Use an absolute upload dir that can be configured
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 9 Mar 2017 16:30:58 +0000 (16:30 +0000)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 9 Mar 2017 18:06:31 +0000 (18:06 +0000)
We do not want to see any ../ in paths. Ever.

README
config.php.example
templates/logs.tpl
webroot/squasher.class.php
webroot/squasher.php

diff --git a/README b/README
index d56f88c0f128a7c0aea8d264f0691221de2b8546..cd72132953ea36ba1c1dad77c3cb6a2810241c8a 100644 (file)
--- a/README
+++ b/README
@@ -30,7 +30,8 @@ and put these directories in config.php
 
 = Uploads directory
 
-Right now, in webroot/*php, the uploads directory is hardcoded to ../uploads. So you should create a symlink here to uploads.
-```
-ln -s /var/www/uploads .
-```
+This is where your files fragments get.
+
+This folder needs to be writable by both the ftp server and by php. Php will use umask 002 to ensure g+w mode is kept.
+
+You can change the location in config.php
index 97e62e0a3180f741508ed6a5e8aa408860bef3ab..66fa3c63afb813af2f91aedeaa47118d4edfd2c5 100644 (file)
@@ -5,6 +5,11 @@ DEFINE('SQUASHER_DB_USER', 'squasher'); // Username for the database
 DEFINE('SQUASHER_DB_PASSWORD', 'squasher'); // Password for the database
 DEFINE('SQUASHER_DB_DATABASE', 'squasher'); // Mysql database name
 
+// Location of the uploaded files
+// Do NOT add a final slash:
+// The tree there must be writable by php. Use chmod g+sw or similar
+DEFINE('SQUASHER_UPLOADS_DIR', '/var/www/uploads');
+
 // Location of the smarty php library
 // Use 'smarty/Smarty.class.php' for relative directory 'smarty/'
 // Use 'smarty3/Smarty.class.php' if you installed package smarty3
index 589f146d872682432cb43358ef4e581c36e77370..290d30d80c9292a01ca7fe8b2dce8e98ad64314a 100644 (file)
@@ -27,7 +27,7 @@
                <td>{$entry.user_name|escape}
                <td title="{$entry.users_from_ip|escape}">{$entry.ip|escape}
                <td>{$entry.action|escape}
-               <td title="{$entry.file|substr:10|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}">{$entry.file|substr:10:64|escape}
+               <td title="{$entry.file|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}">{$entry.file|truncate:64|escape}
        {foreachelse}
        <tr class="logentry_empty">
                <td colspan=3><hr>
index 3931bfe5bbd3c0e195efbf61c4b9d2ffbfbd2b59..35555434151026f2d21190cf469a8791cb74518c 100644 (file)
@@ -56,7 +56,6 @@ function get_smarty() {
 
 class squashweb {
 
-var $basepath;
 var $configs = array();
 var $files = array();
 var $subfolders = array();
@@ -64,10 +63,6 @@ var $folderrights;
 var $userrights;
 var $history = array();
 
-function set_root($root) {
-       $this->basepath = $root;
-}
-
 function get_configs() {
        return $this->configs;
 }
@@ -310,7 +305,7 @@ function show_rights_tree($path, $depth=0, $userid=0) {
 
        for ($i=0; $i<$depth; $i++)
                $layout .= " ";
-       if ($dir = opendir($path)) {
+       if ($dir = opendir(SQUASHER_UPLOADS_DIR.$path)) {
                $layout .= "<div style='clear:both;' >\n";
                $f = 0;
                while (false !== ($file = readdir($dir))) {
@@ -320,11 +315,10 @@ function show_rights_tree($path, $depth=0, $userid=0) {
                foreach ($files_array as $f_index => $file) {
                        if (($file{0} !== ".") && ($file !== ".."))
                        {
-                               $filename = $path."/".$file;
-                               if (!is_file($filename) && $this->got_rights_array($filename) > 0) {
+                               $filename = $path=='/' ? $path.$file : $path.'/'.$file;
+                               if (!is_file(SQUASHER_UPLOADS_DIR.$filename) && $this->got_rights_array($filename) > 0) {
                                        $f++;
-                                       if (substr($filename,0,strlen($this->basepath))==$this->basepath)
-                                               $name = substr($filename,strlen($this->basepath));
+                                       $name = $filename;
                                        $check = $this->got_rights_array_admin($filename, $this->userrights);
                                        $check_all = '';
                                        $check_allow = '';
@@ -377,8 +371,6 @@ function got_rights_array($needle, $haystack='', $c=0) {
 
        if (!is_array($haystack))
                $haystack = $this->folderrights;
-       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
-               $needle=substr($needle,strlen($this->basepath));
 
