolder(foldername) {
+    if (!confirm('Are you sure you want to delete folder '+foldername+' ?'))
+     return;
+    document.rmdir.submit();
+   }
+   function deleteFolderNotEmpty(foldername) {
+    alert(foldername+' in not empty. Please empty it first');
+   }
+   function createFolder() {
+    var folder = prompt("New folder name");
+    if (folder == null)
+     return; // canceled
+    if (folder.indexOf('/')>=0 || folder=='.' || folder=='..') {
+     // detect the most common errors
+     alert('Invalid name');
+     return;
+    }
+    document.mkdir.newname.value = folder;
+    document.mkdir.submit();
+   }
 {/literal}</script>
 </head>
 <body>
                        <div class="menuhead">current folder</div>
        
                        {foreach item=crumb key=cookie from=$base}<a href="?path={$cookie|escape:'url'}">{$crumb|escape}</a>{/foreach}
-       
+
+                       {if $user_level > 99 AND count($base)>1 }
+                               <form name=rmdir method=post>
+                               <input type=hidden name=tools value=rmdir>
+                               <a href="javascript:deleteFolder{if count($squashed)>0 || count($subfolders)>0}NotEmpty{/if}('{$currentfolder|escape:'javascript'|escape}');" class=tool>delete this folder</a>
+                               </form>
+                       {/if}
+
                </div>
        
                <div class="menu">
-       
+
                        <div class="menuhead">subfolders</div>
-       
+
                        {foreach item=folder key=folderpath from=$subfolders}<a href="?path={$folderpath|escape:'url'}">{$folder|escape}</a>{/foreach}
-       
+
+                       {if $user_level > 99}
+                               <form name=mkdir method=post>
+                               <input type=hidden name=tools value=mkdir>
+                               <input type=hidden name=newname>
+                               <a href="javascript:createFolder();" class=tool>new subfolder</a>
+                               </form>
+                       {/if}
+
                </div>
-       
+
        </div>
        
        <div class="content">