        // check root rights
        if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
@@ -412,8 +404,6 @@ function got_rights_array_admin($needle, $haystack='', $c=0) {
 
        if (!is_array($haystack))
                $haystack = $this->folderrights;
-       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
-               $needle = substr($needle, strlen($this->basepath));
 
        // check root rights
        if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
@@ -447,8 +437,6 @@ function got_rights_array_recursive($needle, $haystack='', $c=0) {
 
        if (!is_array($haystack))
                $haystack = $this->folderrights;
-       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
-               $needle=substr($needle, strlen($this->basepath));
 
        // check root rights
        if($needle{0}=='/' && @$haystack['__access__'] == 2 )
@@ -497,30 +485,23 @@ function in_array_recursive($haystack) {
 }
 
 function read_single_file($path, $file) {
-       $filename = $path."/".$file;
+       $filename = $path=='/' ? $path.$file : $path.'/'.$file;
+       $fsfilename = SQUASHER_UPLOADS_DIR.$filename; // name on the file system
        $i = 0;
        if ($this->got_rights_array($path) > 0) {
-               if (is_file($filename.'.Completed'))
-                       $file.='.Completed';
-               if (is_file($filename.'.InProgress'))
-                       $file.='.InProgress';
-               if (is_file($filename.'.Starting'))
-                       $file.='.Starting';
-               if (is_file($filename.'.Processed'))
-                       $file.='.Processed';
-               $filename = $path . "/" . $file;
-               $handle = @fopen($filename, "rb");
-               if (strpos($file,'.Completed'))
+               if (is_file($fsfilename.'.Completed'))
                        $ext='.Completed';
-               if (strpos($file,'.InProgress'))
+               if (is_file($fsfilename.'.InProgress'))
                        $ext='.InProgress';
-               if (strpos($file,'.Starting'))
+               if (is_file($fsfilename.'.Starting'))
                        $ext='.Starting';
-               if (strpos($file,'.Processed'))
+               if (is_file($fsfilename.'.Processed'))
                        $ext='.Processed';
+               $fsfilename .= $ext;
+               $handle = @fopen($fsfilename, "rb");
                $sub_pos = strpos($file, $ext);
                $base_name = substr($file, 0, $sub_pos);
-               $filecontent = @fread($handle, @filesize($filename));
+               $filecontent = @fread($handle, @filesize($fsfilename));
                $config[$i] = explode("\r\n", $filecontent);
                /***
                *       $config:: array
@@ -532,17 +513,17 @@ function read_single_file($path, $file) {
                *       [5]     ->      chunkcount
                *       [6]     ->      CRC32 checksum
                ***/
-               if (@filesize($filename) > 0) {
+               if (@filesize($fsfilename) > 0) {
                        $h = md5($path."/".$config[$i][2]);
                        $this->configs[$h] = $config[$i];
                        $this->configs[$h]['squashed'] = true;
                        $this->configs[$h]['path'] = $path;
                        $this->configs[$h]['status'] = substr($ext, 1);
                        $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
-                       $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
+                       $this->configs[$h]['hidden'] = is_file(SQUASHER_UPLOADS_DIR.$path.'/'.$base_name.'.hidden');
                        //to prevent dates of 1-1-1970 we set te dates of the config file
-                       $this->configs[$h]['added'] = filectime($filename);
-                       $this->configs[$h]['lastchange'] = filemtime($filename);
+                       $this->configs[$h]['added'] = filectime($fsfilename);
+                       $this->configs[$h]['lastchange'] = filemtime($fsfilename);
                        fclose($handle);
                        $this->populate_stats($path, $h);
                        //insert hash in db
@@ -555,94 +536,100 @@ function read_single_file($path, $file) {
 
 
 function read_directory($path, $getsubs=false, $getfirstfiles=true, $getdeepfiles=true, $populate=true) {
-
-       if ($dir = @opendir($path)) {
-               $i = 0;
-               $last = 1;
-               while (false !== ($file = readdir($dir))) {
-                       if (($file{0} !== ".") && substr($file,0,1) !== "SQ") {
-                               $filename = $path."/".$file;
-                               if (!is_file($filename) && strpos($filename, './uploads/recieving')===false) {
-                                       if ($getsubs) {
-                                               if ($this->got_rights_array_recursive($filename) > 0) {
-                                                       $key = substr($path, strlen($this->basepath)) . '/' . $file;
-                                                       $this->subfolders[$key] = $file;
-                                               }
-                                       }
-                                       if ($getdeepfiles)
-                                               $this->read_directory($filename, false, $getdeepfiles, $getdeepfiles, $populate);
-                               } elseif (strpos($filename,'./uploads/ftp')) { //ftp files
-                                       if ($this->got_rights_array($path) > 0 && !strpos($filename, '.hidden') ) {
-                                               $h = md5($filename);
-                                               $name_only = substr($filename, strlen($path)+1);
-                                               $file_structure = explode('.', $name_only);
-                                               $ext = array_pop($file_structure);
-                                               $base_name = array_pop($file_structure);
+       $fsdir = $path=='/' ? SQUASHER_UPLOADS_DIR : SQUASHER_UPLOADS_DIR.$path;
+       $hdir = @opendir(SQUASHER_UPLOADS_DIR.$path);
+       if (!$hdir)
+               return;
+       $i = 0;
+       while (false !== ($file = readdir($hdir))) {
+               if ($file{0} == "." || substr($file,0,2) == "SQ")
+                       continue;       // skip this file
+               $filename = $path=='/' ? $path.$file : $path.'/'.$file;
+               $fsfilename = SQUASHER_UPLOADS_DIR.$filename; // name on the file system
+               if (!is_file($fsfilename) && strpos($filename, '/recieving/')!==0) {
+                       if ($getsubs) {
+                               if ($this->got_rights_array_recursive($filename) > 0) {
+                                       $key = $path;
+                                       if ($key != '/')
+                                               $key .=  '/';
+                                       $key .= $file;
+                                       $this->subfolders[$key] = $file;
+                               }
+                       }
+                       if ($getdeepfiles)
+                               $this->read_directory($filename, false, $getdeepfiles, $getdeepfiles, $populate);
+               } elseif (strpos($filename,'/ftp/')===0) {
+                       //ftp files
+                       if ($this->got_rights_array($path) > 0 && !strpos($filename, '.hidden') ) {
+                               $h = md5($filename);
+                               $name_only = substr($filename, strlen($path)+1); // this is $file
+                               $file_structure = explode('.', $name_only); // array of dot separated name fragment
+                               $ext = array_pop($file_structure); // extension
+                               $base_name = array_pop($file_structure); // (erk)
+                               $this->configs[$h]['path'] = $path;
+                               $this->configs[$h][0] = 'manual ftp';
+                               $this->configs[$h][2] = $name_only;
+                               $this->configs[$h][3] = filesize($fsfilename);
+                               $this->configs[$h]['added'] = filectime($fsfilename);
+                               $this->configs[$h]['lastchange'] = filemtime($fsfilename);
+                               $this->configs[$h]['status'] = 'unknown';
+                               $this->configs[$h]['squashed'] = false;
+                               $this->configs[$h]['mime'] = $this->set_mime($name_only);
+                               $this->configs[$h]['hidden'] = is_file(SQUASHER_UPLOADS_DIR.$path.'/'.$base_name.'.hidden');
+                       }
+               } elseif ($getfirstfiles) {
+                       //squashed files
+                       if ($this->got_rights_array($path) > 0) {
+                               if (strpos($filename, '.Completed') || strpos($filename, '.InProgress') || strpos($filename, '.Starting') || strpos($filename, '.Processed')) {
+                                       $i++;
+                                       $handle = @fopen($fsfilename, "rb");
+                                       if (strpos($file,'.Completed'))
+                                               $ext='.Completed';
+                                       if (strpos($file,'.InProgress'))
+                                               $ext='.InProgress';
+                                       if (strpos($file,'.Starting'))
+                                               $ext='.Starting';
+                                       if (strpos($file,'.Processed'))
+                                               $ext='.Processed';
+                                       $sub_pos = strpos($file, $ext);
+                                       $base_name = substr($file, 0, $sub_pos);
+                                       $filecontent = @fread($handle, @filesize($fsfilename));
+                                       $config[$i] = explode("\r\n", $filecontent);
+
+                                       /***
+                                       *       $config:: array
+                                       *       [0]     ->      versioncode
+                                       *       [1]     ->      date&time
+                                       *       [2]     ->      filename
+                                       *       [3]     ->      filesize
+                                       *       [4]     ->      chunksize
+                                       *       [5]     ->      chunkcount
+                                       *       [6]     ->      CRC32 checksum
+                                       ***/
+
+                                       if (@filesize($fsfilename) > 0) {
+                                               $h = md5($path."/".$config[$i][2]);
+                                               $this->configs[$h] = $config[$i];
+                                               $this->configs[$h]['squashed'] = true;
                                                $this->configs[$h]['path'] = $path;
-                                               $this->configs[$h][0] = 'manual ftp';
-                                               $this->configs[$h][2] = $name_only;
-                                               $this->configs[$h][3] = filesize($filename);
-                                               $this->configs[$h]['added'] = filectime($filename);
-                                               $this->configs[$h]['lastchange'] = filemtime($filename);
-                                               $this->configs[$h]['status'] = 'unknown';
-                                               $this->configs[$h]['squashed'] = false;
-                                               $this->configs[$h]['mime'] = $this->set_mime($name_only);
-                                               $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
-                                       }
-                               } elseif ($getfirstfiles) {
-                                       //squashed files
-                                       if ($this->got_rights_array($path) > 0) {
-                                               if (strpos($filename, '.Completed') || strpos($filename, '.InProgress') || strpos($filename, '.Starting') || strpos($filename, '.Processed')) {
-                                                       $i++;
-                                                       $handle = @fopen($filename, "rb");
-                                                       if (strpos($file,'.Completed'))
-                                                               $ext='.Completed';
-                                                       if (strpos($file,'.InProgress'))
-                                                               $ext='.InProgress';
-                                                       if (strpos($file,'.Starting'))
-                                                               $ext='.Starting';
-                                                       if (strpos($file,'.Processed'))
-                                                               $ext='.Processed';
-                                                       $sub_pos = strpos($file, $ext);
-                                                       $base_name = substr($file, 0, $sub_pos);
-                                                       $filecontent = @fread($handle, @filesize($filename));
-                                                       $config[$i] = explode("\r\n", $filecontent);
-
-                                                       /***
-                                                       *       $config:: array
-                                                       *       [0]     ->      versioncode
-                                                       *       [1]     ->      date&time
-                                                       *       [2]     ->      filename
-                                                       *       [3]     ->      filesize
-                                                       *       [4]     ->      chunksize
-                                                       *       [5]     ->      chunkcount
-                                                       *       [6]     ->      CRC32 checksum
-                                                       ***/
-
-                                                       if (@filesize($filename) > 0) {
-                                                               $h = md5($path."/".$config[$i][2]);
-                                                               $this->configs[$h] = $config[$i];
-                                                               $this->configs[$h]['squashed'] = true;
-                                                               $this->configs[$h]['path'] = $path;
-                                                               $this->configs[$h]['status'] = substr($ext, 1);
-                                                               $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
-                                                               $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
-                                                               //to prevent dates of 1-1-1970 we set te dates of the config file
-                                                               $this->configs[$h]['added'] = filectime($filename);
-                                                               $this->configs[$h]['lastchange'] = filemtime($filename);
-                                                               fclose($handle);
-                                                               $this->populate_stats($path, $h);
-                                                               //insert hash in db
-                                                               $this->update_hash($h, $path."/".$config[$i][2]);
-                                                               //check stats
-                                                               $this->check_stats($h);
-                                                       }
-                                               }
+                                               $this->configs[$h]['status'] = substr($ext, 1);
+                                               $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
+                                               $this->configs[$h]['hidden'] = is_file(SQUASHER_UPLOADS_DIR.$path.'/'.$base_name.'.hidden');
+                                               //to prevent dates of 1-1-1970 we set te dates of the config file
+                                               $this->configs[$h]['added'] = filectime($fsfilename);
+                                               $this->configs[$h]['lastchange'] = filemtime($fsfilename);
+                                               fclose($handle);
+                                               $this->populate_stats($path, $h);
+                                               //insert hash in db
+                                               $this->update_hash($h, $path."/".$config[$i][2]);
+                                               //check stats
+                                               $this->check_stats($h);
                                        }
                                }
                        }
                }
        }
+       closedir($hdir);
 }
 
 function check_stats($h) {
@@ -652,7 +639,7 @@ function check_stats($h) {
                $filepath=$config['path'].'/'.$config[2];
                if ($this->history[$h]['completed']=="1") {
                        //don't display broken file, remove it instead
-                       unlink($config['path'].'/'.$config[2].'.Completed');
+                       unlink(SQUASHER_UPLOADS_DIR.$config['path'].'/'.$config[2].'.Completed');
                        unset($this->configs[$h]);
 
                        if (!$count)
@@ -664,7 +651,8 @@ function check_stats($h) {
                        mysql_query($qlog);
                } else {
                        //do move
-                       rename($config['path'].'/'.$config[2].'.Completed', $config['path'].'/'.$config[2].'.InProgress');
+                       rename(SQUASHER_UPLOADS_DIR.$config['path'].'/'.$config[2].'.Completed',
+                              SQUASHER_UPLOADS_DIR.$config['path'].'/'.$config[2].'.InProgress');
                        $this->configs[$h]['status'] = 'InProgress';
 
                        //mail n4m
@@ -704,6 +692,8 @@ function update_hash($hash, $path) {
        }
 }
 
+/* unused function */
+/*
 function path_to_arraystring($path, $arrayname) {
        $path_values = explode('/', $path);
        $return = $arrayname;
@@ -712,7 +702,7 @@ function path_to_arraystring($path, $arrayname) {
                        $return.= "['".$value."']";
        }
        return $return;
-}
+} */
 
 function populate_stats($path, $h) {
        /***
@@ -734,15 +724,15 @@ function populate_stats($path, $h) {
 
        if ($this->history[$h]['completed']=="1") {
                $file_part = $path."/SQ".zfill(1,6)."-".$config[2];
-               if (!is_file($file_part))
+               if (!is_file(SQUASHER_UPLOADS_DIR.$file_part))
                        $file_part = $path."/SQ".zfill(1,3)."-".$config[2];
-               if (is_file($file_part)) {
-                       $this->configs[$h]['added'] = filectime($file_part);
+               if (is_file(SQUASHER_UPLOADS_DIR.$file_part)) {
+                       $this->configs[$h]['added'] = filectime(SQUASHER_UPLOADS_DIR.$file_part);
                        $file_part = $path."/SQ".zfill($config[5],6)."-".$config[2];
-                       if (!is_file($file_part))
+                       if (!is_file(SQUASHER_UPLOADS_DIR.$file_part))
                                $file_part = $path."/SQ".zfill($config[5],3)."-".$config[2];
-                       if (is_file($file_part))
-                               $this->configs[$h]['lastchange'] = filemtime($file_part);
+                       if (is_file(SQUASHER_UPLOADS_DIR.$file_part))
+                               $this->configs[$h]['lastchange'] = filemtime(SQUASHER_UPLOADS_DIR.$file_part);
                        for ($i=1; $i<=$config[5]; $i++)
                                $this->configs[$h]['stats'][$i] = "1.00";
                } else {
@@ -756,13 +746,13 @@ function populate_stats($path, $h) {
                                $this->configs[$h]['stats'][$i]="1.00";
                        } else {
                                $file_part = $path."/SQ".zfill($i,6)."-".$config[2];
-                               if (!is_file($file_part))
+                               if (!is_file(SQUASHER_UPLOADS_DIR.$file_part))
                                        $file_part = $path."/SQ".zfill($i,3)."-".$config[2];
-                               if (is_file($file_part)) {
-                                       $handle = fopen($file_part, "rb");
-                                       $size_this = filesize($file_part);
-                                       $added = filectime($file_part);
-                                       $last_changed = filemtime($file_part);
+                               if (is_file(SQUASHER_UPLOADS_DIR.$file_part)) {
+                                       $handle = fopen(SQUASHER_UPLOADS_DIR.$file_part, "rb");
+                                       $size_this = filesize(SQUASHER_UPLOADS_DIR.$file_part);
+                                       $added = filectime(SQUASHER_UPLOADS_DIR.$file_part);
+                                       $last_changed = filemtime(SQUASHER_UPLOADS_DIR.$file_part);
                                        if ($this->configs[$h]['added'] > $added || !is_numeric($this->configs[$h]['added']))
                                                $this->configs[$h]['added'] = $added;
                                        if ($this->configs[$h]['lastchange'] < $last_changed)
@@ -791,6 +781,8 @@ function populate_stats($path, $h) {
        }
 }
 
+
+/* unused function
 function read_config($path, $filename) {
        if (is_file($path."/".$filename.".InProgress")) {
                $config_handle = fopen($path."/".$filename.".InProgress", "r");
@@ -812,6 +804,8 @@ function read_config($path, $filename) {
        $config = explode("\n", $config_content);
 
        return $config;
+}
+*/
 //             print_r($config);
 /*             $file_count = $config[5];
                $last=1;
@@ -833,13 +827,19 @@ function read_config($path, $filename) {
      }
      return $merged_file;
      */
-}
 
+/**
+ * Outputs one file (echo)
+ * @param string $path Absolute path within SQUASHER_UPLOADS_DIR
+ * @param string $filename File name in $path
+ * @param bool $tovar Returns content rather than outputing it
+ * @return file content if $tovar; or void
+ */
 function print_files($path, $filename, $tovar=false) {
-       if (strpos($path, './uploads/ftp')) {
-               $filestring = $path.'/'.$filename;
-               if (is_file($filestring)) {
-                       $handle = fopen($filestring, "rb");
+       $fsfilename = SQUASHER_UPLOADS_DIR.$path.'/'.$filename;
+       if (strpos($path.'/', '/ftp/')===0) {
+               if (is_file($fsfilename)) {
+                       $handle = fopen($fsfilename, 'rb');
                        while (!feof($handle))
                        {
                                print(fread($handle, 1024));
@@ -848,21 +848,17 @@ function print_files($path, $filename, $tovar=false) {
                        }
                }
        } else {
-               if (is_file($path."/".$filename.".InProgress")) {
-                       $config_handle = fopen($path."/".$filename.".InProgress", "r");
-                       $conf_path=$path."/".$filename.".InProgress";
-               } elseif (is_file($path."/".$filename.".Completed" )) {
-                       $config_handle = fopen($path."/".$filename.".Completed", "r");
-                       $conf_path=$path."/".$filename.".Completed";
-               } elseif (is_file($path."/".$filename.".Starting" )) {
-                       $config_handle = fopen($path."/".$filename.".Starting", "r");
-                       $conf_path=$path."/".$filename.".Starting";
-               } elseif (is_file($path."/".$filename.".Processed" )) {
-                       $config_handle = fopen($path."/".$filename.".Processed", "r");
-                       $conf_path=$path."/".$filename.".Processed";
-               } else{
-                       return "Not Found";
-               }
+               if (is_file($fsfilename.'.InProgress'))
+                       $conf_path = $fsfilename.'.InProgress';
+               elseif (is_file($fsfilename.'.Completed' ))
+                       $conf_path = $fsfilename.'.Completed';
+               elseif (is_file($fsfilename.'.Starting' ))
+                       $conf_path = $fsfilename.'.Starting';
+               elseif (is_file($fsfilename.'.Processed' ))
+                       $conf_path = $fsfilename.'.Processed';
+               else
+                       return 'Not Found';
+               $config_handle = fopen($conf_path, 'r');
                $config_content = fread($config_handle, filesize($conf_path));
                fclose($config_handle);
                $config = explode("\n",$config_content);
@@ -872,7 +868,7 @@ function print_files($path, $filename, $tovar=false) {
                $last_part_size = ( $config[3] - ( ( $config[5] -1 ) * $config[4] ) );
                for ($i=0;$i<=$file_count;$i++)
                {
-                       $file_part = $path."/SQ".zfill($i,6)."-".$filename;
+                       $file_part = SQUASHER_UPLOADS_DIR.$path."/SQ".zfill($i,6)."-".$filename;
                        if (!is_file($file_part))
                                $file_part = $path."/SQ".zfill($i,3)."-".$filename;
                        if (is_file($file_part))
@@ -901,6 +897,8 @@ function print_files($path, $filename, $tovar=false) {
        }
 }
 
+/* unused function */
+/*
 function check_md5($h) {
        $return = false;
        $config = $this->configs[$h];
@@ -910,47 +908,64 @@ function check_md5($h) {
                $return=true;
 
        return $return;
-}
+} */
 
+/* unused function */
+/*
 function file_crc($file_string) {
        //$file_string = file_get_contents($file);
 
        $crc = crc32($file_string);
        return sprintf("%u\n", $crc);
-}
+} */
 
+/* unused function */
+/*
 function file_crc_debug($file) {
        $file_string = file_get_contents($file);
 
        $crc = crc32($file_string);
        return sprintf("%u\n", $crc);
-}
-
+} */
+
+/**
+ * Delete one file
+ *
+ * @param string $h Md5 hash of the file path, in lower case
+ * @param array $s Session credidentials
+ */
 function delete_file($h, $s) {
        $request = $this->get_config($h);
-       $filepath=$request['path'].'/'.$request[2];
-       if (strpos($request['path'], './uploads/ftp')) {
+       $filepath = $request['path'].'/'.$request[2];
+       if (strpos($request['path'], '/ftp/')===0) {
                #remove file
-               if (is_file($filepath))
-                       @unlink($filepath);
-               if (is_file($filepath.'.hidden'))
-                       @unlink($filepath.'.hidden');
+               $fsfilepath = SQUASHER_UPLOADS_DIR.$filepath;
+               if (is_file($fsfilepath))
+                       @unlink($fsfilepath);
+               if (is_file($fsfilepath.'.hidden'))
+                       @unlink($fsfilepath.'.hidden');
        } else {
+               $fspath = SQUASHER_UPLOADS_DIR.$request['path'];
                #remove fileparts
                for ($i=0;$i<=$request[5];$i++) {
-                       $part_six   = $request['path']."/SQ".zfill($i,6)."-".$request[2];
-                       $part_three = $request['path']."/SQ".zfill($i,3)."-".$request[2];
+                       $part_six   = $fspath.'/SQ'.zfill($i,6).'-'.$request[2];
+                       $part_three = $fspath.'/SQ'.zfill($i,3).'-'.$request[2];
                        if (is_file($part_six))
                                @unlink($part_six);
                        if (is_file($part_three))
-                               @unlink($part_six);
+                               @unlink($part_three);
                }
                #remove config file
-               if (is_file($request['path'].'/'.$request[2].'.hidden'))        @unlink($request['path'].'/'.$request[2].'.hidden');
-               if (is_file($request['path'].'/'.$request[2].'.Completed'))     @unlink($request['path'].'/'.$request[2].'.Completed');
-               if (is_file($request['path'].'/'.$request[2].'.InProgress'))@unlink($request['path'].'/'.$request[2].'.InProgress');
-               if (is_file($request['path'].'/'.$request[2].'.Processed'))     @unlink($request['path'].'/'.$request[2].'.Processed');
-               if (is_file($request['path'].'/'.$request[2].'.Starting'))      @unlink($request['path'].'/'.$request[2].'.Starting');
+               if (is_file($fspath.'/'.$request[2].'.hidden'))
+                       @unlink($fspath.'/'.$request[2].'.hidden');
+               if (is_file($fspath.'/'.$request[2].'.Completed'))
+                       @unlink($fspath.'/'.$request[2].'.Completed');
+               if (is_file($fspath.'/'.$request[2].'.InProgress'))
+                       @unlink($fspath.'/'.$request[2].'.InProgress');
+               if (is_file($fspath.'/'.$request[2].'.Processed'))
+                       @unlink($fspath.'/'.$request[2].'.Processed');
+               if (is_file($fspath.'/'.$request[2].'.Starting'))
+                       @unlink($fspath.'/'.$request[2].'.Starting');
        }
 
        #Update DB
@@ -999,6 +1014,14 @@ function show_files() {
 }
 */
 
+/**
+ * Get mime-type from filename
+ *
+ * Defaults to 'application/octet-stream'
+ *
+ * @param string $filename The filename with an extension
+ * @return string mime type
+ */
 function set_mime($filename) {
        $ext_arr = explode('.', $filename);
        $ext = strtolower(array_pop($ext_arr));
index 7bf49acfd3e28019b75ed2a489709a41178143e2..f8dcd58d4352829a7c30076a62f4d7636e2b12fb 100644 (file)
@@ -8,18 +8,11 @@ $squashweb = new squashweb();
 
 $squashweb->update_history();
 
-//set root directory
-$basedir = "../uploads";
-if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
-       $subf = $_GET['path'];
-       $path = $basedir . $subf;
-} else {
-       $subf = '/';
-       $path = $basedir;
+$requestpath = @$_GET['path'];
+if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
+       $requestpath = '/';
 }
 
-$squashweb->set_root($basedir);
-
 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
        $getdeepfiles=true;
        $populate=false;
@@ -54,7 +47,7 @@ if (@$_GET['f']) {
        #$squashweb->read_directory($path, false, true, false, false);
 } else {
        //parse folders for readable files
-       $squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
+       $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
 }
 
 //check if a file is requested
@@ -75,17 +68,17 @@ if (@$_GET['f']) {
 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
        if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
-               $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
+               $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
                fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
                fclose($handle);
-               $path=substr($request['path'], strlen($basedir));
+               $path=$request['path'];
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
        if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
-               @unlink($request['path'].'/'.$request[2].'.hidden');
-               $path=substr($request['path'], strlen($basedir));
+               @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
+               $path=$request['path'];
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
@@ -101,7 +94,7 @@ if (@$_GET['f']) {
                        $request = $squashweb->get_config($h);
                        $squashweb->delete_file($h, $_SESSION['creds']);
                }
-               $path=substr($request['path'], strlen($basedir));
+               $path=$request['path'];
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
        }
 
@@ -110,10 +103,10 @@ if (@$_GET['f']) {
        $newname = $_POST['newname'];
        $subs = explode('/', $path);
        if (in_array('..', $subs))
-               die(); // Hard fails when trying to play above basedir
+               die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
        if ($squashweb->got_rights_array_admin($path) > 0) {
                umask(002); // don't remove g+w
-               mkdir($basedir.'/'.$path.'/'.$newname);
+               mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
        }
        header( 'Location: ?path='.$path.'/'.$newname) ;
        
@@ -121,9 +114,9 @@ if (@$_GET['f']) {
        $path = $_GET['path'];
        $subs = explode('/', $path);
        if (in_array('..', $subs))
-               die(); // Hard fails when trying to play above basedir
+               die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
        if ($squashweb->got_rights_array_admin($path) > 0) {
-               rmdir($basedir.$path);
+               rmdir(SQUASHER_UPLOADS_DIR.$path);
        }
        array_pop($subs);
        $path=implode("/", $subs);
@@ -139,7 +132,7 @@ if (@$_GET['f']) {
 
        $smarty->assign('edited_user', @$_GET['user']);
 
-       $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
+       $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
 
        $smarty->assign('style', $tree['style']);
        $smarty->assign('layout', $tree['layout']);
@@ -205,11 +198,9 @@ if (@$_GET['f']) {
        ***/
 
        $configs_num = $squashweb->get_configs();
-
        $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
 
        $configs = array();
-       $paths = array();
 
        foreach ($configs_sorted as $key => $value) {
                $configs[$key]['squashed'] = $value['squashed'];
@@ -220,7 +211,6 @@ if (@$_GET['f']) {
                $configs[$key]['chunk_size'] = $value[4];
                $configs[$key]['chunks'] = $value[5];
                $configs[$key]['crc'] = $value[6];
-               $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
                (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
                (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
 
@@ -249,7 +239,7 @@ if (@$_GET['f']) {
        //set base folders
        $basepath['/'] = 'top';
        $bpath = '';
-       foreach (explode('/', $subf) as $key => $value) {
+       foreach (explode('/', $requestpath) as $key => $value) {
                if ($value != '') {
                        $bpath .= '/'.$value;
                        $basepath[$bpath] = $value;
@@ -261,9 +251,8 @@ if (@$_GET['f']) {
        $smarty->assign('folderrights', $squashweb->folderrights());
 
        $smarty->assign('squashed', $configs);
-       $smarty->assign('paths', $paths);
        $smarty->assign('base', $basepath);
-       $smarty->assign('currentfolder', $subf);
+       $smarty->assign('currentfolder', $requestpath);
        $subs = $squashweb->subfolders();
        if ($subs)
                asort($subs);